Structuring our campus subnet we followed the recommendations in 'Configuring NTP and Setting up a NTP Subnet'. Three hosts (the minimum number for robustness) each refer to three different servers in the internet and peer with each other. Some other hosts (used mainly for other services) refer to these three internal NTP reference servers and are peeked by several clients.

There should be two primary servers and one secondary (buddy) server per campus reference server. In Germany, there are some public secondary (stratum 2) servers and only a few primary ones. So we need them all, though they are peering each other and may form disadvantageous loops. Fortunately, as primary servers, they are normally ruled by primary (stratum 0) time sources (GPS, DCF77, PTB).

Since the external servers are at stratum 1, our reference servers are at stratum 2.

The distribution servers referring to the reference servers are at stratum 3 and still have a decently small clock offset. They are peeked by several stratum 4 clients at boot time and regularly. NTP broadcast is installed but no multicast.

The three reference servers (time1, time2, time3) are simple "industrial" PCs running Linux. They are connected to the same power supply and network switch. Despite of this, they are still viewed as backing up each other, and in fact they are. There is not much to do for these hosts. Normally servicing NTP, only a few network daemons are held active.

In case of power failure, all servers are still powered by an uninterruptible power supply (UPS) but are cut off the network since the main switches are down. For several hours the NTP deamon could survive with only the internal hardware clock, but the UPS battery would reach not nearly as long. After a while, the servers would go down too, as already the rest of our net. In practice, there is no problem at all. All works very well and makes a pretty stable and robust NTP network.

All workstations should refer to
time.hs-augsburg.de. It's a fast virtual machine doing nothing but NTP service and this website, and delivering pretty accurate time, despite its virtual character and despite a statement by VMware that virtual machines are not really good timekeepers.

Servers and workstations in need of system time as accurate as possible should refer to time.rz.hs-augsburg.de. That's an alias of the main campus server, a fast real machine running nearly all network services, just including NTP service. This machine is also the campus NTP broadcast server.

We have a direct Internet connection and a second one as a backup. Our routers connect to the German Research Network G-WiN. Speed is good under normal conditions, and connection is interrupted only rarely for a usually short while. Network congestion sometimes occurs on weekdays when bandwidth is exhausted by many on-campus users at the same time.

The reference servers each have a 100 MBit NIC and are attached to a switch on a 1 GBit line, crossing two switches to the Internet routers. The distribution servers are on 1 GBit lines as well.