Introduction to NTP

Overview

NTP (Network Time Protocol) provides accurate and syncronised time

across the Internet. This introductory article will try to show you how to
use NTP to control and synchronize your system clock.

First approach

NTP is organised in a hierarchical client-server model. In the top of this

hierarchy there are a small number of machines known as reference
clocks. A reference clock is known as stratum 0 and is typically a cesium
clock or a Global
Positioning System
(GPS) that receives
time from satellites.
Attached to these
machines there are
the so-called
stratum 1 servers
(that is, stratum 0
clients), which are
the top level time
servers available to
the Internet, that
is, they are the best
NTP servers
available.

Note: in the NTP

lingo measure for
synchronization distance is termed as stratum: the number of steps that
a system lies from a primary time source.

Following this hierarchy, the next level in the structure are the stratum 2
servers which in turn are the clients for stratum 1 servers. The lowest
level of the hierarchy is made up by stratum 16 servers. Generally
speaking, every server syncronized with a stratum n server is termed as
being at stratum n+1 level. So, there are a few stratum 1 servers which
are referenced by stratum 2 servers, wich in turn are refenced by
stratum 3 servers, which are referenced by stratum 4 and so on.

NTP servers operating in the same stratum may be associated with

others in a peer to peer basis, so they may decide who has the higher
quality of time and then can synchronise to the most accurate.

In addition to the client-server model and the peer to peer model, a

server may broadcast time to a broadcast or multicast IP addresses and
 clients may be configured to synchronise to these broadcast time
signals.

So, at this point we know that NTP clients can operate with NTP servers
in three ways:

in a client-server basis
in a peer to peer mode
sending the time using broadcast/multicast

How does it work

Whenever ntpd starts it checks its configuration file (/etc/ntp.conf) to

determine syncronization sources, authentication options, monitoring
options, access control and other operating options. It also checks the
frequency file (/etc/ntp/drift) that contains the latest estimate of
clock frequency error. If specified, it will also look for a file containing
the authentication keys (/etc/ntp/keys).

Note that the path and/or name of these configuration files may vary in
your system. Check the -c command line option.

Once the NTP daemon is up and running, it will operate by exchanging

packets (time and sanity check exchanges) with its configured servers at
poll intervals and its behaviour will depend on the delay between the
local time and its reference servers. Basically, the process starts when
the NTP client sends a packet containing its timestamp to a server.
When the server receives such a packet, it will in turn store its own
timestamp and a transmit timestamp into the packet and send it back to
the client. When the client receives the packet it will log its receipt time
in order to estimate the travelling time of the packet.

The packet exchange takes place until a NTP server is accepted as a

synchronization source, which take about five minutes. The NTP daemon
tries to adjust the clock in small steps and will continue until the client
gets the accurate time. If the delay between both the server and client is
big enough the daemon will terminate and you will need to adjust the
time manually and start the daemon again.

Sample ntp.conf configuration file

server 134.214.100.6
server swisstime.ee.ethz.ch

peer 192.168.100.125
peer 192.168.100.126
peer 192.168.100.127

driftfile /etc/ntp/drift
#multicastclient # listen on default 224.0.1.1
#broadcastdelay 0.008

authenticate no

#keys /etc/ntp/keys
 #trustedkey 65535
#requestkey 65535
#controlkey 65535

# by default ignore all ntp packets

restrict 0.0.0.0 mask 0.0.0.0 ignore

# allow localhost
restrict 127.0.0.1 mask 255.255.255.255

# accept packets from...

restrict 192.168.100.125 mask 255.255.255.255
restrict 192.168.100.126 mask 255.255.255.255
restrict 192.168.100.127 mask 255.255.255.255

Take a look at references below to understand the configuration options.

References

NTP homepage
ntpd
Network time protocol (version 3) specification
Public NTP Time Servers

NTP Basics

NTP stands for Network Time Protocol, and it is an Internet protocol used to
synchronize the clocks of computers to some time reference. NTP is an
Internet standard protocol originally developed by Professor David L. Mills at
the University of Delaware.

