Network Time Protocol (NTP) and Synchronized Clock FAQs
What is NTP?
Network Time Protocol (NTP) is a protocol that provides a reliable way of transmitting and receiving the time over TCP/IP networks. It has become the de facto standard for synchronizing Internet computers and other networked devices to Universal Coordinated Time (UTC), which is accomplished by having these devices reference a common time source – i.e., an atomic clock or a network time server (a.k.a. an “NTP server”). (NTP is defined in IETF RFC 1305.)
NTP uses port 123, which must be opened on a firewall or router to ensure proper communication with the NTP server.
What is SNTP?
Simple Network Time Protocol (SNTP) is a simplified version of NTP, which is used in cases where a full implementation of NTP is not required. Because SNTP uses the same packet format as NTP, SNTP clients can utilize NTP servers. (SNTP is defined in RFCs 1361,2030 & 4330.)
SNTP is implemented on the PoE clock. By default, SNTP time synchronization is performed once per hour, which keeps the displayed time within 200 ms of actual time. (For more information on how to configure your clock for an SNTP server see How do I configure my PoE clock for an SNTP Time Server? below)
What is International Atomic Time?
International Atomic Time is an international time standard derived from 200 atomic clocks in 50 national laboratories from around the world. The readings from these clocks are used to form the standard for Coordinated Universal Time (UTC), which governs global time-keeping.
Atomic clocks represent the top-level stratum of the NTP hierarchy.
What are Stratum?
The world of NTP is a hierarchy of reference clocks and time servers. At the top of the hierarchy are reference clocks known as stratum 0 time sources, which are typically atomic clocks or Global Positioning System (GPS) satellites.
A server that is linked to a stratum 0 device is called a stratum 1 server. The link itself is provided by a direct connection to the stratum 0 device (not via a network link), such as via WWV (high-frequency radio waves from NIST), GPS, or dial-up modem connection. Stratum 1 servers are the top level NTP servers available over the Internet.
Building on the NTP hierarchy, a stratum 2 server gets its time over the network from a stratum 1 server, a stratum 3 server from a stratum 2 server, and so on (up to stratum 15).
In essence then, the stratum defines the number of steps that a server is from a primary time source.
It’s also worth noting that NTP servers operating in the same stratum may be associated with one another in a peer-to-peer fashion. This is done so that a higher quality of time can be achieved and so that the servers can synchronize to the most accurate time setting amongst peers.
What's an Appropriate NTP Architecture?
As a general rule, it's wise to have an internal time server on your network to support the synchronized clocks on the network. This is particularly true if you are deploying a number of clocks. Here are some reasons why this is important:
- If you have a large number of clocks independently referencing the same external time server, you may possibly run afoul of the external time server's network access policy (by accessing the time server more frequently than its open access policy allows).
- An internal time server reduces Internet traffic, and helps secure timekeeping on the network.
Secure timekeeping on the network is important because opening your network to NTP (port 123) traffic allows for the possibility of these types of hacker intrusions:
- Sending too much data in the NTP packet, thus causing the NTP service to become overloaded and resulting in a denial of time services attack.
- Sending specially constructed packets that essentially "take over" machines within your network (by using the same privileges as the NTP service running on those machines) and, in so doing, allowing the intruder to mask the break-in by resetting the time on those machines, making it impossible to effectively reconstruct the exact sequence of events that lead to the break-in.
By deploying your own internal time server, which alone references an external time source or time server (i.e., typically a stratum 2 server), you can construct the most robust form of NTP architecture for your synchronized clocks on your network. You can also minimize the amount of network management required to accomplish the goal of secure and accurate timekeeping.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
Comments