NTP Network time protocol
19-Aug-152 Needs for precision time Stock market buy and sell orders Aviation traffic control and position reporting Network monitoring, measurement and control Radio and TV programming launch and monitoring Multimedia synchronization for real-time teleconferencing Distributed network gaming and training
19-Aug-153 Needs for precision time Distributed database transaction journalling and logging Secure document timestamps (with cryptographic certification) Differentiated services traffic engineering Interactive simulation event synchronization and ordering
19-Aug-154 Introduction NTP is a protocol for synchronising the clocks of computer systems over packet-switched, variable- latency data networks. NTP uses UDP as its transport layer – using port 123. NTP has been running continuously operating, ubiquitously available protocol in the Internet since 1985 Over 150 Internet primary servers are in Australia, Canada, Chile, France, Germany, Israel, Italy, Holland, Japan, Norway, Sweden, Switzerland, UK, and US. Agencies and organizations: US Weather Service, US Treasury Service, IRS, PBS, Merrill Lynch, Citicorp, GTE, Sun, HP, etc.
On the hazards of serving time With potential client populations in the millions, there is a very real vulnerability to grossly overload the public primary server population. The public NTP client software exchanges packets with the server on a continuous basis in order to discipline the computer clock time and frequency. This software has been carefully designed to be a good network citizen and ordinarily does not exceed a rate of one packet every fifteen minutes. Defective NTP client implementations have appeared that exhibit gross violations of the Internet social contract. An example is the U Wisconsin incident reported in the next slide. The sheer weight of numbers threatens to overwhelm at least some of the current NIST and USNO servers. Other incidents reveal really bad network engineering and counterproductive parameter selection, especially poll interval.
The U Wisconsin incident (2003) U Wisconsin operates a number of time servers for campus access. A home router came on the market that had the address of one of these servers hard-coded in firmware and could not be changed, could send packets continuously at one-second intervals under certain conditions when service was interrupted. This would not be a problem if only a small numbers of these routers were sold. However, eventually 750,000 routers were sold and most could not be recalled, updated or even reliably found. The resulting traffic overwhelmed the server, university network and service provider. There has been no wholly satisfactory solution to this problem other than to insure continuous service and to educate the manufacturer about socially responsible product design.
19-Aug-157 The Network Protocol (NTP) Network Time Protocol (NTP) synchronises clocks of hosts and routers in the Internet. NTP provides accurate time synchronisation nominal accuracies of low tens of milliseconds on WANs, submilliseconds on LANs, and submicroseconds using a precision time source such as a cesium oscillator or GPS receiver. NTP software has been ported widely and built into the operating systems for Linux/Unix. Every Windows/XP has an NTP client. NTP has been on the NASA Shuttle. The NTP architecture, protocol and algorithms have been evolved over the last two decades to the latest NTP Version 4 software distributions.
Goals of NTP Provide the best accuracy under prevailing network and server conditions. Resist many and varied kinds of failures, including fail-stop, malicious attacks and implementation bugs. Maximise utilisation of Internet diversity and redundancy. Automatically organise subnet topology for best accuracy and reliability. Self contained cryptographic authentication based on both symmetric key and public key infrastructures and independent of external services.
Outside of NTP scope Local time – this is provided by the operating system. Access control - this is provided by firewalls and address filtering. Privacy - all protocol values, including time values, are public unless explicitly configured for encryption. Non-repudiation - this can be provided by a layered protocol if necessary. Conversion of NTP timestamps to and from other time representations and formats.
19-Aug-1510 NTP hierarchy Primary (stratum 1) servers synchronise to national time standards via radio, satellite and modem. Secondary (stratum 2,...) servers and clients synchronise to primary servers via hierarchical subnet. A publicly available set of secondary servers is maintained by pool.ntp.org DNS is used to assign randomly to NTP clients Clients and servers operate in master/slave, symmetric and multicast modes with or without cryptographic authentication. Reliability assured by redundant servers and multiple network paths. Engineered algorithms reduce jitter, mitigate multiple sources and avoid improperly operating servers.
19-Aug-1511 NTP Version 4 NTP Version 4 architecture, protocol and algorithms have been evolved to achieve this degree of accuracy. Improved clock models which accurately predict the time and frequency adjustment for each synchronization source and network path. Engineered algorithms reduce the impact of network jitter and oscillator wander while speeding up initial convergence. Redesigned clock discipline algorithm operates in frequency-lock, phase-lock and hybrid modes. The improvements, confirmed by simulation, improve accuracy by about a factor of ten, while allowing operation at much longer poll intervals without significant reduction in accuracy.
NTP Service Description System-V Managed Service Core packages: ntp Daemons: ntpd Config.: Server: /etc/ntpd.conf Other configuration files: /var/lib/ntp/*
Ntp utility programs ntpdate: Set the system date and time via ntp ntptime: Display the time variables maintained by the Linux kernel ntptrace: Trace the chain of ntp servers back to the primary source
Configuring NTP restrict default nomodify noquery restrict mask nomodify restrict # the time servers server pool.ntp.org # general configuration server # local clock fudge stratum 10 driftfile /var/lib/ntp/drift broadcastdelay 0.008
Configuring NTP restrict default nomodify noquery restrict [IP list] [options] Default defines the policy for all addresses not mentioned on any other restrict line Without options allows all access nomodify, noquery: No modifying or querying of the NTP service on the server
Configuring NTP restrict mask nomodify restrict The first line specifies that any IP in that network cannot modify but can query etc. The second line specifies that local access is unrestricted
Configuring NTP # the time servers server pool.ntp.org # general configuration server Peer Server #local clock Server [server name] [options] List of NTP servers to be used as reference Two mentions of pool.ntp.org means that the pool servers will be tried twice (i.e. two different IPs will be polled) In this example, first checks the pool.ntp.org clocks and then uses the local server ( ) Also peer can be used to specify peer time server with which time is also synchronised
Configuring NTP fudge stratum 10 driftfile /var/lib/ntp/drift broadcastdelay Fudge defines the priority of this server– Stratum 10 is lower priority and therefore will only be used as a last resort driftfile contains the system clock error Stores the oscillation frequency of the local clock and it is calculated automatically by ntpd NTP uses this to adjust the system time. Broadcastdelay is an estimate of the server to client packet latency On a Lan, typically and seconds
NTP configuration: setting the poll interval server pool.ntp.org minpoll 10 maxpoll 17 These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1,024 s), but can be increased by the maxpoll option to an upper limit of 17 (36.4 h). The minimum poll interval defaults to 6 (64 s), but can be decreased by the minpoll option to a lower limit of 4 (16s).
Configuring NTP with broadcast Broadcast autokeys The time server is configured to use listen for broadcast timestamps from a ntp server on Autokeys means that the timestamp will be encrypted If no IP was specified, it would take any timestamp that is broadcast (not a good idea)
Configuring NTP with security Crypto pw serverpassword keysdir /etc/ntp NTP v4 can support public key encryption. Any connection defined by in a broadcast, server or peer line can specify autokeys to enable encryption (e.g. server autokeys) The specified file stores the keys used by clients. Generate keys using ntp-keygen command Ntp-keygen –T –I –p serverpassword
19-Aug-1522 Further information NTP home page Current NTP software and documentation FAQ and links to other sources and interesting places NTP Public Services Project: Lists of available servers David L. Mills home page Papers, reports and memoranda in PostScript and PDF formats Briefings in HTML, PostScript, PowerPoint and PDF formats Collaboration resources hardware, software and documentation Songs, photo galleries and after-dinner speech scripts