Network Time Protocol

• Objectives– to learn how to setup ntp

• Contents– The NTP Server

– What is NTP?

– Download and Install The NTP Package

– The /etc/ntp.conf File

– How To Get NTP Started

– Determining If NTP Is Synchronized Properly

What is NTP?

• Network Time Protocol– Used to keep clock’s syncronized within your nodes

– Important for logservers and logfiles

– Transaction servers

– Various applications

– Time critic operations that needed to be syncronized

• Stratum levels– Level 1 most accurate, many public exist

– Level 2 next accurate, often companies timeservers

– Lower levels

• LW radio carriers as reference

• Important atomic clock servers that supports NTPhttp://www.eecis.udel.edu/~mills/ntp/servers.html

• Check if NTP is there and then download it

• Install NTP after it is downloaded

• NTP is redhat standard, however it is not started.

• First time chkconfig and service will open iptables firewall as well, ntp used port 123 UDP

Download and Install The NTP Package

# ftp ftp.redhat.comftp> cd /pub/redhat/linux/9/en/os/i386/RedHat/RPMSftp> ls ntp*ftp> mget ntp*

# ftp ftp.redhat.comftp> cd /pub/redhat/linux/9/en/os/i386/RedHat/RPMSftp> ls ntp*ftp> mget ntp*

# rpm –ivh ntp-4.1.2-5.i386.rpm# rpm –ivh ntp-4.1.2-5.i386.rpm

# chkconfig ntpd on# service ntpd start

# chkconfig ntpd on# service ntpd start

The /etc/ntp.conf File

• First we specify the sample servers we're interested in:– Servers are used in order, average time can be calculated

• Then we restrict the type of access you allow these servers

• Declare the networks this NTP server should serve

• This NTP server should serve itself unrestricted

restrict otherntp.server.org mask 255.255.255.255 nomodify notrap noqueryrestrict ntp.research.gov mask 255.255.255.255 nomodify notrap noquery

restrict otherntp.server.org mask 255.255.255.255 nomodify notrap noqueryrestrict ntp.research.gov mask 255.255.255.255 nomodify notrap noquery

server  otherntp.server.org    # A stratum 1 serverserver  ntp.research.gov       # A srtatum 2 server

server  otherntp.server.org    # A stratum 1 serverserver  ntp.research.gov       # A srtatum 2 server

restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notraprestrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap

restrict 192.168.0.0 mask 255.255.255.0 notrust nomodify notraprestrict 192.168.1.0 mask 255.255.255.0 notrust nomodify notrap

restrict 127.0.0.1restrict 127.0.0.1

How To Get NTP Started

• To get NTP configured to start at boot:– The demon is called ntpd

• To start/stop/restart NTP after booting:

• If you like with init scripts:

• Logging in /var/log/messages

• Logging in /var/log/ntpd.log

# chkconfig ntpd on# chkconfig ntpd on

# service ntpd start

# service ntpd stop

# service ntpd restart

# service ntpd start

# service ntpd stop

# service ntpd restart

# /etc/init.d/ntpd start

# /etc/init.d/ntpd stop

# /etc/init.d/ntpd restart

# /etc/init.d/ntpd start

# /etc/init.d/ntpd stop

# /etc/init.d/ntpd restart

Testing And Troubleshooting NTP

• Verifying NTP is Running–you should get a response of plain old process ID numbers

• Doing An Initial Synchronization against one server–First check current idea of time

–Then syncronize against NTP server

–Last check that time was adjusted

–If time it was to big difference in time you might want to set the time as exact you can manually and do the sync again

# pgrep ntpd# pgrep ntpd

# date Thu Sep 7 00:00:00 PDT 2004# ntpdate –u ntp.research.gov Looking for host ntp.research.gov and service ntphost found : ntp.research.gov7 Sep 08:03:38 ntpdate[2472]: step time server ntp.research.gov offset 28993.084943

sec     # dateSep 7 08:03:38 PDT 2004

# date Thu Sep 7 00:00:00 PDT 2004# ntpdate –u ntp.research.gov Looking for host ntp.research.gov and service ntphost found : ntp.research.gov7 Sep 08:03:38 ntpdate[2472]: step time server ntp.research.gov offset 28993.084943

