Transcript Lecture 7

NTP
Network time protocol
Needs for precision time






Stock market buy and sell orders
Aviation traffic control and position reporting
Network monitoring, measurement and control
Radio and TV programming launch and monitoring
Multimedia synchronization for real-time
teleconferencing
Distributed network gaming and training
12-Apr-16
2
Needs for precision time




Distributed database transaction journalling and logging
Secure document timestamps (with cryptographic
certification)
Differentiated services traffic engineering
Interactive simulation event synchronization and ordering
12-Apr-16
3
Introduction

NTP is a protocol for synchronising the clocks of
computer systems over packet-switched, variablelatency data networks.


NTP uses UDP as its transport layer – using port 123.
NTP has been running continuously operating,
ubiquitously available protocol in the Internet since 1985


12-Apr-16
Over 150 Internet primary servers are in Australia, Canada,
Chile, France, Germany, Israel, Italy, Holland, Japan, Norway,
Sweden, Switzerland, UK, and US.
Agencies and organizations: US Weather Service, US Treasury
Service, IRS, PBS, Merrill Lynch, Citicorp, GTE, Sun, HP, etc.
4
On the hazards of serving time


With potential client populations in the millions, there is a very real
vulnerability to grossly overload the public primary server population.
The public NTP client software exchanges packets with the server on a
continuous basis in order to discipline the computer clock time and
frequency.


Defective NTP client implementations have appeared that exhibit gross
violations of the Internet social contract.


This software has been carefully designed to be a good network citizen and
ordinarily does not exceed a rate of one packet every fifteen minutes.
An example is the U Wisconsin incident reported in the next slide.
The sheer weight of numbers threatens to overwhelm at least some of the
current NIST and USNO servers.

Other incidents reveal really bad network engineering and counterproductive
parameter selection, especially poll interval.
The U Wisconsin incident (2003)


U Wisconsin operates a number of time servers for campus access.
A home router came on the market that



This would not be a problem if only a small numbers of these routers
were sold.



had the address of one of these servers hard-coded in firmware and
could not be changed,
could send packets continuously at one-second intervals under certain
conditions when service was interrupted.
However, eventually 750,000 routers were sold and most could not be
recalled, updated or even reliably found.
The resulting traffic overwhelmed the server, university network and
service provider.
There has been no wholly satisfactory solution to this problem other
than to insure continuous service and to educate the manufacturer
about socially responsible product design.
The Network Protocol (NTP)


Network Time Protocol (NTP) synchronises clocks of hosts and
routers in the Internet.
NTP provides accurate time synchronisation




NTP software has been ported widely and built into the operating
systems for Linux/Unix.



nominal accuracies of low tens of milliseconds on WANs,
submilliseconds on LANs, and
submicroseconds using a precision time source such as a cesium
oscillator or GPS receiver.
Every Windows/XP has an NTP client.
NTP has been on the NASA Shuttle.
The NTP architecture, protocol and algorithms have been
evolved over the last two decades to the latest NTP Version 4
software distributions.
12-Apr-16
7
Goals of NTP





Provide the best accuracy under prevailing network and
server conditions.
Resist many and varied kinds of failures, including fail-stop,
malicious attacks and implementation bugs.
Maximise utilisation of Internet diversity and redundancy.
Automatically organise subnet topology for best accuracy
and reliability.
Self contained cryptographic authentication based on both
symmetric key and public key infrastructures and
independent of external services.
Outside of NTP scope





Local time – this is provided by the operating
system.
Access control - this is provided by firewalls and
address filtering.
Privacy - all protocol values, including time values,
are public unless explicitly configured for
encryption.
Non-repudiation - this can be provided by a
layered protocol if necessary.
Conversion of NTP timestamps to and from other
time representations and formats.
NTP hierarchy



Primary (stratum 1) servers synchronise to national time standards
via radio, satellite and modem.
Secondary (stratum 2, ...) servers and clients synchronise to primary
servers via hierarchical subnet.
A publicly available set of secondary servers is maintained by
pool.ntp.org




DNS is used to assign randomly to NTP clients
Clients and servers operate in master/slave, symmetric and
multicast modes with or without cryptographic authentication.
Reliability assured by redundant servers and multiple network paths.
Engineered algorithms reduce jitter, mitigate multiple sources and
avoid improperly operating servers.
12-Apr-16
10
NTP Version 4

NTP Version 4 architecture, protocol and algorithms have been
evolved to achieve this degree of accuracy.




