Network Time Protocol Objectives Contents to learn how to setup ntp The NTP Server What is NTP? Download and Install The NTP Package The /etc/ntp.conf File How To Get NTP Started Determining If NTP Is Synchronized Properly
What is NTP? Network Time Protocol Stratum levels Used to keep clock’s syncronized within your nodes Important for logservers and logfiles Transaction servers Various applications, position system,mobilephones like GSM,transaction systems Time critical operations that needed to be syncronized Stratum levels Level 1 most accurate, directly connected to reference clock Level 2 next accurate,connected to more than one Level 1 Lower levels is connected to only one Level 1 or to Level 2 DCF77 receiver’s, LW radio carriers as reference Available at very low price from various places GSM time reference Uses GPS satellites as timebase, all GPS satellites have atomic clocks Atomic clock Usally based on rugby or cesium Atomic Clock, based on atomic oscillations Proposed 1943, first built 1949, practical 1955 Important atomic clock servers that supports NTP http://ntp.isc.org/bin/view/Servers/WebHome http://www.ntp.org/ http://ntp.isc.org/bin/view/Servers/StratumOneTimeServers Network Time Protocol (NTP) is a protocol used to help synchronize your system clock with an accurate time source. There are a number of "Stratum 1" (NTP sites using an atomic clock for timing) and "Stratum 2" (NTP sites with slightly less accurate time sources) sites that allow the general public to synchronize with them. It is good practice to have at least one server on your network be the local time server for all your other devices, this makes the correlation of system events on different systems much easier. Rubidium The Rubidium atomic clock, the simplest and most compact of all, use a glass cell of rubidium gas that changes its absorption of light at the optical rubidium frequency when the surrounding microwave frequency is just right. Cesium The most accurate commercial atomic clock available today uses the cesium atom and the normal magnetic fields and detectors. In addition, the cesium atoms are stopped from zipping back and forth by laser beams, reducing small changes in frequency due to the Doppler effect.
Download and Install The NTP tar-boll Check if NTP is there, remove if it is there, keep yast NTP comes from ISC Internet Systems Consortium http://ntp.isc.org/bin/view/Main/SoftwareDownloads Download and unzip the tar ball Configure the source package Make the source package and install # rpm -qa | grep -i ntp xntp-4.2.0a-35 yast2-ntp-client-2.11.3-3 # rpm –e xntp-4.2.0a-35 # cd /usr/local/src # wget http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/snapshots/ntp-dev/2006/01/ntp-dev-4.2.0b-20060115.tar.gz # tar xvfz ntp-dev-4.2.0b-20060115.tar.gz When setting up NTP it is often nessesary to install from sources, since the time reference you might have as hardware in form of DCF77, GPS-time, Atomic clock need some special configuration at step ”configure the source package” which is not available if you use the RPM. Example 1) You have GPS timepice: ./configure - -help | grep –i gps --enable-GPSVME - TrueTime GPS receiver/VME interface --enable-ARBITER + Arbiter 1088A/B GPS receiver --enable-AS2201 + Austron 2200A/2201A GPS receiver --enable-FG + Forum Graphic GPS . . . Example 2) You have DCF timepice: ./configure - -help | grep –i dcf --enable-NEOCLOCK4X + NeoClock4X DCF77 / TDF receiver --enable-DCF7000 s ELV/DCF7000 clock --enable-RAWDCF s DCF77 raw time code However if you do not have hardware time reference, you can saftely use the RPM or precompiles binaries. # cd ntp-dev-4.2.0b-20060115 ; ./configure # make && make test && make install
Download and Install The NTP rpm Package Check if NTP is there, if not then download it Install NTP after it is downloaded NTP is SuSE standard, however it is not preconfigured and started. First time insserv and rcxntpd will open iptables firewall as well, ntp used port 123 UDP # rpm -qa | grep -i ntp xntp-4.2.0a-35 yast2-ntp-client-2.11.3-3 # cd /usr/local/src # wget http://ftp.sunet.se/pub/os/Linux/distributions/suse/suse/i386/9.3/suse/i586/xntp* # rpm –ivh xntp-4.2.0a-35.i586.rpm Most SuSE, RedHat and Fedora Linux usally have ntp or xntp installed by default. SuSE makes by unknown reason a softlink from ntpd to xntpd. Xntpd was originally planned to replace ntpd as extended ntp but did not materialize to all plateforms. When searching for the file, remember that the NTP RPM's filename usually starts with the word "ntp" or xntp followed by a version number like this: SuSE 9.3 SuSE10.0 (*) xntp-4.2.0a-35.i586.rpm (*) xntp-4.2.0a-46.i586.rpm xntp-debuginfo-4.2.0a-35.i586.rpm xntp-debuginfo-4.2.0a-46.i586.rpm xntp-doc-4.2.0a-35.i586.rpm xntp-doc-4.2.0a-46.i586.rpm (*) = Needed for NTP Remember to download ntp –rpm file in a ”desent” catalog on your upcoming NTP enabled host, a good place could be: mkdir /usr/src/extras ; cd /usr/src/extras # insserv xntpd # rcxntpd start
