2

I have a (most of the time) isolated network consisting of several computers.

          computer 0 -- external NTP server
        / 
switch -- computer 1 -- external NTP server
        \  
          computer n -- external NTP server

Only a small subset of the connections in the above graph may be available at any point in time. Especially the connection to an external NTP server wont be available most of the time.

How can I use chrony to keep all the computers in sync without explicit client/server roles?

Requirements:

  1. At any given point in time, only a subset of the computers might be up and running. They should be able to get and stay in sync. If another computer is started, it should be synchronized as well. The absolute time is not important (as long as the error is in the magnitude of some seconds / few minutes). What is important is that all the computers in the network are in sync.
  2. Sporadically any of the computers might be connected to the internet and should be able to get the correct absolute time from an external NTP server and distribute that time in the local network.

I thought about configuring each computer on the network with an external NTP server (initially marked as offline) and then listing all computers as peers of each other. Is this the right way to go? I could not find any information on what happens if there are only NTP peers in a network without a reachable NTP server. Will the clocks converge to a sensible time or might this configuration become unstable so that the overall drift might be even worse than the worst hardware-clock drift of a single computer in the network?

Edit:

To underline my idea for an appropriate chrony configuration: Is the following approach a good idea?

/etc/chrony/chrony.conf on computer 0:

pool external.ntp.pool offline
peer computer_1
peer computer_2
peer computer_n
local stratum 10

/etc/chrony/chrony.conf on computer 1:

pool external.ntp.pool offline
peer computer_0
peer computer_2
peer computer_n
local stratum 10

And so on ...

Bloops
  • 121
  • 1
  • 3
  • When your computers sporadically connect to the network, do You connect to a router/firewall? If so, configure the firewall to run NTP time sources. To let the servers connect to each other and do the timesync will probably not work. If the first server connects to an external Stratus 1 time source, it will server other ntp clients connecting as Stratus 2. If they connect to each other, they will always try to sync with the one serving with the highest Stratus number, and stick to it. Even if that time source is out of sync. – Ingvar J Nov 20 '18 at 14:44
  • It would be perfectly fine if the other computers use the computer with internet connection as stratum 2 server. The question is what happens if the computers are only connected to each other using a switch and thus no computer is connected to a router with NTP server or to an external NTP server. – Bloops Nov 20 '18 at 15:39
  • having had problems with a bunch of systems relying on correct time settings, (or that they all are the same) when my stratus2 dedicated box get out-of-sync for various reasons, I have myself solved it by restarting the chronyd or ntpd services on all involved servers (like a ceph cluster). So if you add "external servers + a local server in ntpd.conf, it will try to sync with external when available, and use its neighbour when not in contacts with the internet. Then run a scheduled or manual restart of the time services when needed. – Ingvar J Nov 20 '18 at 16:32
  • I would select computer0 as the timesource for computer1-n in addition to the external source if it is a physical server. VM-s tend to be unhappy as time sources after migrations or suspend/activate – Ingvar J Nov 20 '18 at 16:32

2 Answers2

3

The simplest and best (but not least expensive) solution to your problem is to set up a small radio clock device (either GPS or WWVB/shortwave) on that network. Have devices use that as a server in NTP config, then peer with each other for fallback when the device fails.

Because a broadcast radio signal is one-way, this will meet your security requirements for isolation of the network.

GPS and WWVB devices that act as NTP servers are widely available at many price points.

If the network cannot receive radio signals in anyway (submarine, hardened bunker, whatever) this u solution won’t work. But if that is your scenario you likely have the money for installing local frequency standard of some type.

rmalayter
  • 3,744
  • 19
  • 27
  • I get your idea. However, that is not what I intended with my question... It is not about security but reliability in a decentralized network. And it is the opposite of what you assumed: How can I make time synchronization robust *without* any additional costs involved. Sporadically retrieving the time from an external reference clock isn't the problem. My question really burns down to: What happens if there are only peers of the same stratum available and no external reference clock (be it a hardware reference clock or an external NTP server). – Bloops Nov 20 '18 at 15:29
2
  1. Try not to do this. Per your reply to @rmalayter's answer, NTP is not a descentralized protocol. Accurate time relies on the "central" (i.e. higher stratum) servers supplying time to their clients. You're much better off having one system on all the time, keeping in touch with external time sources. A BeagleBone, Raspberry PI, or similar embedded system is an easy, cheap way to do this.
  2. The configuration you've suggested should mostly work. I would suggest a few things:
    • Don't use offline - the pool directive will automatically retry when chronyd starts or regains network connectivity.
    • Add orphan to your local line - this is the NTP feature specifically designed for compensating for your scenario. It will cause one of the peers to be elected the local master when upstream connectivity is unavailable.
    • It is harmless for a host to have its own address in its configuration as a peer: chronyd will automatically ignore it. This is a convenience which means you can ship out the same configuration to every host.
Paul Gear
  • 3,938
  • 15
  • 36