3

Is it a bad practice to put a NTP server behind a Virtual IP? (VRRP)

How much would it be preferred to simply have the clients talk directly to the 2 instances?

Since the NTP clients keeps the server's refid, I suppose it would distinguish when the server behind the IP is swapped, but I'm not sure how it would affect it's behavior otherwise.

Phil
  • 228
  • 2
  • 7
  • 3
    Clustering is great, but often also somewhat fragile... I'd vote to simply configure your clients to use both NTP servers, rather than setting up a floating IP – HBruijn Sep 28 '16 at 18:33
  • +1 for an interesting question that makes me think (again?) about why I routinely configure my systems the way I do. – HBruijn Sep 28 '16 at 20:19

1 Answers1

7

After my initial comment a slightly longer answer.

As a rule of thumb when the protocol itself, or the common implementations of said protocol, already natively support resilience, high availability and failover, you don't need to provide those at the infrastructure level.

(Except when you use cases do require them...)

Load balancing and clustering are useful techniques, but they also require expert maintenance and I have seen far more high availability clusters crash catastrophically than I have seen admins break two different servers at the same time.


With regards to NTP, you either provide a single NTP server to your clients, or optimally you configure 4 or more...

Ntpd needs a majority of servers to agree on the time before it can sync.

If you only have one server, that server will be believed. That has the benefit that at least all your systems will be set to the same (albeit maybe an incorrect) time and you can still correlate security events and rely on time dependant protocols such as Kerberos.

If you have two servers behind a loadbalancer your clients behave as if there is only one NTP sever. If time on those two back-end servers differs (depending on your loadbalancing algorithm) either half of your servers will use a completely different date from the others or you might get to see random jumps in time when failover does occur.

If you configure multiple NTP servers most (if not all) NTP client implementations are capable (if you have configured sufficient servers) to distinguish a "false ticker" and disregard it by reaching a majority vote.

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • 2
    Agreed 100%. Load balancing could lead to some very unexpected or difficult-to-debug situations. – EEAA Sep 28 '16 at 20:16
  • 2
    Thanks. I wasn't aware of the optimal configuration (4 servers), but I was under the impression that 2 servers behind a VRRP could lead to some weirdness. I will configure clients to use both servers from now on, and will setup new servers soon. – Phil Sep 29 '16 at 14:45