SNTP (Simple Network Time Protocol) is basically also NTP, but lacks some
internal algorithms that are not needed for all types of servers.

Time should be synchronized

Time usually just advances. If you have communicating programs running on

different computers, time still should even advance if you switch from one computer
to another. Obviously if one system is ahead of the others, the others are behind
that particular one. From the perspective of an external observer, switching between
these systems would cause time to jump forward and back, a non-desirable effect.

As a consequence, isolated networks may run their own wrong time, but as soon as
you connect to the Internet, effects will be visible. Just imagine some EMail message
arrived five minutes before it was sent, and there even was a reply two minutes
before the message was sent.

Basic features of NTP

NTP needs some reference clock that defines the true time to operate. All
clocks are set towards that true time. (It will not just make all systems agree
on some time, but will make them agree upon the true time as defined by
some standard.)
 NTP uses UTC as reference time

NTP is a fault-tolerant protocol that will automatically select the best of several
available time sources to synchronize to. Multiple candidates can be combined
to minimize the accumulated error. Temporarily or permanently insane time
sources will be detected and avoided.

NTP is highly scalable: A synchronization network may consist of several

reference clocks. Each node of such a network can exchange time information
either bidirectional or unidirectional. Propagating time from one node to
another forms a hierarchical graph with reference clocks at the top.

Having available several time sources, NTP can select the best candidates to
build its estimate of the current time. The protocol is highly accurate, using a
resolution of less than a nanosecond (about 2^-32 seconds). (The popular
protocol used by rdate and defined in [RFC 868] only uses a resolution of one
second).

Even when a network connection is temporarily unavailable, NTP can use

measurements from the past to estimate current time and error.

UTC (Universal Time Coordinated)

UTC (Universal Time Coordinated, Temps Universel Coordonné) is an official

standard for the current time. UTC evolved from the former GMT (Greenwich Mean
Time) that once was used to set the clocks on ships before they left for a long
journey. Later GMT had been adopted as the world's standard time. One of the
reasons that GMT had been replaced as official standard time was the fact that it
was based on the mean solar time. Newer methods of time measurement showed
that the mean solar time varied a lot by itself.The following list will explain the main
components of UTC:

Universal means that the time can be used everywhere in the world, meaning
that it is independent from time zones (i.e. it's not local time). To convert UTC
to local time, one would have to add or subtract the local time zone.

Coordinated means that several institutions contribute their estimate of the

current time, and UTC is built by combining these estimates.

NTP on Unix and Windows 2000

In this example we show, how to synchronize your Linux, Solaris and Windows 2000
Server (Primary Domain Controller) with the Public NTP Time Server:
swisstime.ethz.ch

Public NTP Server in Switzerland

swisstime.ethz.ch (129.132.2.21)
Location: Integrated Systems Laboratory, Swiss Fed. Inst. of Technology,
CH 8092 Zurich, Switzerland
Geographic Coordinates: 47:23N, 8:32E
Synchronization: NTP primary (DCF77 clock), Sun-4/SunOS 4.1.4
Service Area: Switzerland/Europe
Access Policy: open access
Contact: Christoph Wicki ([email protected])

Configuration on Unix

Unix Workstation as NTP Client

The NTP client program ntpdate sets the system clock once. As real clocks drift, you
need periodic corrections. Basically you can run ntpdate in a cron job hourly or daily,
but your machine won't be an NTP server then.

Crontab entry to update the system clock once a day

0 2 * * * /usr/sbin/ntpdate -s -b -p 8 -u 129.132.2.21

-b
 Force the time to be stepped using the settimeofday() system
call, rather than slewed (default) using the adjtime() system
call. This option should be used when called from a startup
file at boot time.

-p samples

Specify the number of samples to be acquired from each server

as the integer samples, with values from 1 to 8 inclusive.
The default is 4.