The /etc/ntp.conf File First we specify the sample servers we're interested in: Servers are used in order, average time can be calculated Then we restrict the type of access you allow these servers Declare the networks this NTP server should serve This NTP server should serve itself unrestricted server ntp1.gbg.netnod.se # A stratum 1 server server gps.dix.dk # A stratum 2 server server clock.isc.org # unknown strata restrict ntp1.gbg.netnod.se mask 255.255.255.255 nomodify notrap noquery restrict gps.dix.dk mask 255.255.255.255 nomodify notrap noquery restrict clock.isc.org mask 255.255.255.255 nomodify notrap noquery This is the main configuration file for Linux NTP in which you place the IP addresses of the stratum 1 and stratum 2 servers you want to use. Here is a sample of a configuration using a pair of sample Internet based NTP servers. The mask statement 255.255.255.255 is really a subnet mask limiting access to the single IP address of the remote NTP servers. Serve time to some nets If this server is also going to provide time for other computers, such as PCs, other Linux servers and networking devices, then you'll have to define the networks from which this server will accept NTP synchronization requests. This is done with a modified restrict statement with the "nomodify" replaced with a "notrust" keyword. In this case the mask statement has been expanded to include all 255 possible IP addresses on our local network. NTP Server yourself as server We also want to make sure that localhost (The universal IP address used to refer to a Linux server itself) has full access without any restricting keywords Fetch time from somewhere on the net: http://ntp.isc.org/bin/view/Servers/WebSearch http://ntp.isc.org/bin/view/Servers/StratumOneTimeServers restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notrap restrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap restrict 127.0.0.1
How To Get NTP Started (not RPM) To get NTP configured to start at boot: To start/stop/restart NTP after booting: To see if ntp is running: If you like write your own start stop script and put in runlevel 3 and 5 Logging in /var/log/messages Logging in /var/log/ntpd.log Add in /etc/ntp.conf # echo ”/usr/local/bin/ntpd” >> /etc/init.d/boot.local # pkill -9 ntpd # pkill -HUP ntpd # /usr/local/bin/ntpd # pgrep ntpd You have to restart the NTP process every time you make a change to the configuration file for the changes to take effect on the running process. driftfile /var/lib/ntp/drift/ntp.drift logfile /var/log/ntp.log
Testing And Troubleshooting NTP Verifying NTP is Running you should get a response of plain old process ID numbers Doing An Initial Synchronization against one server First check current idea of time Then syncronize against NTP server Last check that time was adjusted If time it was to big difference in time you might want to set the time as exact you can manually and do the sync again # pgrep ntpd # date Thu Sep 7 00:00:00 PDT 2004 # ntpdate –u ntp.research.gov Looking for host ntp.research.gov and service ntp host found : ntp.research.gov 7 Sep 08:03:38 ntpdate[2472]: step time server ntp.research.gov offset 28993.084943 sec Sep 7 08:03:38 PDT 2004 NTP sync is sensitive to to large timedeltas, if more than two hours local time you will be refused sync. Bad motherboard or motherboard there BIOS batteries are worn down will have svere problems syncronizing with NTP, also time can drift to much in some system. Your NTP daemon will eventually terminate itself leaving an error message in the /var/log/messages file if the time on the local server is very different from that of its time server. You should run the "ntpdate -u" command to rapidly force it to synchronize. Doesn't run continuously in the background, and you will still have to run the ntpd daemon to get continuous NTP updates.