Improved clock models which accurately predict the time and frequency
adjustment for each synchronization source and network path.
Engineered algorithms reduce the impact of network jitter and oscillator
wander while speeding up initial convergence.
Redesigned clock discipline algorithm operates in frequency-lock,
phase-lock and hybrid modes.
The improvements, confirmed by simulation, improve accuracy by
about a factor of ten, while allowing operation at much longer poll
intervals without significant reduction in accuracy.
12-Apr-16
11
NTP Service Description




System-V Managed Service
Core packages: ntp
Daemons: ntpd
Config.:


Server: /etc/ntpd.conf
Other configuration files: /var/lib/ntp/*
Ntp utility programs



ntpdate: Set the system date and time via ntp
ntptime: Display the time variables maintained
by the Linux kernel
ntptrace: Trace the chain of ntp servers back to
the primary source
Configuring NTP
restrict default nomodify noquery
restrict 192.168.0.0 mask 255.255.255.0 nomodify
restrict 127.0.0.1
# the time servers
server pool.ntp.org
server pool.ntp.org
# general configuration
server 127.127.1.0
# local clock
fudge 127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
Configuring NTP
restrict default nomodify noquery


restrict [IP list] [options]
Default defines the policy for all addresses not
mentioned on any other restrict line


Without options allows all access
nomodify, noquery:

No modifying or querying of the NTP service on the server
Configuring NTP
restrict 192.168.0.0 mask
255.255.255.0 nomodify
restrict 127.0.0.1


The first line specifies that any IP in that network cannot
modify but can query etc.
The second line specifies that local access is
unrestricted
Configuring NTP
# the time servers
server pool.ntp.org
server pool.ntp.org
# general configuration
server 192.168.0.145
Peer 192.168.0.200
Server 192.168.0.10


#local clock
Server [server name] [options]
List of NTP servers to be used as reference

Two mentions of pool.ntp.org means that the pool servers will be tried twice (i.e. two different
IPs will be polled)

In this example, first checks the pool.ntp.org clocks and then uses the local server
(192.168.0.145)

Also peer can be used to specify peer time server with which time is also
synchronised
Configuring NTP
fudge 127.127.0.1 stratum 10
driftfile /var/lib/ntp/drift
broadcastdelay 0.008
 Fudge defines the priority of this server–


driftfile contains the system clock error



Stratum 10 is lower priority and therefore will only be used as a
last resort
Stores the oscillation frequency of the local clock and it is
calculated automatically by ntpd
NTP uses this to adjust the system time.
Broadcastdelay is an estimate of the server to client
packet latency

On a Lan, typically 0.003 and 0.008 seconds
NTP configuration: setting the
poll interval
server pool.ntp.org minpoll 10 maxpoll 17



These options specify the minimum and maximum poll
intervals for NTP messages, in seconds as a power of
two.
The maximum poll interval defaults to 10 (1,024 s), but
can be increased by the maxpoll option to an upper limit
of 17 (36.4 h).
The minimum poll interval defaults to 6 (64 s), but can be
decreased by the minpoll option to a lower limit of 4
(16s).
Configuring NTP with
broadcast
Broadcast 224.0.1.1 autokeys

The time server is configured to use listen for
broadcast timestamps from a ntp server on
224.0.1.1


Autokeys means that the timestamp will be encrypted
If no IP was specified, it would take any timestamp
that is broadcast (not a good idea)
Configuring NTP with security
Crypto pw serverpassword
keysdir /etc/ntp

NTP v4 can support public key encryption.



Any connection defined by in a broadcast, server or peer line
can specify autokeys to enable encryption (e.g. server
192.168.0.200 autokeys)
The specified file stores the keys used by clients.
Generate keys using ntp-keygen command
Ntp-keygen –T –I –p serverpassword
Further information

NTP home page http://www.ntp.org



NTP Public Services Project: http:/ntp.isc.org


Current NTP software and documentation
FAQ and links to other sources and interesting places
Lists of available servers
David L. Mills home page
http://www.eecis.udel.edu/~mills




12-Apr-16
Papers, reports and memoranda in PostScript and PDF formats
Briefings in HTML, PostScript, PowerPoint and PDF formats
Collaboration resources hardware, software and documentation
Songs, photo galleries and after-dinner speech scripts
22