Time Synchronisation

Network Time Protocol (NTP) is an Internet protocol used for the transfer of accurate time, providing time information so that a precise time can be obtained and maintained on a network

Most UNIX and Linux operating systems provide built-in time synchronisation functionality with its NTP (Network Time Protocol) daemon. If the NTP service is not available on your version of UNIX\Linux, NTP version 4 is open source and can easily be downloaded and configured, compiled and installed from www.ntp.org.

Network Time Protocol is the standard service for time dissemination across TCP/IP networks. It provides accuracies of 1-50 milliseconds, depending on the characteristics of the synchronization source and network paths.

The configuration file fro the NTP daemon is named NTP.conf and contains a list of reference clocks that it can synchronise too. The command ‘server’ specifies the reference clock, any characters after the ‘#’ symbol are comments, example:
server time-a.nist.gov # Public NTP server: NIST
driftfile /var/lib/ntp/ntp.drift

The drift file command identifies the location where the drift is recorded (sometimes referred to as a ‘frequency error). This value can be offset by NTP to ensure of increased accuracy. When configured, NTP can be controlled using the commands ‘ntpd start’ ‘ntpd stop’ ‘ ntpq –p’ (displays status)

NTP can also authenticate timing resources Note: It is strongly recommends that you configure a time server with a hardware source rather than from the internet where there is no authentication. Authentication codes are specified in the ‘NTP.keys’ file.

Specialist NTP servers are available that can receive transmissions from either GPS or national time reference broadcasts. They are relatively cheap and the signal is authenticated providing a secure time reference.

Authentication allows passwords to be specified by the NTP server and its clients. NTP passwords or keys are stored in the NTP.keys file in the following format: number M (The M stands for MD5 encryption), password:

1 M mypassword

3 M my2ndpassword

5 M my3rdpassword

Authentication for NTP has been developed to prevent malicious tampering with system synchronisation just as firewalls have been developed to protect networks from attack but as with any system of security it only works if it is utilised.

Having been designed on Linux, NTP (Network Time Protocol) is relatively simple to configure on a Linux machine. By using NTP (available free to download via NTP.org) any Linux machine can be easily set up to run as an NTP server.

Once downloaded the NTP distribution should contain the NTP daemon and also a number of utilities and configuration scripts. These aid the installation process and provide debugging facilities. The NTP daemon is configured using the file ‘ntp.conf’. A list of commands can be specified in the ‘ntp.conf’ file to indicate which servers to synchronise to and to specify various authentication and access options.

The NTP daemon synchronises to an external reference clock. The internet can be used as a time source but these can’t be authenticated and being the wrong side of the firewall could leave the system compromised. It’s much better to use an external source such as a GPS clock or radio clock that receive time from long wave transmissions (broadcast by such institutions as NIST or NPL).

Multiple external time servers can be specified in the configuration file, which allows NTP server to select the most appropriate time server and to use an average of the most reliable sources ensuing a higher level of accuracy.

The NTP daemon is controlled by a series of scripts such as ‘ntpd start’, ‘ntp stop’ or ‘ntpd restart’. Debugging and querying can be done by using the ‘ntpq’ utility. This utility provides information relating to the synchronisation status of the NTP daemon.

If you want to be sure that your computer clock is accurate you can configure your system to use NTP (Network Time Protocol), one of the oldest Internet protocols and the industry standard for time synchronisation.

NTP on will synchronise your computer’s clock to a pool of time servers around the world that are official ‘timekeepers’. It is best to choose the closest to you so response time is minimized and to use more than one in case one goes down. There are more than 1.500 servers to choose from, but some areas are better served than others. Many servers on the internet are extremely inaccurate and Internet time references should not be used as a replacement for a dedicated time server.

However, for basic time synchronisation purposes, Internet providers will suffice. The first step should be to select three servers close to you – preferably in your country, or if there aren’t enough, in your ‘zone. Go to NTP home and browse through the tree of zones and servers to select which ones are best for you. The follow these commands to configure:

1. Configure /etc/ntp.conf
Edit this file with a text-editor. Replace
server <example-server-name>
with your servers, such as:

server 0.br.pool.ntp.org
server 1.br.pool.ntp.org
server 2.br.pool.ntp.org

2. Synchronise your clock manually
If your clock is drifting too NTP might refuse to synchronise it, but it can be done manually:

ntpdate 0.br.pool.ntp.org (server name that you choose)

3. Make your NTP daemon executable

chmod +x /etc/rc.d/rc.ntpd

4. Start NTP now without rebooting
Again, a simple command:

/etc/rc.d/rc.ntpd start

Summary: This article gives a step-by-step guide in configuring LINUX to act as an authoritative time server using NTP (Network Time Protocol).

Computer time synchronisation is highly important in modern computer networks, precision and time synchronization is critical in many applications, particularly time sensitive transactions. Just imagine buying an airline seat only to be told at the airport that the ticket was sold twice because it was purchased afterwards on a computer that had a slower clock!

Modern computers do have internal clocks called Real Time Clock chips (RTC) that provide time and date information. These chips are battery backed so that even during power outages, they can maintain time but personal computers are not designed to be perfect clocks. Their design has been optimized for mass production and low-cost rather than maintaining accurate time.

For many applications, this is can be quite adequate, although, quite often machines need time to be synchronised with other PC’s on a network and when computers are out of sync with each other problems can arise such as sharing network files or in some environments even fraud!

Network Time Protocol (NTP) is an Internet protocol used for the transfer of accurate time, providing time information along so that a precise time can be obtained. As NTP was originally written for LINUX many LINUX based operating systems already have a version of NTP installed. However the source code is free to download from the NTP website (NTP.org) the most recent version being v 4.2.4.

NTP (version 4) can maintain time over the public Internet to within 10 milliseconds (1/100th of a second) and can perform even better over LANs with accuracies of 200 microseconds (1/5000th of a second) under ideal conditions.

NTP works within the TCP/IP suite and relies on UDP, a less complex form of NTP exists called Simple Network Time Protocol (SNTP) that does not require the storing of information about previous communications, needed by NTP. It is used in some devices and applications where high accuracy timing is not as important.

The NTP background program is configured with the file ‘NTP.conf’. this may contain a list of public NTP server references that can be used to synchronise time. NTP time servers are specified using the ’server’ command, any characters after the ‘#’ symbol are comments:

Example
server time-a.nist.gov # Public NTP server: Maryland
When configured, NTP can be controlled using the commands ‘ntpd start’ ‘ntpd stop’ ‘ ntpq –p’ (displays status)

NTP can also authenticate timing resources Note: It is strongly recommends that you configure a time server with a hardware source rather than from the internet where there is no authentication. Authentication codes are specified in the ‘NTP.keys’ file.

Specialist NTP servers are available that can receive transmissions from either GPS or national time reference broadcasts. They are relatively cheap and the signal is authenticated providing a secure time reference.

Authentication for NTP has been developed to prevent malicious tampering with system synchronisation just as firewalls have been developed to protect networks from attack but as with any system of security it only works if it is utilised.