翻译完成 (#5512)

* XYenChi is translating

* translated
This commit is contained in:
XYenChi 2017-04-26 07:37:58 +08:00 committed by Ezio
parent 9c7fe96b56
commit 890bf7a437
2 changed files with 62 additions and 61 deletions

View File

@ -1,61 +0,0 @@
Arrive On Time With NTP -- Part 1: Usage Overview
============================================================
![NTP](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/ntp-time.jpg?itok=zu8dqpki "NTP")
In this first of a three-part series, Chris Binnie looks at why NTP services are essential to a happy infrastructure.[Used with permission][1]
Few services on the Internet can claim to be so critical in nature as time. Subtle issues which affect the timekeeping of your systems can sometimes take a day or two to be realized, and they are almost always unwelcome because of the knock-on effects they cause.
Consider as an example that your backup server loses connectivity to your Network Time Protocol (NTP) server and, over a period of a few days, introduces several hours of clock skew. Your colleagues arrive at work at 9am as usual only to find the bandwidth-intensive backups consuming all the network resources meaning that they can barely even log into their workstations to start their days work until the backup has finished.
In this first of a three-part series, Ill provide brief overview of NTP to help prevent such disasters. From the timestamps on your emails to remembering when you started your shift at work, NTP services are essential to a happy infrastructure.
You might consider that the really important NTP servers (from which other servers pick up their clock data) are at the bottom of an inverted pyramid and referred to as Stratum 1 servers (also known as “primary” servers). These servers speak directly to national time services (known as Stratum 0, which might be devices such as atomic clocks or GPS clocks, for example). There are a number of ways of communicating with them securely, via satellite or radio, for example.
Somewhat surprisingly, its reasonably common for even large enterprises to connect to Stratum 2 servers (or “secondary” servers) as opposed to primary servers. Stratum 2 servers, as youd expect, synchronize directly with Stratum 1 servers. If you consider that a corporation might have their own onsite NTP servers (at least two, usually three, for resilience) then these would be Stratum 3 servers. As a result, such a corporations Stratum 3 servers would then connect upstream to predefined secondary servers and dutifully pass the time onto its many client and server machines as an accurate reflection of the current time.
A simple design component of NTP is that it works on the premise -- thanks to the large geographical distances travelled by Internet traffic -- that round-trip times (of when a packet was sent and how many seconds later it was received) are sensibly taken into account before trusting to a time as being entirely accurate. Theres a lot more to setting a computers clock than you might at first think, if you dont believe me, then [this fascinating web page][3] is well worth looking at.
At the risk of revisiting the point, NTP is so key to making sure your infrastructure functions as expected that the Stratum servers to which your NTP servers connect to fuel your internal timekeeping must be absolutely trusted and additionally offer redundancy. Theres an informative list of the Stratum 1 servers available at the [main NTP site][4].
As you can see from that list, some NTP Stratum 1 servers run in a “ClosedAccount” state; these servers cant be used without prior consent. However, as long as you adhere to their usage guidelines, “OpenAccess” servers are indeed open for polling. Any “RestrictedAccess” servers can sometimes be limited due to a maximum number of clients or a minimum poll interval. Additionally, these are sometimes only available to certain types of organizations, such as academia.
### Respect My Authority
On a public NTP server, you are likely to find that the usage guidelines follow several rules. Lets have a look at some of them now.
