0

Possible Duplicate:
What are the limits of running NTP servers in virtual machines?

I was wondering if virtualizing NTP is okay. I have a VMware ESXi 5.0 box, and I want to virtualize my router since the original hardware bit it. The only thing is I have read in places that virtualizing NTP (which my router performed) was not good because you won't be as accurate as a hardware clock. Is this true?

My router was pfSense, it ran the OpenNTPD server and was pointed at tock.usno.navy.mil. Because I am syncing with a higher NTP server is the accuracy of the hardware that important?

Community
  • 1
ianc1215
  • 1,965
  • 7
  • 34
  • 55

2 Answers2

4

This has been addressed before: What are the limits of running NTP servers in virtual machines?

Short answer: Don't do it. The accuracy of your local clock is still important when setting up an NTP server, and there are too many variables when using virtual machines to guarantee reasonable accuracy.

Community
  • 1
voretaq7
  • 79,345
  • 17
  • 128
  • 213
  • Well this pretty much answered my question, looks like I will keep running on hardware. Thanks for clearing this up for me. – ianc1215 Nov 21 '11 at 22:03
1

Depends on how accurate you need the clock to be. The Virtual Clock provided by the VM will have an inconsistent slew; usually this is limited to milliseconds. So your VM may have a hard time keeping track of it's slew in greater accuracy than ~0.1s. For most applications this is plenty accurate enough.

For certain software/hypervisor combinations the inconsistent slew causes problems and the time eventually gets off by a large amount. I've never seen this problem with ESX however.

For all platforms be certain the VM's clock is not synched to the hardware clock. There's an option to disable this as it's normally enabled. The VM will constantly have the wrong time if the hypervisor is overriding NTP.

On a side note: There are restrictions on using the cluster (tick, tock, and ntp) at usno.navy.mil; unless you meet certain qualifications you should not be using it. You should be using Stratum 2 servers, such as the pool.ntp.org project.

Chris S
  • 77,337
  • 11
  • 120
  • 212
  • really? I thought using the usno server were the best ones. So pool.ntp.org then? – ianc1215 Nov 21 '11 at 21:55
  • @Solignis - The "best" time source is a hardware reference (GPS, Cesium clock, etc.) - Second to that (and within the realm of practicality for most of us) you want a bunch of servers that are topologically close and reliable (low round-trip latency, low jitter) -- Using the appropriate regional `pool.ntp.org` servers will usually give you that. – voretaq7 Nov 21 '11 at 21:57
  • I don't need the time to be absolute, it just need to be accurate enough to run basic services. Possibly later on Kerberos but not sure yet. My other option for NTP would be my hardware iSCSI san which is based off of Ubuntu Server. Would that be better? – ianc1215 Nov 21 '11 at 21:57
  • 1
    [NIST offers some good statum 1 servers](http://tf.nist.gov/tf-cgi/servers.cgi), too. – Shane Madden Nov 21 '11 at 21:58
  • @voretaq7 Wow that is news to me, like I said I always thought you could not get better than the usno atomic clock. Well I know what I will be using from now on. Thanks. – ianc1215 Nov 21 '11 at 21:58
  • The USNO's clock is the central timing source for many things, but as I said, it's not a matter of good or not, it's their policy that most people aren't **allowed** to use it. You have to be a Government Agency, Educational Institution, or one of their Stratum 2 servers (by arrangement only). Many people ignore this, but it's still their request. [They provide a list of NTP servers (their S2 arranged partners) on their website](http://tycho.usno.navy.mil/ntp.html). Otherwise pool.ntp.org provides an excellent alternative. A hardware clock of your own is the "best" as Vortaq mentioned. – Chris S Nov 21 '11 at 22:02