I’m preparing a couple of RouterOS CCR1009 with 6.49 that should be used as the main router to the Internet for 100 or 200 users.
I always thought I would these routers as the single time source for all LAN devices (switches, AP, a Linux server, …).
To my surprise, it seems the only included NTP-related feature withib 6.49.2 is an SNTP client but an NTP package exists.
Does this NTP package includes WebFig pages/Winbox feature allowing it to configured like other “native” features though a GUI ?
Is it easy to script safe installation of supplementary packages, (as I’m a bit scared to pick a wrong arch-dependent binary) ? Do involved URLs change over time (when RouterOS version changes) ?
Should I prefer to use an alternate box (a Linux server) as the only time source for all LAN devices or should I (learn to) install this NTP package ?
After you install any extra package (such as NTP), it seamlessly integrates it all of UIs
AFAIK ROS won’t install extra package that is not for the correct architecture.
After you install extra package, it gets upgraded automatically with the rest of ROS if you use built-in upgrade mechanizm (i.e. /system package upgrade), so no need to worry about it later.
using outer as lone source is fine if you can live with some drawbacks:
I suspect that precission and clock stability is not greatest (but that probably depends on architecture and particular device). It should be fine if you don’t need precission better than say 10ms
MT devices don’t have HW clock, so when booting time will be off (either by a few tens of seconds in case of reboot or much more if device had been shut down). NTP client will step time after it gets time from external sources, delay before doing it depends on WAN availability
if router looses WAN access, NTP stratum will drop after a while and clients will be left without common time source
Usual PCs have RTC and linux NTP server can use it as a fall-back tome source (which means that whole LAN will drift from correct time, but will still be synced to single source).
Just wondering …
What’s the issue of time wandering off if WAN is out for a while, meaning clients will not know any better either ?
They will stay in sync with the router if still connected to LAN, no ?
So locally, there should be no major problem at all. Obviously if time starts to drift significantly, I can imagine timestamps on files etc will also become impacted but is the clock on Tik that bad ?
Only if Tik would not provide any time at all, it will be an urgent issue. Other then that … there will be some time
NTP client will have stratum one lower (numerically expressed that’s larger number) than source to which it’s synchronized at the time. The lowest possible stratum is 16, which essentially means unsynchronized … and if NTP client can’t synchronize to any of sources, it’ll have this stratum.
Standard NTP clients don’t synchronize to servers with that stratum 16. So if lone NTP server in LAN looses sync, other clients won’t synchronize to it any more … and their clocks will drift apart in different directions (yeah right, there are only two directions) and with different pace. After a while they will be apart enough that timestamps in logs won’t allow correlating log entries between different computers. For example. If the lone NTP server still claims to be in sync (albeit to some local RTC with low stratum such as 10 or 12), other computers will not drift apart, they will drift together with the NTP server. And when WAN connectivity restores, better sources (stratums 2 or 3) will prevail over RTC and the whole LAN island will re-sync to correct time slowly.
But MT NTP client can’t be set-up to use local RTC as low stratum source and server will cease to provide time sync in such case.
Don’t get me wrong, I’m not saying that MT NTP server is useless, it’s mostly fine. But if I’d have to choose between using MT and normal linux as lone NTP server for a network, I’d choose standard linux (that’s no brainer for me). However, the idea of NTP is to have a swarm of NTP servers and if possible, one should use both MT and linux to provide time … and in case of WAN failure linux could provide backup time. The best practice says each client should use 3 to 5 servers for redundancy and possibility to select best server (in case of intermittent connectivity issues). In non-critical deployments one can live with less servers … but … the more the merrier.
