1 / 52

NTPV3 – Time Synchronization Service

NTPV3 – Time Synchronization Service. Siddharth (Siddharth Jagtiani). Highlights. Why Time Synchronization ? How Time Synchronization ? NTPv3 Utilities and LAB Authentication Options Backward Compatibility options Why and How. WHY Time Synchronization ?. 11:01. 11:00. 11:00. 11:01.

vicky
Télécharger la présentation

NTPV3 – Time Synchronization Service

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NTPV3 – Time Synchronization Service Siddharth (Siddharth Jagtiani)

  2. Highlights • Why Time Synchronization ? • How Time Synchronization ? • NTPv3 Utilities and LAB • Authentication Options • Backward Compatibility options Why and How © 2002 Novell Inc, Confidential & Proprietary

  3. WHY Time Synchronization ? 11:01 11:00 11:00 11:01 UPDATE SYNC © 2002 Novell Inc, Confidential & Proprietary

  4. How Time Synchronization ? t2 t1 Time Request t3 Time Reply t4 t5 t6 Time Request t7 Time Reply t8 Time Consumer Time Provider © 2002 Novell Inc, Confidential & Proprietary

  5. How Time Synchronization ? Time Exchange © 2002 Novell Inc, Confidential & Proprietary

  6. How Time Synchronization ? Time Exchange - Eg Offset = ((t2-t1) + (t3-t4)) /2 = 1 min Delay = (t4-t1) - (t3-t2) = 20 sec t3-t2 = Zero NetWare OS Non-preemptive scheduling. Time taken for Request = Time taken for Reply= 10 sec Time taken to process packet at Time Server = 5 sec © 2002 Novell Inc, Confidential & Proprietary

  7. OS Clock - Interface Time Provider Time Exchange Time Consumer Timesync/ NTPv3 Applications Write Correction Registers Read Write Time CLOCK Status Timer Interrupt Write © 2002 Novell Inc, Confidential & Proprietary

  8. OS Clock - How © 2002 Novell Inc, Confidential & Proprietary

  9. Time Correction on OS ? • Slam - Correct the clock (NOW !!) • Local Clock = Local Clock + Offset • Slew - Slowly correct the clock (I am in no hurry !!) • Slewed Offset = Offset/Duration of Slew • For (Every second until Duration of Slew) • Local Clock = Local Clock + 1 second + Slewed Offset © 2002 Novell Inc, Confidential & Proprietary

  10. Get Time From Time Source First Time ? No Yes Slew Slam In Sync Timesync Slam Vs Slew NOT in Sync © 2002 Novell Inc, Confidential & Proprietary

  11. Get Time From Time Source Get Time From Time Source Slam Slew NTPv3 Slam Vs Slew XNTPD NTPDate Filter/Selection Algorithm OS Clock Nearly In Sync OS Clock In Sync © 2002 Novell Inc, Confidential & Proprietary

  12. Value of NTPv3 • Open Source port. RFC 1305 • Uniformity between other platforms • NetWare 6.5 includes • Time Synchronization Daemon : xntpd.nlm • Utilities : ntpdate, ntpq, ntptrace and xntpdc • Browser based configuration through NORM • Backward compatibility to service NCP time requests © 2002 Novell Inc, Confidential & Proprietary

  13. NTPv3 Tools in NetWare 6.5 - NTPDATE • NTPDate • Used to slam the time provider’s time on the server. • Helps to achieve synchronization faster. • Similar to timesync’s “Set Clock to first network time” Time Consumer Time Provider Request 123 NtpDate Server B XNTPD Reply OS Clock © 2002 Novell Inc, Confidential & Proprietary

  14. NTPDATE - Options • Usage : [-bBdqsv] [-a key#] [-e delay] [-k file] [-p samples] [-o version#] [-r rate] [-t timeo] server • -b : Step the time without limits • -u : Don’t use port 123 • -d -q : only display the time offset • -s : Log actions to file © 2002 Novell Inc, Confidential & Proprietary

  15. NTPDATE - LAB • Tasks • Use NTPDATE to set the time of the server to NTP.NOVELL.COM • Use NTPDATE to set the time to a Timesync Single Server • Load XNTPD and then try to use NTPDATE to set time to NTP.NOVELL.COM • Load Timesync and then try to use NTPDATE to set time to NTP.NOVELL.COM • Use NTPDATE to find out how far you are from NTP.NOVELL.COM, but do NOT set the system time. • Log NTPDATE screen info to file © 2002 Novell Inc, Confidential & Proprietary

