| Re: [chrony-users] A real-life example of chrony on a LAN |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
On Fri, 11 May 2018, Stephen Satchell wrote:
For the last couple of weeks, I've been bringing up a new Linux system on
which I will be implementing an IPTABLES(8) firewall, instead of using
firewalld(8).
(N.B.: short form: I want to separate traffic using VLANs over the five IP
addresses I have, and have different rules for each address. Red Hat's
solution doesn't do that. Enough about that.)
Sounds very complex.
Now for the meat: on my new firewall I provide NTP and DHCP service, to my
LAN and WiFi only. The new firewall runs CentOS 7.5 and chronyd. The old
firewall is CentOS 4.9 (!) and ntpd. Both firewalls use a selected set of
outside servers (mix of stratum 1 and 2 providers), as well as my TM1000A GPS
NTP appliance isolated on its own VLAN to keep excess traffic out of the
appliance. Both servers report being stratum 2.
Not sure what a TM1000AGPS appliance is. Looking on the web the accuracy does
not seem to me to be up to what a GPS with PPS should be capable of (the
fluctuations seen to be in the 50us range rather than the 1usec reange I would
expect from a GPS/PPS system.
In my local network, I have two computer on one desk. Both are running
CentOS 7.5 desktop. Both desktops are configured to use the two firewalls as
NTP servers. Both desktops are running chrony.
At the time I'm writing this, the older NTP box is declaring an accuracy
under 10 ms. The newer CHRONYD box is reporting an accuracy of under 1 ms.
And my desktop machine with a GPS/PPS SureElectronics receiver (used to be
about $50, but they do not seem to sell them anymore) is reporting
accuracy of under 1usec.
The two clients are currently synced to the new firewall, both reporting
accuracy under 1 ms.
I've not yet attempted to figure out how to measure the delta between the two
firewall boxes, and the two desktop boxes. On the two desktop boxes, though,
I have Gnome displaying the screen clock with seconds, and I can't detect any
skew in the two clocks -- but that's just my eyes.
Well not a great way of measuring-- a) because the clock reading poll loop in
the clock program probably is not better than 10-100ms, and because your eyes
could not see better than about 100ms.
For my purposes, the clocks are "close enough". It's interesting, though,
that the chronyd services on the two client boxes both prefer the chronyd
source over the old NTP source.
Probably because it has a much smaller uncertainty.
It has been tested, both by myself and by Lichvar, as to the kind of accuracy
one can get out of chrony, and it factors of 3-30 times better than ntpd with
the same sources, with a much more rapid convergence as well.
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.