| [chrony-users] A real-life example of chrony on a LAN |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
For the last couple of weeks, I've been bringing up a new Linux system
on which I will be implementing an IPTABLES(8) firewall, instead of
using firewalld(8).
(N.B.: short form: I want to separate traffic using VLANs over the five
IP addresses I have, and have different rules for each address. Red
Hat's solution doesn't do that. Enough about that.)
Now for the meat: on my new firewall I provide NTP and DHCP service, to
my LAN and WiFi only. The new firewall runs CentOS 7.5 and chronyd.
The old firewall is CentOS 4.9 (!) and ntpd. Both firewalls use a
selected set of outside servers (mix of stratum 1 and 2 providers), as
well as my TM1000A GPS NTP appliance isolated on its own VLAN to keep
excess traffic out of the appliance. Both servers report being stratum 2.
In my local network, I have two computer on one desk. Both are running
CentOS 7.5 desktop. Both desktops are configured to use the two
firewalls as NTP servers. Both desktops are running chrony.
At the time I'm writing this, the older NTP box is declaring an accuracy
under 10 ms. The newer CHRONYD box is reporting an accuracy of under 1
ms.
The two clients are currently synced to the new firewall, both reporting
accuracy under 1 ms.
I've not yet attempted to figure out how to measure the delta between
the two firewall boxes, and the two desktop boxes. On the two desktop
boxes, though, I have Gnome displaying the screen clock with seconds,
and I can't detect any skew in the two clocks -- but that's just my eyes.
For my purposes, the clocks are "close enough". It's interesting,
though, that the chronyd services on the two client boxes both prefer
the chronyd source over the old NTP source.
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.