  16. NTPv3 Tools in NetWare 6.5 - XNTPD • XNTPD • Maintains synchronized time as long as the server is running • Used to slew the clock with the time provider’s clock • Sys:\etc\ntp.cfg is the default configuration file • Ntp.cfg comes with a lot of examples for helping configuration • -T options help migrate/provide backward compatibility for NCP clients • Ntp configuration on NORM • Health Monitor on NORM © 2002 Novell Inc, Confidential & Proprietary

  17. Sample XNTPD Progress Screen © 2002 Novell Inc, Confidential & Proprietary

  18. XNTPD Manual Configuration • Manual Configuration • This configuration is similar to “Timesync Configured Sources=ON” • Server can be self synchronized • Time Provider – LOCAL Clock • Server can rely on another server for time. • Time Provider – Another NTP server • Advertise its service (broadcast mode) • Listen to advertisements (broadcastlisten mode) © 2002 Novell Inc, Confidential & Proprietary

  19. Manual Configuration – NTP.Cfg Commands Local Clock Setup • server 127.127.1.0 [minpoll <4-16>] – Local Clock • fudge 127.127.1.0 stratum <0-15> - Stratum Time Provider – Another NTP Server • server <ipa/dns name> [minpoll <4-16>] – Time Provider Poll Delay • minpoll <4-16> - Poll Delay = 2minpoll • 5 successful poll’s gets the server to synchronized state © 2002 Novell Inc, Confidential & Proprietary

  20. Manual Configuration – Example • Self Synchronized • IP Address for identifying the local clock – 127.127.1.0 • Used along with the fudge, minpoll and stratum command • Eg : • server 127.127.1.0 minpoll 4 • fudge 127.127.1.0 stratum 2 • Configure to Take time from another server • IP Address/DNS name of the time provider • Can be used along with minpoll command to increase speed of configuration • Eg : • server <ipa/dns name> minpoll 4 © 2002 Novell Inc, Confidential & Proprietary

  21. NTPv3 Tools in NetWare 6.5 - NTPQ • NTPQ • Query tool to monitor the status and quality of time • Delay • Offset • Error • Progress of synchronization • filt values • Ability to query other NTPv3 servers from a central place • host • Ability to check the status of all your time providers • peers © 2002 Novell Inc, Confidential & Proprietary

  22. NTPQ – Monitoring Commands • Monitoring • associations (as) – List all the associations. • peers (pe) – List the status of each peer • rv <assocID> - List all the variables for the association <assocID> • rvi <index> - List all the variables for the association number <index> • host <ipa>|<dns name> - Change the query server. • showipconf – Show the ipa and broadcast address of this server. (does not work in host mode). • Authentication – Query requests should be encrypted • authenticate [yes|no] – enable/disable authentication • keyid – identity of the client • keytype – type of authentication © 2002 Novell Inc, Confidential & Proprietary

  23. XNTPD / NTPQ - LAB • Tasks • Use XNTPD to configure to use NTP.NOVELL.COM as the time source • Check synchronization status at regular interval’s • Experiences ???? • Configure XNTPD to use the server next to you as the time source • Check the synchronization status at regular interval’s • Experiences ???? © 2002 Novell Inc, Confidential & Proprietary

  24. Manual Configuration - LAB • Tasks • Configure with multiple time provider using DNS/IP Address • Experiences ????? • Configure a time consumer to synchronize within a minute • Experiences ????? • Configure NTPDATE to run automatically before XNTPD • Set the Time provider’s time ahead by a hour. • Set the Time provider’s time behind by a hour • Experiences ????? © 2002 Novell Inc, Confidential & Proprietary

  25. Manual Configuration LAB – For Experts • Tasks • Use XNTPD to configure to use a NetWare box with Timesync loaded as the time source • Configure XNTPD to help ensure that only “authenticated” clients make time requests • AUTHENTICATION • Configure XNTPD to use Timesync SINGLE server in the tree as your time source. • Configure Timesync to take time from XNTPD in NTP/NCP mode © 2002 Novell Inc, Confidential & Proprietary

  26. NTPQ – LAB – For Experts • NTPQ • Configure XNTPD to take time from multiple time providers. • Check the status of all time providers in list at regular interval’s • Experiences ???? • Send authenticated requests to the server next to you and monitor the status • Comment on the time providers of the server next to you © 2002 Novell Inc, Confidential & Proprietary

