Presentation is loading. Please wait.

Presentation is loading. Please wait.

Infrastructure II NTP.

Published byPhillip Fowler Modified over 6 years ago

Similar presentations

Presentation on theme: "Infrastructure II NTP."— Presentation transcript:

1 Infrastructure II NTP

2 NTP

3 "Does Anybody Really Know What Time It Is?"*
Time keeping is one of most fundamental aspects of computer infrastructure Many protocols rely on accurate clocks Correlating information from multiple systems impossible with out a shared clock *Does Anybody Realy Care (CTA aka Chicago, 1969)

4 Time Sources

5 Side note: Difference between precision and accuracy
Closeness to the actual value E.g. the clock is 1 hour off Precision How much it does not vary E.g. the clock varies approximately a microsecond in a year So which is better? A clock might not vary by more than a picosecond, but be off by one hour A clock might be “correct”, but vary by a millisecond second to second

6 Network Time Protocol (NTP)
Port 123/udp Can maintain time to fractions of a second Can use external time source e.g. Atomic clock or GPS clock Most computers and devices act as a client

7 Network Time Protocol (NTP)
All servers belong to a ‘Stratum’ Denotes how far from the time source they are referencing Prevents Loops Can only sync with servers in same stratum or higher Stratum 0: time source Stratum 1: server directly attached to time source Stratum 2: connected to Stratum 1 server(s) Etc… Versions available for: UNIX family Windows family SNTP for 2000 and XP Full NTP for Server 2003 and Vista

8 Security concerns Only a few security problems have been identified in the reference implementation of the NTP codebase in its 25+ year history The protocol has been undergoing revision and review over its entire history As of January 2011, there are no security revisions in the NTP specification and no reports at CERT The current codebase for the reference implementation has been undergoing security audits from several sources for several years now There are no known high-risk vulnerabilities in the current released software

9 NTP: Security Considerations
Default configuration is usually client-only Supports authentication if working in a paranoid environment

10 NTP Stratum

11 Clock strata NTP uses a hierarchical, semi-layered system of levels of clock sources Each level of this hierarchy is termed a stratum Assigned a layer number starting with 0 (zero) at the top The stratum level defines its distance from the reference clock and exists to prevent cyclical dependencies in the hierarchy Note 1: the stratum level is not a guarantee of quality or reliability It is common to find stratum 3 time sources that are higher quality than other stratum 2 time sources Note 2: This definition of stratum is also different from the notion of clock strata used in telecommunication systems

12 Clock strata Stratum 0 Stratum 1 Devices such as
Atomic clocks (cesium, rubidium) GPS clocks Radio clocks (e.g. WWV) Stratum-0 devices are traditionally not attached to the network Instead they are locally connected to computers e.g., via an RS-232 connection using a pulse per second signal Corrects for the time-delay across the wire Stratum 1 These are computers attached to Stratum 0 devices. Normally they act as servers for timing requests from Stratum 2 servers via NTP These computers are also referred to as time servers They are typically attached to the network

13 Clock strata Stratum 2 Stratum 3
Computers that send NTP requests to Stratum 1 servers Normally a Stratum 2 computer will reference a number of Stratum 1 servers and use the NTP algorithm to gather the best data sample Dropping any Stratum 1 servers that seem obviously wrong Stratum 2 computers will peer with other Stratum 2 computers to provide more stable and robust time for all devices in the peer group Stratum 2 computers normally act as servers for Stratum 3 NTP requests Stratum 3 These computers employ exactly the same algorithms for peering and data sampling as Stratum 2 Can themselves act as servers for stratum 4 computers, and so on…

14 Clock strata NTP supports up to 256 strata
Only the first 16 are employed Any device at Stratum 16 is considered to be unsynchronized Some systems may reject a time update from a "too highly numbered" stratum Note: Depends on what version of NTP protocol in use

15 SNTP - Simple Network Time Protocol
A less complex implementation of NTP Uses the same protocol Does not require the storage of state over extended periods of time Used in some embedded devices and in applications where high accuracy timing is not required See RFC 1361, RFC 1769, RFC 2030, RFC 4330 and RFC 5905

16 NTP timestamps 64-bit timestamps used by NTP consist of Gives NTP:
32-bit part for seconds 32-bit part for fractional second Gives NTP: Time scale that rolls over every 232 seconds ~136 years Theoretical resolution of 2−32 seconds ~233 picoseconds 1 psec is 1 trillionth of a second NTP uses an epoch of January 1, 1900 First rollover occurs in 2036 Before the UNIX year 2038 problem

17 NTP timestamps Implementations should disambiguate NTP time using a knowledge of the approximate time from other sources NTP only works with the differences between timestamps and never their absolute values Wraparound is invisible as long as the timestamps are within 68 years of each other This means that the rollover will be invisible for most running systems, since they will have the correct time to within a very small tolerance However, systems that are starting up need to know the date within no more than 68 years Given the large allowed error, it is not expected that this is too onerous a requirement One suggested method is to set the clock to no earlier than the system build date Many systems use a battery powered hardware clock to avoid this problem

18 NTP timestamps Even so, future versions of NTP may extend the time representation to 128 bits: 64 bits for the second 64 bits for the fractional-second The current NTP4 format has support for Era Number and Era Offset, that when used properly should aid fixing date rollover issues According to Mills (quote): The 64 bit value for the fraction is enough to resolve the amount of time it takes a photon to pass an electron at the speed of light. The 64 bit second value is enough to provide unambiguous time representation until the universe goes dim.

