A Method for Clustering the NTP Time Service
Submitted by LJ McDonald on 24 September 2008 - 10:39am
The Network Time Protocol (NTP) daemon ntpd is not well-suited to operation as a clustered service in a failover cluster. One reason for this is that failover clusters use virtual IP addresses that move between nodes within the cluster, and as of this writing, the NTP service cannot be associated with only a specific virtual IP address. Despite the recent addition of command-line options to listen on interface(s) and to listen on virtual IPs, the NTP daemon continues to associate the NTP service with all IP addresses associated with the specified interface. The only option which restricts this behavior (--novirtualips) causes the NTP daemon to provide the service on the primary interface IP address of each specified interface and not the virtual IP addresses! As a result, despite the recent improvements, there continues to be no option to allow the NTP service to be offered only on a particular IP address.
Even if the NTP daemon were able to be bound to a specific IP address, the internal operation of the NTP daemon makes it unsuitable for failover. The NTP daemon slowly steps and then slews the server time to the correct time. This process can take up to three hours to complete. This means the daemon is either unable to provide its service during this time, or is providing inaccurate results! So the concept of a clustered/failover NTP service seems flawed... however, there's more to it, so please read on!