  27. NTPQ Reference How to Configure Time Synchronization Service on Unix ? • 8) Some of the important outputs of the “peers” command is detailed as below. • A) First character - • ‘+’ ,‘*’ or ‘o’ means - Selected for Synchronization. • ‘-’, ‘SPACE’ or ‘#’ means - Discarded. • B) IPA of the Time Source • C) Type or Source - E.g GPS or some other type of Time Source. • D) Stratum • E) Type of peer - Unicast, Multicast, Broadcast or Local. • F) Delay - Round trip delay • G) Offset - Time difference. • E.g for NTPQ-Peers Cmd: • remote refid st t when poll reach delay offset disp • =================================================================== • 137.65.30.250 .GPS. 1 u 2 64 1 954.77 -6645.1 15875.0 © 2002 Novell Inc, Confidential & Proprietary

  28. XNTPD Auto Configuration • Auto Configuration • This configuration is similar to “Timesync Auto Discovery” • Configure the Time Provider to Broadcast its service on the network • Configure the Time Consumers to listen to the broadcast service and synchronize. • Time Provider • broadcast <broadcast address> • Time Consumers • broadcastclient © 2002 Novell Inc, Confidential & Proprietary

  29. Auto Configuration - LAB • Tasks • Configure your server to broadcast its service to the other servers on the network. • Configure your server to accept broadcast’s and listen • Configure your server with authentication to broadcast its service • Configure your server to accept broadcast’s only in authenticated mode © 2002 Novell Inc, Confidential & Proprietary

  30. XNTPD - Authentication ProcessRequest Process Time Consumer Time Request Encrypt Time Request + Encrypted [Time Request] Send Time Provider Split Time Request Encrypted [Time Request] Discard Unauthentic Encrypt Process Reply Not Equal Equal Compare © 2002 Novell Inc, Confidential & Proprietary

  31. XNTPD - Authentication ProcessReply Process Time Provider Time Reply Encrypt Time Reply + Encrypted [Time Reply] Send Time Consumer Split Time Reply Encrypted [Time Reply] Discard Unauthentic Encrypt Step/Slew Not Equal Equal Compare © 2002 Novell Inc, Confidential & Proprietary

  32. XNTPD – Authentication Setup • Need • Time Consumers need to know if they are contacting the Time Provider they intend to (XNTPD.NLM) • Queries between hosts, need encryption (NTPQ.NLM) • Remote Configuration commands need to come from authenticated clients (XNTPDC.NLM) • NTP.CFG • Key file • Trusted Key - XNTPD.NLM • Request Key – NTPQ.NLM • Control Key – XNTPDC.NLM • server, peer, broadcast – command use the key ID • NTP.KEY • Key ID – Key Identifier • Key Value – Password • Key Type – Encryption method MD5/DES © 2002 Novell Inc, Confidential & Proprietary

  33. XNTPD – Authentication Setup Time Provider • Share common symmetric key’s between NTP server and NTP client • Eg NTP.KEY • # Key ID Key Type Key Value • 420 M netware_is_the_best • Enable the 420 key as a trusted • Eg : NTP.CFG • keys sys:\etc\ntp.key • trustedkey 420 © 2002 Novell Inc, Confidential & Proprietary

  34. XNTPD – Authentication Setup Time Consumer Share common symmetric key’s between the NTP server and client • Eg NTP.KEY • # Key ID Key Type Key Value • 420 M netware_is_the_best NTP client should enable the keys for synchronization • Eg NTP.CFG • Keys sys:\etc\ntp.key • Trustedkey 420 NTP client needs to specify the key that needs to be used for every NTP server • Eg NTP.CFG • server <ntp_server_ip_address> key 420 © 2002 Novell Inc, Confidential & Proprietary

  35. XNTPD - Authentication - LAB • Tasks • Configure your server as a time consumer to the server on your right hand side only with authentication • Configure your server as a time provider to the server on your left hand side and provide authentication options • Experiences ??? © 2002 Novell Inc, Confidential & Proprietary

  36. XNTPDC Authentication • Need • XNTPDC client needs to have authentic access to modify configuration on the remote server. • Remote server should be able to able to deny access • How • XNTPDC client need to provide the correct keyID, keyValue (password) • Remote server should be able to authenticate a configuration request. © 2002 Novell Inc, Confidential & Proprietary

  37. Authentication OptionsRemote Configuration Authentication • XNTPDC • Enable authentication option for the server that needs to be Remotely configured. • Insert a entry into ntp.key • Mark the key as controlkey in ntp.cfg • Restart xntpd.nlm • Remote Configure a server - xntpdc • Passwd – Authenticate to the remote server © 2002 Novell Inc, Confidential & Proprietary

