ntp offset with stratum 1 , when using stratum 2

Question

I was searching for a solution but didn't find clear answer.

In my company, all our servers are syncing time with one of our private ntp servers (which are stratum 3 if I'm correct).

These stratum 3 servers are of course configured to get time of some public NTP servers (stratum 2 if i'm correct)

because of some regulations related to our business, we need to constantly be sure that our client servers don't have big offset with the stratum 2 servers.

So we are monitoring that, but the offset our client servers are seeing are only the offset with our stratum 5 servers, is there something to do to get the offset with stratum 2 servers, even if it's configured to use internal stratum 3 servers? Note that our client servers don't have internet access and the goal is to stay like that.

I was wondering if there is something to do, on our client servers, to get the offset with stratum 2. by doing a calculation? (offset client srv + offset stratum 3?) any other possibilities?

I imagine this is a concern several company have, a solution should exist

thx a lot in advance

edit : I changed the stratum number that I wrote at the beginning, at my understanding was nto correct at this time

Answer 1

Root dispersion of 81 ms over the Internet is quite believable. The stratum 0 may be halfway around the world. Total error adds up over multiple hops.

Consider adding a NTP hardware appliance, with radio receivers and a decent oscillator. Your performance requirements justify the cost and inconvenience. Bonus, it doesn't require Internet to work, but keep your Internet sources too.

Answer 2

This is answered at Verify internal NTP server is sending the correct time?. Short summary:

1. Make sure you have a good configuration.

2. NTP already monitors offset from its upstream stratum as part of its normal operation, so all you need is to use an appropriate tool to extract that information and plug it into your alerting/telemetry system.

Your ntpq output shows a stratum 3 server with a system offset of less than 1 millisecond difference. That is about as good as you can expect over Internet links without implementing special measures. The root dispersion is a bit high, but that's almost entirely due to your upstreams, since your delay to them is only a bit over 2 ms.

If you configure your internal systems to sync with your stratum 3 servers, and they show a similar system offset, then you have achieved your goal. But make sure you have at least 4 public stratum 1/2 servers and at least 4 internal servers as well.

Don't forget to read the NTP Best Current Practices draft RFC, which explains why you need multiple sources and why monitoring is important.

Answer 3

Have you ever considerated about using a GPS receiver (probably coupled with gpsd) as a time source for your NTP?

Answer 4

ok I found the solution!. I can ask to my stratum n-1 what is the offset he have with stratum n-2 using ntpdc command, then I can look on peerstat file what the offset my client server have with the stratum n-1. I did a little script:

#!/bin/bash
#determine the IP of the currently used stratum n-1 srv as NTP source
used_ntp_source=`ntpq -np | grep "*" | awk '{print $1}' | sed 's/*//'`

#determine the offset between used stratum n-1 srv and the stratum n-2 (in seconds)
offset_between_stratn_1_and_stratn_2=`ntpdc -np $used_ntp_source | grep "*" | awk '{print \$7}'`

#determine the offset between localhost and the stratum n-1  srv (in seconds),looking in the last 20 lines of peerstats file, but keeping only the last one
local_offset_with_stratn_1=`tail -20 /var/log/ntpstats/peerstats | grep $used_ntp_source | tail -1 | awk '{print $5}'`

#calculation
calculated_offset=$(python -c "from decimal import Decimal; print(Decimal('$offset_between_stratn_1_and_stratn_2') + Decimal('$local_offset_with_stratn_1'))")

echo "the calculated offset is $calculated_offset"