19 Clock synchronization algorithm
To synchronize its clock with a remote server NTP clients must compute the round-trip delay time and the offset Round-trip delay d = (t3-t0) – (t2-t1) Offset o = ((t1-t0) + (t2-t3)) /2 Where: t0 when the request packet was sent t1 when the request packet was received t2 when the response packet was sent t3 when the response packet was received (t3-t0) time on the client side between the sending of the request packet and the receiving of the response packet (t2-t1) time the server waited before sending the answer

20 Clock synchronization algorithm
NTP synchronization is correct when: both the incoming and outgoing routes between the client and the server have symmetrical nominal delay If the routes do not have a common nominal delay Synchronization has a systematic bias of half the difference between the forward and backward travel times

21 Stratum 0 clocks are usually directly connected to the network
True False 1 30 sec countdown

22 Why do NTP and Syslog need to work together:
Both share the same base protocol All systems need a common time base for log timestamps TCP requires synchronized packet transfers It keeps the NSA synchronized 9 30 sec countdown

Download ppt "Infrastructure II NTP."

Similar presentations

Time in Distributed Systems

Time in Distributed Systems
Copyright © 2014 EMC Corporation. All Rights Reserved. Basic Network Configuration for File Upon completion of this module, you should be able to: Configure.

Copyright © 2014 EMC Corporation. All Rights Reserved. Basic Network Configuration for File Upon completion of this module, you should be able to: Configure.
HIERARCHY REFERENCING TIME SYNCHRONIZATION PROTOCOL Prepared by : Sunny Kr. Lohani, Roll – 16 Sem – 7, Dept. of Comp. Sc. & Engg.

HIERARCHY REFERENCING TIME SYNCHRONIZATION PROTOCOL Prepared by : Sunny Kr. Lohani, Roll – 16 Sem – 7, Dept. of Comp. Sc. & Engg.
What is a network? A network consists of two or more computers that are linked in order to share resources (such as printers and CD-ROMs) , exchange.

What is a network? A network consists of two or more computers that are linked in order to share resources (such as printers and CD-ROMs) , exchange.
Network Time Protocol (NTP) August 9 th 2011, OSG Site Admin Workshop Jason Zurawski – Internet2 Research Liaison.

Network Time Protocol (NTP) August 9 th 2011, OSG Site Admin Workshop Jason Zurawski – Internet2 Research Liaison.
Distributed Systems Fall 2010 Time and synchronization.

Distributed Systems Fall 2010 Time and synchronization.
Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.

Internet Networking Spring 2006 Tutorial 12 Web Caching Protocols ICP, CARP.
Network Time Protocol - NTP Speaker: Cheng-lin Tsai.

Network Time Protocol - NTP Speaker: Cheng-lin Tsai.
Chapter 14 TCP/IP and Routing Part #1 Unix System Administration.

Chapter 14 TCP/IP and Routing Part #1 Unix System Administration.
Teaching material based on Distributed Systems: Concepts and Design, Edition 3, Addison-Wesley 2001. Copyright © George Coulouris, Jean Dollimore, Tim.

Teaching material based on Distributed Systems: Concepts and Design, Edition 3, Addison-Wesley Copyright © George Coulouris, Jean Dollimore, Tim.
Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn 2004-2005.

Oct 21, 2004CS573: Network Protocols and Standards1 IP: Addressing, ARP, Routing Network Protocols and Standards Autumn
What Is TCP/IP? The large collection of networking protocols and services called TCP/IP denotes far more than the combination of the two key protocols.

What Is TCP/IP? The large collection of networking protocols and services called TCP/IP denotes far more than the combination of the two key protocols.
FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.
1 Physical Clocks need for time in distributed systems physical clocks and their problems synchronizing physical clocks u coordinated universal time (UTC)

1 Physical Clocks need for time in distributed systems physical clocks and their problems synchronizing physical clocks u coordinated universal time (UTC)
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Enhanced NTP IETF – TicToc BOF Greg Dowd – Jeremy Bennington –

Enhanced NTP IETF – TicToc BOF Greg Dowd – Jeremy Bennington –
A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu.

A Security Analysis of the Network Time Protocol (NTP) Presentation by Tianen Liu.
ITIS 3110 IT Infrastructure II

ITIS 3110 IT Infrastructure II
1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.

1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.
NTP Network Time Protocol Nóirín Plunkett Network Time Protocol Nóirín Plunkett.

NTP Network Time Protocol Nóirín Plunkett Network Time Protocol Nóirín Plunkett.

Similar presentations

Ads by Google