The “iburst” option involves a client sending a number of packets (eight packets rather than the usual single packet) to an NTP server should it not respond during at a standard polling interval. If, after shouting loudly at the NTP server a few times within a short period of time, a recognized response isnt forthcoming, then the local time is not  changed.
Unlike “iburst” the “burst” option is not commonly allowed (so dont use it!) as per the general rules for NTP servers. That option instead sends numerous packets (eight again apparently) at each polling interval and also when the server is available. If you are continually throwing packets at higher-up Stratum servers even when they are responding normally, you may get blacklisted for using the “burst” option.
Clearly, how often you connect to a server makes a difference to its load (and the negligible amount of bandwidth used). These settings can be configured locally using the “minpoll” and “maxpoll” options. However, to follow the connecting rules on to an NTP server, you shouldnt generally alter the the defaults of 64 seconds and 1024 seconds, respectively.
Another, far from tacit, rule is that clients should always respect Kiss-Of-Death (KOD) messages generated by those servers from which they request time. If an NTP server doesnt want to respond to a particular request, similar to certain routing and firewalling techniques, then its perfectly possible for it to simply discard or blackhole any associated packets.
In other words, the recipient server of these unwanted packets takes on no extra load to speak of and simply drops the traffic that it doesnt think it should serve a response to. As you can imagine, however, this isnt always entirely helpful, and sometimes its better to politely ask the client to cease and desist, rather than ignoring the requests. For this reason, theres a specific packet type called the KOD packet. Should a client be sent an unwelcome KOD packet then it should then remember that particular server as having responded with an access-denied style marker.
If its not the first KOD packet received from back the server, then the client assumes that there is a rate-limiting condition (or something similar) present on the server. Its common at this stage for the client to write to its local logs, noting the less-than-satisfactory outcome of the transaction with that particular server, if you ever need to troubleshoot such a scenario.
Bear in mind that, for obvious reasons, its key that your NTPs infrastructure be dynamic. Thus, its important not to hard-code IP addresses into your NTP config. By using DNS names, individual servers can fall off the network and the service can still be maintained, IP address space can be reallocated and simple load balancing (with a degree of resilience) can be introduced.
Lets not forget that we also need to consider that the exponential growth of the Internet of Things (IoT), eventually involving billions of new devices, will mean a whole host of equipment will need to keep its wristwatches set to the correct time. Should a hardware vendor inadvertently (or purposely) configure their devices to only communicate with one providers NTP servers (or even a single server) then there can be -- and have been in the past -- very unwelcome issues.
As you might imagine, as more units of hardware are purchased and brought online, the owner of the NTP infrastructure is likely to be less than grateful for the associated fees that they are incurring without any clear gain. This scenario is far from being unique to the realms of fantasy. Ongoing headaches -- thanks to NTP traffic forcing a providers infrastructure to creak -- have been seen several times over the last few years.
In the next two articles, Ill look at some important NTP configuration options and examine server setup.
--------------------------------------------------------------------------------
via: https://www.linux.com/learn/arrive-time-ntp-part-1-usage-overview
作者:[CHRIS BINNIE][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linux.com/users/chrisbinnie
[1]:https://www.linux.com/licenses/category/used-permission
[2]:https://www.linux.com/files/images/ntp-timejpg
[3]:http://www.ntp.org/ntpfaq/NTP-s-sw-clocks-quality.htm
[4]:http://support.ntp.org/bin/view/Servers/StratumOneTimeServers