-s

Divert logging output from the standard output (default) to

the system syslog facility. This is designed primarily for
convenience of cron scripts.

-u

Direct ntpdate to use an unprivileged port or outgoing

packets. This is most useful when behind a firewall that
blocks incoming traffic to privileged ports, and you want to
synchronise with hosts beyond the firewall. Note that the -d
option always uses unprivileged ports.

Unix Workstation as NTP Server

First of all you have to download the NTP sources from www.ntp.org. On RedHat
Linux 7.0 / 7.1 the NTP server ntpd is already included in the distribution.

The NTP server ntpd will learn and remember the clock drift and it will correct it
autonomously, even if there is no reachable server. Therefore large clock steps can
be avoided while the machine is synchronized to some reference clock. In addition
ntpd will maintain error estimates and statistics, and finally it can offer NTP service
for other machines.

Look at the Startup Script in /etc/rc.d/init.d/ntpd

start() {
# Adjust time to make life easy for ntpd
if [ -f /etc/ntp/step-tickers ]; then
echo -n $"Synchronizing with time server: "
/usr/sbin/ntpdate -s -b -p 8 -u \
`/bin/sed -e 's/#.*//' /etc/ntp/step-tickers`
success
echo
fi
# Start daemons.
echo -n $"Starting $prog: "
daemon ntpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/ntpd
return $RETVAL
}
 Insert swisstime.ethz.ch or more NTP Servers to /etc/ntp/step-tickers

129.132.2.21

Edit the configuration file /etc/ntp.conf

server 127.127.1.0 # local clock

server 129.132.2.21 # swisstime.ethz.ch (stratum 1)
driftfile /etc/ntp/drift
multicastclient # listen on default 224.0.1.1
broadcastdelay 0.008

Start NTP Server and check /var/log/messages

# /etc/rc.d/init.d/ntpd start

Troubleshooting

One of the quickest commands to verify that ntpd is still up and running as desired
is ntpq -p. That command will show all peers used and configured together with their
corner performance data.

# ntpq -p

remote refid st t when poll reach delay offset jitter

=====================================================================
LOCAL(0) LOCAL(0) 3 l 9 64 377 0.000 0.000 0.000
*swisstime.ethz. .DCFa. 1 u 17 64 377 25.088 -10.040 1.071

To obtain a current list peers of the server, along with a summary of each peer's
state. Summary information includes the address of the remote peer, the reference
ID (0.0.0.0 if this is unknown), the stratum of the remote peer, the type of the peer
(local, unicast, multicast or broadcast), when the last packet was received, the
polling interval, in seconds, the reachability register, in octal, and the current
estimated delay, offset and dispersion of the peer, all in milliseconds.

# ntpq -c pee swisstime.ethz.ch

remote refid st t when poll reach delay offset jitter

====================================================================
*GENERIC(0) .DCFa. 0 l 14 16 377 0.000 0.126 0.170
LOCAL(0) LOCAL(0) 6 l 13 64 377 0.000 0.000 10.010
sns2-tss2.unige lantime 2 u 323 1024 377 11.000 0.014 1.770
+nz11.rz.uni-kar .DCF. 1 u 40 64 376 353.290 18.088 17.120
xjane.planNET.de .DCFa. 1 u 80 256 377 125.050 -38.018 0.210
+sombrero.cs.tu- .GPS. 1 u 49 64 377 36.070 1.159 0.790

# ntpdc

ntpdc> peers

Be sure that there is an entry for the the swisstime.ethz.ch server, and that there is
an entry for your local net. The "st" (stratum) column for the ITD time servers
should be "1" or "2", indicating that the time server are stratum-1/2 servers, e.g.
they obtain their time from stratum-1 servers, which are directly connected to
external time reference sources. If the stratum for any server is "16" then this
server is not synchronizing successfully.

