I'm trying to figure out the best way to handle time synchronization for our infrastructure. Most of it is in the public cloud and synchronized through the hypervisor. However, part of our setup is on an Edge network, where we have various network devices like firewalls and load balancers. Is it really necessary to set up a private NTP server just for these Edge devices? What are the drawbacks of relying on public NTP services, such as time.windows.com or the NTP pool? I feel like establishing an NTP service might be overkill since we only have a few clients. I'd love to hear your thoughts!
4 Answers
You can definitely use the NTP pool without any issues. Setting up your own server is super easy—a Raspberry Pi with a GPS module and an external antenna will get you set for under $150, possibly even under $100. Just place it by a window, keep it updated, and connect all your devices to this local server along with a couple of NTP pool servers for reliable timekeeping.
For basic setups, just use pool.ntp.org for your core switches, and have everything else sync to those switches. Unless you're dealing with high-frequency trading or something ultra-specific, you don’t need anything too complex. Keep it straightforward!
In my experience, time.windows.com isn't great. However, pool.ntp.org works well and time.cloudflare.com has been reliable for me. Just a heads-up, if you're thinking about running a public NTP server, make sure you actually maintain it. Otherwise, it can become a DDoS risk if not configured right. While it's possible to create a GPS-synced stratum 1 box, that's more of a personal project and not ideal for production. I find a micro-desktop server does the trick much better than embedded boards since they often lack real-time clocks. Just avoid exposing the control plane on routers and firewalls if you can.
Consider running your own NTP server and connect it to the NTP pool for added reliability. Setting it up is easy, and most routers and firewalls have options for it, requiring minimal resources. Just configure it once and let it run; it will keep sync with reliable upstream servers without taking much management.
But remember, the accuracy from a homemade NTP server may not compare to what you get from pool.ntp.org. A lot of factors affect timing accuracy, so don't expect perfection from a DIY setup.
True, but even a simple NTP setup consumes power and requires upkeep. It’s just one more thing to manage.
I’ve found that with automatic clock speed scaling turned off, you might have holdover issues for at least a day, even up to +/- 100ms.