Facebook announces public NTP service (opens in new tab)

(engineering.fb.com)

39 pointswongmjane6y ago4 comments

4 comments

millerm6y ago

Hasn’t Facebook already taken up enough of our time? ;-)

toomuchtodo6y ago

Is there a time expert who can comment if this is equal or superior to the Public NTP Pool [1]?

[1] https://www.ntppool.org/en/

LinuxBender6y ago

There is no harm in adding more stratum 1 servers. Many companies will use stratum-1 to avoid talking to malicious hosts in the public pool and triggering false alerts to their security operations centers. Their IP's typically don't change which means should you want, you can make firewall rules explicitly saying "who" you are talking to. This is useful for audits, especially for financial institutions.

From the aspect of technical superiority, that is highly subjective and varies with the consumer of NTP. The public pool can be anyone, any server or VM, any level of jitter. The IP can change, the host can go away, there is higher chance of time drift which is why most hosts will choose 3 of them at least. The public pool has higher capacity whereas the stratum-1 servers in some cases will block people that seen too many packets from 1 IP or send a "kod" packet saying to go away. It is expected that if your business is talking to a stratum-1 server that you have your own edge stratum-2 servers in your datacenter that everything uses. For some, the public pool is "good enough". For others, they may even want to run their own GPS devices in each datacenter and peer across datacenters for redundancy and cut out the middle person. Stock trading sites would be an example of someone that would want their own GPS devices that by themselves are extremely accurate and will not drift, while also syncing to NIST.

chewz6y ago

Public NTP Pool is ideal honeypot.

You signal there is a new server that is still yet vulnerable with default passwords, firewall rules, patches.

j / k navigate · click thread line to collapse