Time Synchronisation

Network Time Protocol (NTP) is an Internet protocol used for the transfer of accurate time, providing time information so that a precise time can be obtained and maintained on a network

Most UNIX and Linux operating systems provide built-in time synchronisation functionality with its NTP (Network Time Protocol) daemon. If the NTP service is not available on your version of UNIX\Linux, NTP version 4 is open source and can easily be downloaded and configured, compiled and installed from www.ntp.org.

Network Time Protocol is the standard service for time dissemination across TCP/IP networks. It provides accuracies of 1-50 milliseconds, depending on the characteristics of the synchronization source and network paths.

The configuration file fro the NTP daemon is named NTP.conf and contains a list of reference clocks that it can synchronise too. The command ‘server’ specifies the reference clock, any characters after the ‘#’ symbol are comments, example:
server time-a.nist.gov # Public NTP server: NIST
driftfile /var/lib/ntp/ntp.drift

The drift file command identifies the location where the drift is recorded (sometimes referred to as a ‘frequency error). This value can be offset by NTP to ensure of increased accuracy. When configured, NTP can be controlled using the commands ‘ntpd start’ ‘ntpd stop’ ‘ ntpq –p’ (displays status)

NTP can also authenticate timing resources Note: It is strongly recommends that you configure a time server with a hardware source rather than from the internet where there is no authentication. Authentication codes are specified in the ‘NTP.keys’ file.

Specialist NTP servers are available that can receive transmissions from either GPS or national time reference broadcasts. They are relatively cheap and the signal is authenticated providing a secure time reference.

Authentication allows passwords to be specified by the NTP server and its clients. NTP passwords or keys are stored in the NTP.keys file in the following format: number M (The M stands for MD5 encryption), password:

1 M mypassword

3 M my2ndpassword

5 M my3rdpassword

Authentication for NTP has been developed to prevent malicious tampering with system synchronisation just as firewalls have been developed to protect networks from attack but as with any system of security it only works if it is utilised.

Until 1967 the second was defined using the motion of the Earth which rotates once on its axis every 24 hours, and there are 3,600 seconds in that hour and 86,400 in 24.

That would be fine if the earth was punctual but in fact it is not. The Earth’s rotation rate changes every day by thousands of nanoseconds, and this is due in a large part to wind and waves spinning around the Earth and causing drag.

Over the course of thousands of days, these changes in the rate of rotation can result in the Earth’s spin getting out of synch with the high-precision atomic clocks that we use to keep the UTC system (Coordinated Universal Time) ticking over. For this reason the Earth’s rotation is monitored and timed using the far off flashes from a type of collapsed star called a quasar that flash with an ultra precise rhythm many millions of light years away. By monitoring the Earth’s spin against these far away objects it can be worked out how much the rotation has slowed.

Once a second of slowing has been built up, The International Earth Rotation Service (IERS), recommends a Leap Second to be added, usually at the end of the year.

Other complications arise when it comes to synchronising the Earth to one timescale. In 1905, Albert Einstein’s theory of relativity showed that there is no such thing as absolute time. Every clock, everywhere in the universe, ticks at a different rate. For GPS, this is an enormous issue because it turns out that the clocks on the satellites drift by almost 40,000 nanoseconds per day relative to the clocks on the ground because they are high above the Earth’s surface (and therefore in a weaker gravitational field) and are moving fast relative to the ground.

And as light can travel Forty-thousand feet in that time, you can see the problem. Einstein’s equations first written down in 1905 and 1915 are used to correct for this time-shift, allowing GPS to work, planes to navigate safely and GPS NTP servers to receive the correct time.

Accurate time using Atomic Clocks is available across North America using the WWVB Atomic Clock time signal transmitted from Fort Collins, Colorado; it provides the ability to synchronize the time on computers and other electrical equipment.

The North American WWVB signal is operated by NIST – the National Institute of Standards and Technology. WWVB has high transmitter power (50,000 watts), a very efficient antenna and an extremely low frequency (60,000 Hz). For comparison, a typical AM radio station broadcasts at a frequency of 1,000,000 Hz. The combination of high power and low frequency gives the radio waves from WWVB a lot of bounce, and this single station can therefore cover the entire continental United States plus much of Canada and Central America.

The time codes are sent from WWVB using one of the simplest systems possible, and at a very low data rate of one bit per second. The 60,000 Hz signal is always transmitted, but every second it is significantly reduced in power for a period of 0.2, 0.5 or 0.8 seconds: 0.2 seconds of reduced power means a binary zero 0.5 seconds of reduced power is a binary one. 0.8 seconds of reduced power is a separator. The time code is sent in BCD (Binary Coded Decimal) and indicates minutes, hours, day of the year and year, along with information about daylight savings time and leap years.

