1 / 22

NTP

NTP. Network time protocol. Needs for precision time. Stock market buy and sell orders Aviation traffic control and position reporting Network monitoring, measurement and control Radio and TV programming launch and monitoring Multimedia synchronization for real-time teleconferencing

zorina
Télécharger la présentation

NTP

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NTP Network time protocol

  2. Needs for precision time Stock market buy and sell orders Aviation traffic control and position reporting Network monitoring, measurement and control Radio and TV programming launch and monitoring Multimedia synchronization for real-time teleconferencing Distributed network gaming and training 16-Sep-14 2

  3. Needs for precision time Distributed database transaction journalling and logging Secure document timestamps (with cryptographic certification) Differentiated services traffic engineering Interactive simulation event synchronization and ordering 16-Sep-14 3

  4. Introduction NTP is a protocol for synchronising the clocks of computer systems over packet-switched, variable-latency data networks. NTP uses UDP as its transport layer – using port 123. NTP has been running continuously operating, ubiquitously available protocol in the Internet since 1985 Over 150 Internet primary servers are in Australia, Canada, Chile, France, Germany, Israel, Italy, Holland, Japan, Norway, Sweden, Switzerland, UK, and US. Agencies and organizations: US Weather Service, US Treasury Service, IRS, PBS, Merrill Lynch, Citicorp, GTE, Sun, HP, etc. 16-Sep-14 4

  5. On the hazards of serving time With potential client populations in the millions, there is a very real vulnerability to grossly overload the public primary server population. The public NTP client software exchanges packets with the server on a continuous basis in order to discipline the computer clock time and frequency. This software has been carefully designed to be a good network citizen and ordinarily does not exceed a rate of one packet every fifteen minutes. Defective NTP client implementations have appeared that exhibit gross violations of the Internet social contract. An example is the U Wisconsin incident reported in the next slide. The sheer weight of numbers threatens to overwhelm at least some of the current NIST and USNO servers. Other incidents reveal really bad network engineering and counterproductive parameter selection, especially poll interval.

  6. The U Wisconsin incident (2003) U Wisconsin operates a number of time servers for campus access. A home router came on the market that had the address of one of these servers hard-coded in firmware and could not be changed, could send packets continuously at one-second intervals under certain conditions when service was interrupted. This would not be a problem if only a small numbers of these routers were sold. However, eventually 750,000 routers were sold and most could not be recalled, updated or even reliably found. The resulting traffic overwhelmed the server, university network and service provider. There has been no wholly satisfactory solution to this problem other than to insure continuous service and to educate the manufacturer about socially responsible product design.

  7. The Network Protocol (NTP) Network Time Protocol (NTP) synchronises clocks of hosts and routers in the Internet. NTP provides accurate time synchronisation nominal accuracies of low tens of milliseconds on WANs, submilliseconds on LANs, and submicroseconds using a precision time source such as a cesium oscillator or GPS receiver. NTP software has been ported widely and built into the operating systems for Linux/Unix. Every Windows/XP has an NTP client. NTP has been on the NASA Shuttle. The NTP architecture, protocol and algorithms have been evolved over the last two decades to the latest NTP Version 4 software distributions. 16-Sep-14 7

  8. Goals of NTP • Provide the best accuracy under prevailing network and server conditions. • Resist many and varied kinds of failures, including fail-stop, malicious attacks and implementation bugs. • Maximise utilisation of Internet diversity and redundancy. • Automatically organise subnet topology for best accuracy and reliability. • Self contained cryptographic authentication based on both symmetric key and public key infrastructures and independent of external services.

  9. Outside of NTP scope • Local time – this is provided by the operating system. • Access control - this is provided by firewalls and address filtering. • Privacy - all protocol values, including time values, are public unless explicitly configured for encryption. • Non-repudiation - this can be provided by a layered protocol if necessary. • Conversion of NTP timestamps to and from other time representations and formats.

