Introduction to Network Time Protocol (NTP)
Network Time Protocol (NTP) is a protocol which is designed to synchronize the clocks of computers over a network. Network Time Protocol (NTP) is capable of keeping the local system synchronized to an external time source, as well as providing NTP time server services to the network, depending upon its configuration.
The NTP daemon also supports synchronization with an external time source like a public time server. Public time servers allow the public to synchronize time with them.
Many useful resources are available at the official website for Network Time Protocol (NTP).
The Network Time Protocol (NTP) Strata
The Network Time Protocol (NTP) is hierarchical with the primary servers at the top keeping the master time, and distributing the time down to the secondary servers and so forth. Each server participating in the hierarchy are allocated a stratum, with Stratum-1 being the master servers, Stratum-2 the secondary servers, down to the lower end of Stratum-15.
In Network Time Protocol (NTP), stratum levels define the distance from the reference clock. A Stratum-0 device that is assumed to be most accurate and it has no delay. The reference clock typically synchronizes to the correct time (UTC) using GPS transmissions, CDMA technology or other time signals.
Stratum-0 servers cannot be used on the network, instead, they are directly connected to computers which then operate as stratum-1 servers. A server that is directly connected to a stratum-0 device is called a stratum-1 server. Stratum-1 time server is a Network Time Protocol (NTP) server with built-in stratum-0 devices.
The public time servers are divided into two types:
• Stratum 1: Network Time Protocol (NTP) server using an atomic clock for timing.
• Stratum 2: Network Time Protocol (NTP) server with slightly less accurate time sources than Stratum-1 time server and it uses a Stratum-1 Network Time Protocol (NTP) server as its source.
Network Time Protocol (NTP) Time Server Roles
An NTP time server can take different roles in its relationships with other time servers in the synchronization subnet. A time server can take one or more of the following roles:
• Server: Provides time to clients when requested. This role can be assumed by time servers at various strata.
• Peer: Obtains time from a specified server and provides time to that server, if requested. This role is most appropriate for stratum-1 and stratum-2 servers.
• Client: Obtains time from a specified server, but does not provide time to that server. This role is appropriate for time servers that obtain time from a server of a lower-numbered stratum (for example, a stratum-1 server). The local host can in turn provide synchronization to its clients or peers.
• Broadcaster: Provides time to the specified remote host, or more typically, the broadcast address on a LAN. This role is most appropriate for an NTP time server that provides time to workstation clients on a LAN.
• Broadcast Client: Listens for and synchronizes with the broadcast time. This role is most appropriate for time server clients on a LAN.
The Network Time Protocol (NTP) Software Package Components
The NTP software package consists of several programs, including the NTP daemon and a number of programs used to configure and query NTP servers.
The more commonly used programs from the package are listed here.
ntpd: ntpd binary is the main NTP software. It performs the following functions:
• Synchronizes the PC clock with remote NTP servers
• Allows synchronization from other NTP clients
• Adjusts (slews) the rate of the kernel's clock tick so that it tends to keep the correct time
The main configuration file of ntpd is /etc/ntp.conf.
A sample /etc/ntp.conf file is shown below
[root@RHEL03 ~]# cat /etc/ntp.conf
# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default kod nomodify notrap nopeer noquery
restrict -6 default kod nomodify notrap nopeer noquery
# Permit all access over the loopback interface. This could
# be tightened as well, but to do so would effect some of
# the administrative functions.
restrict 127.0.0.1
restrict -6 ::1
server 0.asia.pool.ntp.org
server 1.asia.pool.ntp.org
# Restrict the type of access you allow these servers. In this example the
# servers are not allowed to modify the run-time configuration or query
# your Linux NTP server
restrict 0.asia.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 1.asia.pool.ntp.org mask 255.255.255.255 nomodify notrap noquery
restrict 192.168.1.102 mask 255.255.255.0 nomodify notrap
# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org
#broadcast 192.168.1.255 key 42 # broadcast server
#broadcastclient # broadcast client
#broadcast 224.0.1.1 key 42 # multicast server
#multicastclient 224.0.1.1 # multicast client
#manycastserver 239.255.254.254 # manycast server
#manycastclient 239.255.254.254 key 42 # manycast client
# Undisciplined Local Clock. This is a fake driver intended for backup
# and when no outside source of synchronized time is available.
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
# Drift file. Put this in a directory which the daemon can write to.
# No symbolic links allowed, either, since the daemon updates the file
# by creating a temporary in the same directory and then rename()'ing
# it to the file.
driftfile /var/lib/ntp/drift
# Key file containing the keys and key identifiers used when operating
# with symmetric key cryptography.
keys /etc/ntp/keys
# Specify the key identifiers which are trusted.
#trustedkey 4 8 42
# Specify the key identifier to use with the ntpdc utility.
#requestkey 8
# Specify the key identifier to use with the ntpq utility.
#controlkey 8
Note:
nomodify: Deny ntpq and ntpdc queries which attempt to modify the state of the server (run time reconfiguration). Queries which return information are permitted.
noquery: Deny all ntpq/ntpdc queries. Time service is not affected.
notrap: Deny control message trap service. The trap service is a subsystem of the ntpdc control message protocol which is intended for use by remote event logging programs.
Important options of Network Time Protocol daemon (ntpd) are
-c file :This option tells ntpd to use file as its configuration file instead of the default /etc/ntpd.conf.
-g :This option will let ntpd start on a system with a clock that is off by more than the panic threshold (1,000 seconds by default).
-n :Normally ntpd runs as a daemon, in the background. This option disables that behavior.
-q :This option tells ntpd to exit after setting the time once.
-N :When this option is specified, ntpd attempts to run at the highest priority possible.
-P priority :When this option is specified, ntpd attempts to run with a nice value of priority.
ntpdate
ntpdate is used to set the time of the local system to match a remote NTP host.
Important options of ntpdate command are
-b :Using this option, the system time is set instead of being slowly adjusted, no matter how far off the local time is.
-d :This option enables debugging mode. ntpdate goes through the motions and prints debugging information, but does not actually set the local clock.
-p n : Use this option to specify the number of samples (where n is from 1 to 8) to get from each server. The default is 4.
-q : This option causes ntpdate to query the servers listed on the command line without actually setting the clock.
-s :This option causes all output from ntpdate to be logged via syslog instead of being printed to stdout.
-t n :This option sets the timeout for a response from any server to n seconds. n may be fractional. It will be rounded to the nearest 0.2 second. The default value is 1 second.
-u :Normally ntpdate uses a privileged port (123) as the source port for outgoing packets. Some firewalls block outgoing packets from privileged ports, so with this option, ntpdate uses an unprivileged port (1024 or higher).
-v :This option makes ntpdate more verbose.
-B :Using this option, the system time is slowly adjusted to the proper time even if the local time is off by more than 128 ms. Normally the time is forcibly set if it is off by more than 128 ms. If the time is off by very much, it can take a very long time to set it with this option.