  38. NTPQ Authentication Options • Setup the host server • Insert a entry into ntp.key • Mark the key as requestkey in ntp.cfg • Restart xntpd.nlm • Configure Query Client • Insert the key of the time provider in ntp.key • Mark the key as trustedkey in ntp.cfg • Add option “key <keyid>” in ntp.cfg “server” command line • Eg : server <ipaddress> minpoll <vlaue> key <keyid> © 2002 Novell Inc, Confidential & Proprietary

  39. Advanced Configuration Minimize Traffic • Select servers across geographic locations to be peers to each other – Similar to “Timesync Primary Servers” – This helps in minimizing traffic across WAN’s Fault Tolerance • Have all these servers use a reference clock (external) as a master server – This helps in fault tolerance. COMMON - Time Consumer Setup • Have all Time Consumers use one of the above peer servers as a Time provider for itself. © 2002 Novell Inc, Confidential & Proprietary

  40. Advanced Configuration – LabMinimize Traffic Self Synchronized Stratum 10 External NTP Source Self Synchronized Stratum 10 Provo India Peer Synchronized © 2002 Novell Inc, Confidential & Proprietary

  41. Advanced Configuration – LabFault Tolerance External NTP Source External NTP Source Self Synchronized Stratum 10 Provo Self Synchronized Stratum 10 India Peer Synchronized © 2002 Novell Inc, Confidential & Proprietary

  42. NTPTrace - LAB • NTPTrace • Query all servers in the stratum thread to the root (startum 1) • LAB • Query your stratum thread • Experiences ????? © 2002 Novell Inc, Confidential & Proprietary

  43. Extra features for NetWare 6.5 • Browser Based configuration (Embedded in xntpd.nlm) • On NORM scroll down to NTP Configuration and click “Manual Configuration” • Modify NTP Configuration file’s, Save, Restart and Apply (save and restart xntpd to reflect new changes) • NTP Version independence • Timesync Migration/Backward Compatibility options • Xntpd –T noncp : Will disable the ncp engine on xntpd. XNTPD will not serve ncp time request’s from NetWare 4.x and Novell Clients • Xntpd –T slp : Will look up SLP for a Timesync SINGLE server on the network, add the Timesync SINGLE server’s IP Address in the ntp.cfg as a time provider © 2002 Novell Inc, Confidential & Proprietary

  44. NTP State Machine NOT Loaded/Not Synchronized Load XNTPD Loaded/Not Synchronized Loaded/Nearly Synchronized Step Clock is Enabled No Yes Slew NTPDATE –u –b <server list from ntp.cfg> Loaded/Synchronized NTPDATE Success Yes No © 2002 Novell Inc, Confidential & Proprietary

  45. Migration Timesync to NTPv3 • Reference – Primary • Primary - Secondary • Reference – Secondary • Secondary – Secondary • Client – Server Manual Configuration Single – Secondary Broadcast/Multicast – Broadcastlisten Configuration Primary – Primary Peer Configuration © 2002 Novell Inc, Confidential & Proprietary

  46. Backward Compatibility - Problem NCP Request NCP Request BOOM BOOM NCP Reply NCP Reply © 2002 Novell Inc, Confidential & Proprietary

  47. Backward Compatibility – Solution With NTPv3 and NCP Server NCP Request NCP Request NCP Reply NCP Reply © 2002 Novell Inc, Confidential & Proprietary

  48. Backward Compatibility – LABNORM - Lab • Task • Configure NetWare 4.x server to use NetWare 6.5 as a time source • Tasks • Configure your server using NORM, using any configuration mode • Monitor its synchronization status using “Health Monitor” © 2002 Novell Inc, Confidential & Proprietary

  49. Browser based administration - NORM • NTP Configuration • Click on “NTP Configuration” link under “Manage Applications” • Click on the set of servers that you want to configure • Edit the configuration file • Save – saves the contents of the ntp.cfg • Restart – reload xnptd.nlm • Apply – save and restart • NTP Monitoring • Click on “Health Monitor” • Click on “NTP Monitoring Service” • Click on the set of servers that you want to monitor • peers : output same as ntpq • associations : output same as as command on ntpq • variables : output same as “rv <assId>” © 2002 Novell Inc, Confidential & Proprietary

  50. Future for NTPv3 • Simplifying NTP/Timesync configuration • More on integrating Timesync backward compatibility with NTPv3 configuration • Cross platform solution – OS Independent • Extending features for helping debugging of time synchronization problems © 2002 Novell Inc, Confidential & Proprietary

More Related