View File

@ -0,0 +1,62 @@
用 NTP 把控时间 -- 第一部分:使用概览
============================================================
![NTP](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/ntp-time.jpg?itok=zu8dqpki "NTP")
这系列共三部分首先Chirs Binnie考量了一个令人愉快的基础建设中 NTP 服务的重要性。[经许可使用][1]
鲜有网络服务器在计时方面称得上是标准。影响你系统的时间计时的小问题可能花了一两天被发现,这样的不速之客通常会引起连锁效应。
设想你的备份服务器与网络时间协议NTP断开连接过了几天引起几小时的时间扭曲。你的同事照常九点上班发现 bandwidth-intensive 类型的备份服务器消耗了所有网络资源,这也就意味着他们在备份完成之前几乎不能登录工作台开始他们的日常工作。
这系列共三部分,首先,我将提供简要介绍 NTP 防止这种困境的发生。从邮件的时间戳到记录你工作的进展NTP 服务对于一个令人愉快的基础建设是如此重要。
想想非常重要的 NTP 服务器 (其他服务器时间数据来源) 是倒置金字塔的底部与第1层的服务器也被称为“主要”服务器相关。这些服务器0层是原子钟和GPS钟之类的装置与自然时间直接交互。安全沟通的方法很多例如通过卫星或者无线电。
令人惊讶的是,几乎所有的大型企业都会连接二层服务器(或“次级”服务器)而是不主服务器。如你所料,二层服务器和一层直接同步。如果你觉得大公司可能有自己的本地 NTP 服务器至少两个通常三个为了恢复这样就会有三层服务器。结果第3层服务器将连接上层去预定义次级服务器负责任地传递时间给客户端和服务器作为当前时间的精确反馈。
简单设计构成的 NTP 工作前提是——多亏了英特网通路走过大量地理距离——在信任时间完全准确之前,来回时间(包什么时候发出和多少秒后被收到)都会被清楚记录。设置电脑时间比你想象的要多做很多,如果你不信我,那[这神奇的网站][3]值得一看。
由于有重复访问节点的风险NTP 如此关键以至于 NTP 与层次服务器之间的连接被期望必须确保内部计时完全被信赖并且能提供额外信息。有一个有用的 Stratum 1 服务器列表在 [主 NTP 站点][4].
正如你在列表所见,一些 NTP 一层服务器以“ClosedAccount”状态运行;这些服务器需要提前同意才可以使用。但是只要你完全按照他们的使用引导做“OpenAccess” 服务一定会为了轮询开放。每个 “RestrictedAccess” 服务有时候会因为大量客户端访问或者少数轮询间隙而受限。另外有时候会专供某种类型的组织,例如学术界。
### 尊重我的权威
在公共 NTP 服务器上,你可能发现使用引导遵从某些规则。现在让我们看看其中一些。
“iburst” 选项作用是客户端发送一定数量的包(八个包而不是通常的一个)给 NTP 服务器,轮询间隔会没有应答。
如果在短时间内呼叫 NTP 服务器几次,没有出现可辨识的应答,那么本地时间没有变化。
不像 “iburst” ,按照 NTP 服务器的规则, “burst” 选项一般不允许使用(所以不要用它!)。这个选项不仅在探询间隙发送大量包(明显又是八个),而且也会在能正常使用时这样做。如果你在高层服务器持续发送包,甚至是它们在正常应答时,你可能会因为使用 “burst” 选项而被拉黑。
显然你连接服务器的频率影响了它加载的速度和少量带宽使用。使用“minpoll”和“maxpoll”选项可以本地设置。然而根据连接 NTP 服务器的规则,你不应该分别修改默认的 64 秒和 1024 秒。
此外,需要提出的是客户应该重视请求时间的服务器发出的 Kiss-Of-Death (KOD) 消息。如果 NTP 服务器不想反馈特殊请求,类似于路由和防火墙技术,那么它极有可能遗弃或吞没每个相关的包。
换句话说,接受异常数据的服务器交互不需要额外的负载而且几乎不消耗流量以至于它认为这不值得回应。你就可以想象,这很无力,有时候礼貌地问客户是否中止或停止比忽略请求更为有效。因此,这种特别的包类型叫做 KOD 包。不受欢迎的 KOD 包被传送给客户端,然后记住这特别的拒绝访问标志。
如果收到不止一个服务器反馈的 KOD 包,客户端会猜想服务器上发生了流量限速的情况(或类似的)。客户端一般会写入本地日志,使用特别服务器差强人意的处理结果,如果你需要分析解决方案。
牢记, NTP 服务器的动态基础建设明显是关键。因此,不要给你的 NTP 配置硬编码 IP 地址。通过使用 DNS 域名独立服务器衰减网络服务仍能继续进行IP 地址空间能被重新分配并且可引入简单的负载均衡(具有一定程度的弹性)。
请别忘了我们也需要考虑呈指数增长的物联网(IoT),最终将包括数以亿万计的新装置,意味着设备的主机需要保持正确时间。硬件卖家无意(或有意)设置他们的设备只能与一个提供者的(甚至一个) NTP 服务器连接将成为过去,变成非常不受欢迎的问题。
你可能会想象随着更多的硬件单元被在线购进NTP 基础设施的拥有者大概不会为相关费用感激,因为他们正被没有实际收入所困扰。这方案远非在奇幻领域独树一帜。正当头疼 -- 感谢 NTP 通路提供的基本设置强制停止 -- 过去几年里已遇多次。
在下面两篇文章里,我将着重于一些重要的 NTP 配置和测试服务器启动。
--------------------------------------------------------------------------------
via: https://www.linux.com/learn/arrive-time-ntp-part-1-usage-overview
作者:[CHRIS BINNIE][a]
译者:[译者ID](https://github.com/XYenChi)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
[a]:https://www.linux.com/users/chrisbinnie
[1]:https://www.linux.com/licenses/category/used-permission
[2]:https://www.linux.com/files/images/ntp-timejpg
[3]:http://www.ntp.org/ntpfaq/NTP-s-sw-clocks-quality.htm
[4]:http://support.ntp.org/bin/view/Servers/StratumOneTimeServers