The time is transmitted using 53 bits and 7 separators, and therefore takes 60 seconds to transmit. A clock or watch can contain an extremely small and relatively simple antenna and receiver to decode the information in the signal and set the clock’s time accurately. All that you have to do is set the time zone, and the atomic clock will display the correct time.

Dedicated NTP time servers that are tuned to receive the WWVB time signal are available. These devices connect o a computer network like any other server only these receive the timing signal and distribute it to other machines on the network using NTP (Network Time Protocol).

In an age of atomic clocks and the NTP server time keeping is now more accurate then ever with ever increasing precision having allowed many of the technologies and systems we now take for granted.

Whilst timekeeping has always been a preoccupation of mankind, it has only been in the last few decades that true accuracy has been possible thanks to the advent of the atomic clock.

Before atomic time, electrical oscillators like those found in the average digital watch were the most accurate measure of time and whilst electronic clocks like these are far more precise than their predecessors – the mechanical clocks, they can still drift by up to a second a week.

But why does time need to be so precise, after all, how important can a second be? In the day-to-day running of our lives a second isn’t that important and electronic clocks (and even mechanical ones) provide adequate timekeeping for our needs.

In our day-to-day lives a second makes little difference but in many modern applications a second can be an age.

Modern satellite navigation is one example. These devices can pinpoint a location anywhere on earth to within a few metres. Yet they can only do this because of the ultra-precise nature of the atomic clocks that control the system as the time signal sent from the navigation satellites travels at the speed of light which is nearly 300,000 km a second.

As light can travel such a vast distance in a second any atomic clock governing a satellite navigation system that was just one second out it would the positioning would be inaccurate by thousands of miles, rendering the positioning system useless.

There are many other technologies that require similar accuracy and also many of the ways we trade and communicate. Stocks and shares fluctuate up and down every second and global trade requires that everybody all over the world has to communicate using the same time.

Most computer networks are controlled by using a NTP server (Network Time Protocol). These devices allow computer networks to all use the same atomic clock based timescale UTC (coordinated universal time). By utilising UTC via a NTP server, computer networks can be synchronised to within a few milliseconds of each other.

Synchronising a network is often considered a headache by network administrators who fear that getting it wrong can lead to disastrous results and while there is no deny that a lack of synchronisation can cause unforeseen problems particularly with time sensitive transactions and security, perfect synchronisation is simple if these steps are followed:

1. Use a dedicated NTP server. The NTP server is a device that receives a single time source then distributes it amongst a network of computers using the protocol NTP (Network Time Protocol) one of the oldest Internet based protocols and by far the most widely used time synchronisation software. NTP is often packaged with modern operating systems such as Windows or Linux although there is no substitute for a dedicated NTP device.

2. Always use a UTC time source (Coordinated Universal Time). UTC is based on GMT (Greenwich Meantime) and International Atomic Time (TAI) and is highly accurate. UTC is used by computer networks all over the world ensuring that commerce and trade are all using the same timescale.

3. Use a secure an accurate time signal. Whilst time signals are available all over the Internet they are unpredictable in their accuracy and while some may offer decent enough precision an Internet time server is outside a networks firewall which if left open to receive a timecode will cause vulnerabilities in the security of the network. Either GPS (global positioning system) or a dedicated radio signal such as those transmitted by national physics laboratories (such as MSF – UK, WWVB – USA, DCF –Germany) offer secure and reliable methods of receiving a secure and accurate time signal.

4. Organise a network into stratum, levels. Strata ensure that the NTP server is not inundated with time requests and that the network bandwidth doesn’t become congested. A stratum tree is organised by a few select machines being stratum 2 devices in that they receive a time signal from the NTP server (stratum 1 device) these in turn distribute the time to other devices (stratum 3) and so on.

5. Ensure all machines are utilising UTC and the NTP server tree. A common error in time synchronisation is to not ensure all machines are properly synchronised, just one machine running inaccurate time can have unforeseen consequences.

The internet has been a marvellous resource for business over the last decade. High speed access and the proliferation of computers in homes and offices alike have turned the World Wide Web into the main business arena for many companies.

With more and more transactions being conducted from opposite ends of the world across the internet, the need for an accurate and precise clock to keep computer networks synchronised has never been greater.

Most of the world’s computer networks, synchronise to a source of UTC (Coordinated Universal Time) which is the worldwide standard and is controlled by atomic clocks. A worldwide standard for synchronising the clocks has been developed also. NTP (Network Time Protocol) is a software algorithm that distributes UTC amongst a network’s clocks and adjusts the time accordingly.

Many computer network administrators turn to the internet as a source of NTP server time as there are a multitude of sources of UTC time. However, many internet sources of NTP time cannot be relied upon to provide accurate time. Surveys have discovered more than half of all internet time servers were inaccurate by over a second and even those that are not, they could be too far away to provide any useful precision.