remote local st poll reach delay offset disp

====================================================================
=LOCAL(0) 127.0.0.1 3 64 377 0.00000 0.000000 0.00095
=cosmos.hsz.akad 5.0.0.0 16 64 0 0.00000 0.000000 0.00000
*swisstime.ethz. 192.168.138.29 1 128 377 0.02658 -0.001197 0.00215

Configuration on Windows 2000 Workstation

Windows 2000 (Win2K) uses a time service, known as Windows Time

Synchronization Service (Win32Time), to ensure that all Win2K computers on your
network use a common time. The W32Time Service is a fully compliant
implementation of the Simple Network Time Protocol (SNTP) as detailed in IETF RFC
1769. SNTP uses UDP port 123 by default. If you want to synchronize your time
server with an SNTP server on the Internet, make sure that port is available.

Select a NTP server, using

net time /setsntp:swisstime.ethz.ch

Start the W32time service with

net start W32Time

You can also set the start option of the Windows Time Synchronization
Service (W32Time) to Automatic, so the service will start when
Windows/2000 starts.

Set the following Registry Entries for the W32Time Service (marked in blue
color)

The registry values are located in the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters

AvoidTimeSyncOnWan : REG_DWORD (optional)

Prevents the computer from synchronizing with a computer that is in another
site.
0 = the site of the time source is ignored [default]
1 = the computer does not synchronize with a time source that is in a different
site

GetDcBackoffMaxTimes : REG_DWORD (optional)

The maximum number of times to double the backoff interval when successive
attempts to find a domain controller do not succeed. An event is logged every
time a wait of the maximum length occurs.
0 = the wait between successive attempts is always the minimum and no
event is logged
7 = [default]
 GetDcBackoffMinutes : REG_DWORD (optional)
The initial number of minutes to wait before looking for a domain controller if
the last attempt did not succeed. 15 = [default]

LocalNTP : REG_DWORD
Used to start the SNTP server.
0 = do not start the SNTP server unless this computer is a domain controller
[default]
1 = always start the SNTP server

NtpServer : REG_SZ (swisstime.ethz.ch)

NtpServer : REG_SZ (optional) Used to manually configure the time source.
Set this to the DNS name or IP address of the NTP server to synchronize from.
You can modify this from the command line by using the net time command.
Value is blank by default

Period : REG_DWORD or REG_SZ

Used to control how often the time service synchronizes. If a string value is
specified, it must be one of special ones listed below.
0 = once a day
65535, "BiDaily" = once every 2 days
65534, "Tridaily" = once every 3 days
65533, "Weekly" = once every week (7 days)
65532, "SpecialSkew" = once every 45 minutes until 3 good
synchronizations occur, then once every 8 hours (3 per day) [default]
65531, "DailySpecialSkew" = once every 45 minutes until 1 good
synchronization occurs, then once every day
freq = freq times per day

ReliableTimeSource : REG_DWORD (optional)

Used to indicate that this computer has reliable time.
0 = do not mark this computer as having reliable time [default]
1 = mark this computer as having reliable time (this is only useful on a
domain controller)

Type : REG_SZ
Used to control how a computer synchronizes.
Nt5DS = synchronize to domain hierarchy [default]
NTP = synchronize to manually configured source
NoSync = do not synchronize time

The Nt5DS setting may not use a manual configured source.

The Adj and msSkewPerDay values are used to preserve information about the
computer's clock between restarts. Do not manually edit these values.

More Information

For further information about NTP in Windows/2000 see

http://support.microsoft.com/support/kb/articles/q224/7/99.asp
http://support.microsoft.com/support/kb/articles/q216/7/34.asp
http://support.microsoft.com/support/kb/articles/q223/1/84.asp
http://support.microsoft.com/support/kb/articles/q120/9/44.asp
http://support.microsoft.com/support/kb/articles/Q232/2/55.asp
http://labmice.techtarget.com/windows2000/timesynch.htm

For further information about NTP see

http://www.eecis.udel.edu/~ntp/