  10. NTP hierarchy Primary (stratum 1) servers synchronise to national time standards via radio, satellite and modem. Secondary (stratum 2, ...) servers and clients synchronise to primary servers via hierarchical subnet. A publicly available set of secondary servers is maintained by pool.ntp.org DNS is used to assign randomly to NTP clients Clients and servers operate in master/slave, symmetric and multicast modes with or without cryptographic authentication. Reliability assured by redundant servers and multiple network paths. Engineered algorithms reduce jitter, mitigate multiple sources and avoid improperly operating servers. 16-Sep-14 10

  11. NTP Version 4 NTP Version 4 architecture, protocol and algorithms have been evolved to achieve this degree of accuracy. Improved clock models which accurately predict the time and frequency adjustment for each synchronization source and network path. Engineered algorithms reduce the impact of network jitter and oscillator wander while speeding up initial convergence. Redesigned clock discipline algorithm operates in frequency-lock, phase-lock and hybrid modes. The improvements, confirmed by simulation, improve accuracy by about a factor of ten, while allowing operation at much longer poll intervals without significant reduction in accuracy. 16-Sep-14 11

  12. NTP Service Description System-V Managed Service Core packages: ntp Daemons: ntpd Config.: Server: /etc/ntpd.conf Other configuration files: /var/lib/ntp/*

  13. Ntp utility programs ntpdate: Set the system date and time via ntp ntptime: Display the time variables maintained by the Linux kernel ntptrace: Trace the chain of ntp servers back to the primary source

  14. Configuring NTP restrict default nomodify noquery restrict 192.168.0.0 mask 255.255.255.0 nomodify restrict 127.0.0.1 # the time servers server pool.ntp.org server pool.ntp.org # general configuration server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 driftfile /var/lib/ntp/drift broadcastdelay 0.008

  15. Configuring NTP restrict default nomodify noquery restrict [IP list] [options] Default defines the policy for all addresses not mentioned on any other restrict line Without options allows all access nomodify, noquery: No modifying or querying of the NTP service on the server

  16. Configuring NTP restrict 192.168.0.0 mask 255.255.255.0 nomodify restrict 127.0.0.1 The first line specifies that any IP in that network cannot modify but can query etc. The second line specifies that local access is unrestricted

  17. Configuring NTP # the time servers server pool.ntp.org server pool.ntp.org # general configuration server 192.168.0.145 Peer 192.168.0.200 Server 192.168.0.10 #local clock Server [server name] [options] List of NTP servers to be used as reference Two mentions of pool.ntp.org means that the pool servers will be tried twice (i.e. two different IPs will be polled) In this example, first checks the pool.ntp.org clocks and then uses the local server (192.168.0.145) Also peer can be used to specify peer time server with which time is also synchronised

  18. Configuring NTP fudge 127.127.0.1 stratum 10 driftfile /var/lib/ntp/drift broadcastdelay 0.008 Fudge defines the priority of this server– Stratum 10 is lower priority and therefore will only be used as a last resort driftfile contains the system clock error Stores the oscillation frequency of the local clock and it is calculated automatically by ntpd NTP uses this to adjust the system time. Broadcastdelay is an estimate of the server to client packet latency On a Lan, typically 0.003 and 0.008 seconds

  19. NTP configuration: setting the poll interval server pool.ntp.org minpoll 10 maxpoll 17 These options specify the minimum and maximum poll intervals for NTP messages, in seconds as a power of two. The maximum poll interval defaults to 10 (1,024 s), but can be increased by the maxpoll option to an upper limit of 17 (36.4 h). The minimum poll interval defaults to 6 (64 s), but can be decreased by the minpoll option to a lower limit of 4 (16s).

  20. Configuring NTP with broadcast Broadcast 224.0.1.1 autokeys The time server is configured to use listen for broadcast timestamps from a ntp server on 224.0.1.1 Autokeys means that the timestamp will be encrypted If no IP was specified, it would take any timestamp that is broadcast (not a good idea)

  21. Configuring NTP with security Crypto pw serverpassword keysdir /etc/ntp NTP v4 can support public key encryption. Any connection defined by in a broadcast, server or peer line can specify autokeys to enable encryption (e.g. server 192.168.0.200 autokeys) The specified file stores the keys used by clients. Generate keys using ntp-keygen command Ntp-keygen –T –I –p serverpassword

  22. Further information NTP home page http://www.ntp.org Current NTP software and documentation FAQ and links to other sources and interesting places NTP Public Services Project: http:/ntp.isc.org Lists of available servers David L. Mills home page http://www.eecis.udel.edu/~mills Papers, reports and memoranda in PostScript and PDF formats Briefings in HTML, PostScript, PowerPoint and PDF formats Collaboration resources hardware, software and documentation Songs, photo galleries and after-dinner speech scripts 16-Sep-14 22

More Related