Determining If NTP Is Synchronized Properly With ntpq command see the servers you sync with Jitter should be less than 100 Try to use NTP server close to you with high strata level # ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== -jj.cs.umb.edu gandalf.sigmaso 3 u 95 1024 377 31.681 -18.549 1.572 milo.mcs.anl.go ntp0.mcs.anl.go 2 u 818 1024 125 41.993 -15.264 1.392 -mailer1.psc.edu ntp1.usno.navy. 2 u 972 1024 377 38.206 19.589 28.028 -dr-zaius.cs.wis ben.cs.wisc.edu 2 u 502 1024 357 55.098 3.979 0.333 +taylor.cs.wisc. ben.cs.wisc.edu 2 u 454 1024 347 54.127 3.379 0.047 -ntp0.cis.strath harris.cc.strat 3 u 507 1024 377 115.274 -5.025 1.642 *clock.via.net .GPS. 1 u 426 1024 377 107.424 -3.018 2.534 ntp1.conectiv.c 0.0.0.0 16 u - 1024 0 0.000 0.000 4000.00 Use the ntpq command to see the servers with which you are synchronized. It will provide you with a list of configured time servers and the delay, offset and jitter that your server is experiencing with them. For correct synchronization, the delay and offset values should be non-zero and the jitter value should be under 100.
Your Linux NTP clients cannot Synchronize Properly Your test show something like this This could be caused by the following Older versions of NTP must have IP addresses, not FDQN A firewall blocking access to your Stratum 1 and 2 NTP servers, port 123 UDP must be opened. NTPd is not running on server or is not syncronized yet # ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== LOCAL(0) LOCAL(0) 10 l - 64 7 0.000 0.000 0.008 ntp-cup.externa 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00 snvl-smtp1.trim 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00 nist1.aol-ca.tr 0.0.0.0 16 u - 64 0 0.000 0.000 4000.00 A telltale sign that you haven't got proper synchronization is when all the remote servers have jitters of 4000 with delay and reach values of zero NTP servers communicate with one another using UDP with a destination port of 123. Unlike most UDP protocols, the source port isn't a high port (ie. greater than 1023), but 123 also. You'll have to allow UDP traffic on source/destination port 123 between your server and the Stratum 1/2 server with which you are synchronizing.
Configuring Cisco router To Use An NTP Server Cisco IOS ntp server: Forms a server association with another system. ntp update-calendar: Configures the system to update its hardware clock from the software clock at periodic intervals. ciscorouter> enable password: ********* ciscorouter# config t ciscorouter(config)# ntp update-calendar ciscorouter(config)# ntp server 192.168.0.10 ciscorouter(config)# ntp server 192.168.1.201 ciscorouter(config)# exit ciscorouter# wr mem Here are the commands you would use to make your router synchronize with NTP servers with IP addresses 192.168.0.10 and 192.168.1.201.
Configuring Cisco switch To Use An NTP Server Cisco CATalyst OS ntp server: Forms a server association with another system. set ntp client enable: Activate the NTP client ciscoswitch> enable password: ********* ciscoswitch# set ntp client enable ciscoswitch# ntp server 192.168.0.10 ciscoswitch# ntp server 192.168.1.201 ciscoswitch# exit Here are the commands you would use to make your router synchronize with NTP servers with IP addresses 192.168.0.10 and 192.168.1.201.
Configuring A Windows NTP Client You can add your new NTP server to your Windows client. Here's how: Click on the time at the bottom right hand side of your screen. Click on the "Internet Time" tab of the dialog box Click the check box labeled "Automatically synchronize with an Internet time server" and enter the name or IP address in the box underneath it. Click on the "Update Now" button You will get a message saying "Your time has been successfully synchronized" when the operation is complete
Summary NTP server is adjust time and date on nodes Configuration sit in /etc/ntpd.conf Calibration files sit in /etc/ntpd/ Strata levels tells system accuracy Strata level 1 is most accurate Strata level 2 is next accurate Many applications rely on exact time NTPD is the name of client and server demon Show ntp status with ntpq –p Update time manually: ntpdate –u ntp.research.gov Most routers/Switches has NTP timesettings It is important that all the systems under your control have the same accurate time. It can help to give a very clear indication of a chain of events that involve multiple devices and it can also help in the synchronization of time sensitive-transactions. Having an NTP server on your local network can make this easier to do. Sometimes it isn't desirable for all your NTP clients to have access to the Internet to synchronize with stratum 1 and 2 servers, even when they all have access there is the risk of them losing synchronization if the central connection to the Internet is lost. The maintenance of firewall rules for multiple NTP connections to the Internet can also be daunting especially if the management of the firewall is handled by another group. A local NTP server can ensure that the clients all have the same time relative to the server even when Internet connectivity is temporarily lost thereby reducing the problems of them being out of synchronization with each other. The firewall rules can also be greatly simplified. A local NTP server is frequently a good thing to have for these reasons.