More importantly, however, is that internet based NTP servers are external to a network’s firewall so any regular communication with a NTP server will require the firewall port to be left open allowing easy access for malicious users to take advantage of.

The only solution for getting a source of NTP server time, whilst keeping a network secure, is to use an external stratum 1 NTP time server. These devices communicate directly with an atomic clock either via the GPS satellite network or long wave radio signals. Because these devices operate from with the firewall the entire network is kept secure whilst the NTP server distributes an accurate, precise and source of UTC time.

A public NTP Server is a time server on the Internet that, as the name suggests, members of the public can use as a timing source. The best location on the Internet to find a list of public NTP servers is the home of NTP – www.ntp.org

There are two lists of public NTP servers on ntp.org, one for primary servers and one for secondary servers. Primary servers have up to several hundred clients each. However, many primary servers are ‘closed access’ meaning that only agreed clients can access them. This is because if there is too much traffic attempting to receive a timing source from a primary source then it will clog the network making the server useless.

Primary servers are known as a stratum 1 server in that they get their timing source direct from an atomic clock often using the GPS or national time and frequency transmissions. Secondary NTP servers tend to be stratum 2 time servers, that is a time server that receives its timing source from a stratum 1 server.

Most users that require a public NTP server will find that most primary servers are closed access and that they will have to use a secondary NTP server. When using a public NTP server it is important that access policies are adhered to as many institutions require on these servers for timing information.

NTP (Network Time Protocol) is the most prevalent time synchronisation software available. On of the reasons NTP is so successful is the way it organises its clients into a hierarchy.

The hierarchy of NTP is divided into stratum with each strata representing the distance from the original reference clock.  For instance an atomic clock that generates a UTC (coordinated universal time) signal is referred to as a stratum 0 device.

A NTP server that receives a stratum  1 time signal is referred to as a stratum 1 device and a device that receives a time source from a NTP server is a stratum 2 device. NTP can support up to 16 strata although the further away from the reference clock you get (stratum 0) the less accurate the device will be.

However, by arranging the network into stratum and allowing stratum 2 devices to pass on the time to a stratum 3 device (and so on) it reduced the demand on the NTP server and the network. By using a stratum based network, realistically thousands of machines can be synchronised to just one NTP server.

The NTP server is now an essential part of the modern computer network. Without a dedicated NTP server administrators are forced to rely on unsecure and inaccurate Internet sources to synchronise their network clocks too.

The potential risks involved in this, namely leaving a hole open in the network firewall and the lack of the NTP security measure: authentication, means that networks that use an Internet based timing source are risking their system to attacks from malicious user and hackers.

It should also be noted that a survey of Internet based timing sources found less than a third were accurate to UTC time and those that were could still be too far away from client to make any useful synchronisation.

There are two types of dedicated NTP server, the GPS NTP server and the radio referenced NTP server. The difference between the two is based solely on the method they receive their UTC time source from. A GPS NTP server will use the signals broadcast from the GPS satellites above the Earth’s atmosphere. These signals are very reliable and can be picked up anywhere in the Worlds as long as the GPS antenna has a clear view of the sky.

The alternative is to use a dedicated NTP server that can receive a signal from the national time and frequency transmissions broadcast by several national physics laboratories. While not available in every country and quite vulnerable to interference these long-wave time signals are still an accurate and secure method of receiving UTC time. They are also ideally suited for network administrators who, for reasons of logistics can’t place a GPS antenna on the roof.

A NTP server is really just a time server that utilises Network Time Protocol (NTP). Whilst other time protocols do exist, NTP is by far the most commonly used and is utilised in over ninety percent of time servers.

NTP server and time server are therefore interchangeable terms but describe the same thing: a device used to receive and distribute a timing signal.

The timing signal utilised by most NTP servers is a UTC time source. UTC (Coordinated Universal Time) is a global time scale based on the time told by atomic clocks. By utilising UTC a NTP server can in affect, synchronise a network to the same time as millions of other computer networks from around the world. This has made possible many online global transactions that just simply wouldn’t be possible without UTC.

The timing signal is received by the NTP server (or time server) via a number of ways; the Internet, national time and frequency transmission (long wave) or the GPS (global positioning system) network. Once received the time server (NTP server) checks the authenticity of this signal (except from Internet sources where authentication is not possible), evaluates its accuracy then distributes it amongst the network.

To prevent a possible overload of time requests to the time server, machines that receive a time signal from the NTP server, can themselves be used as a time reference and the machines that receive a time signal from those can again be used as a reference. This hierarchy is called stratum levels. A NTP server is a stratum 1 device, a machine that receives a signal directly from the time server is a stratum 2 device and if a machine receives a signal from that it becomes stratum 3.