sec     # dateSep 7 08:03:38 PDT 2004

Determining If NTP Is Synchronized Properly

• With ntpq command see the servers you sync with

• Jitter should be less than 100

• Try to use NTP server close to you with high strata level

# ntpq -p     remote          refid       st t when poll reach  delay   offset   jitter==============================================================================-jj.cs.umb.edu   gandalf.sigmaso  3 u   95 1024  377  31.681  -18.549    1.572milo.mcs.anl.go  ntp0.mcs.anl.go  2 u  818 1024  125  41.993  -15.264    1.392-mailer1.psc.edu ntp1.usno.navy.  2 u  972 1024  377  38.206   19.589   28.028-dr-zaius.cs.wis ben.cs.wisc.edu  2 u  502 1024  357  55.098    3.979    0.333+taylor.cs.wisc. ben.cs.wisc.edu  2 u  454 1024  347  54.127    3.379    0.047-ntp0.cis.strath harris.cc.strat  3 u  507 1024  377 115.274   -5.025    1.642*clock.via.net   .GPS.            1 u  426 1024  377 107.424   -3.018    2.534ntp1.conectiv.c  0.0.0.0         16 u    - 1024    0   0.000    0.000  4000.00

# ntpq -p     remote          refid       st t when poll reach  delay   offset   jitter==============================================================================-jj.cs.umb.edu   gandalf.sigmaso  3 u   95 1024  377  31.681  -18.549    1.572milo.mcs.anl.go  ntp0.mcs.anl.go  2 u  818 1024  125  41.993  -15.264    1.392-mailer1.psc.edu ntp1.usno.navy.  2 u  972 1024  377  38.206   19.589   28.028-dr-zaius.cs.wis ben.cs.wisc.edu  2 u  502 1024  357  55.098    3.979    0.333+taylor.cs.wisc. ben.cs.wisc.edu  2 u  454 1024  347  54.127    3.379    0.047-ntp0.cis.strath harris.cc.strat  3 u  507 1024  377 115.274   -5.025    1.642*clock.via.net   .GPS.            1 u  426 1024  377 107.424   -3.018    2.534ntp1.conectiv.c  0.0.0.0         16 u    - 1024    0   0.000    0.000  4000.00

Your Linux NTP clients cannot Synchronize Properly

• Your test show something like this

• This could be caused by the following– Older versions of NTP must have IP addresses, not FDQN

– A firewall blocking access to your Stratum 1 and 2 NTP servers, port 123 UDP must be opened.

– Fedora Core 2 syncing to Feodora 2 client has a known bug

# ntpq -p     remote           refid      st t when poll reach   delay   offset  jitter

==============================================================================

 LOCAL(0)        LOCAL(0)        10 l    -   64    7    0.000    0.000   0.008

 ntp-cup.externa 0.0.0.0         16 u    -   64    0    0.000    0.000 4000.00

 snvl-smtp1.trim 0.0.0.0         16 u    -   64    0    0.000    0.000 4000.00

 nist1.aol-ca.tr 0.0.0.0         16 u    -   64    0    0.000    0.000 4000.00

# ntpq -p     remote           refid      st t when poll reach   delay   offset  jitter

==============================================================================

 LOCAL(0)        LOCAL(0)        10 l    -   64    7    0.000    0.000   0.008

 ntp-cup.externa 0.0.0.0         16 u    -   64    0    0.000    0.000 4000.00

 snvl-smtp1.trim 0.0.0.0         16 u    -   64    0    0.000    0.000 4000.00

 nist1.aol-ca.tr 0.0.0.0         16 u    -   64    0    0.000    0.000 4000.00

Fedora / RedHat File Permissions

• The /etc/ntpd catalog must have correct owner and group

This catalog holds the drift file and network delay correction!

chown ntp:ntp /etc/ntpchown ntp:ntp /etc/ntp

Configuring Cisco Devices To Use An NTP Server

• Cisco IOS

• ntp server: Forms a server association with another system.

• ntp update-calendar: Configures the system to update its hardware clock from the software clock at periodic intervals.

ciscorouter> enable

password: *********

ciscorouter# config t

ciscorouter(config)# ntp update-calendarciscorouter(config)# ntp server 192.168.0.10ciscorouter(config)# ntp server 192.168.1.201ciscorouter(config)# exit

ciscorouter# wr mem

ciscorouter> enable

password: *********

ciscorouter# config t

ciscorouter(config)# ntp update-calendarciscorouter(config)# ntp server 192.168.0.10ciscorouter(config)# ntp server 192.168.1.201ciscorouter(config)# exit

ciscorouter# wr mem

Configuring Cisco Devices To Use An NTP Server

• CAT OS

• ntp server: Forms a server association with another system.

• set ntp client enable: Activate the NTP client

ciscoswitch> enablepassword: *********ciscoswitch# set ntp client enableciscoswitch# ntp server 192.168.0.10ciscoswitch# ntp server 192.168.1.201

ciscoswitch# exit

ciscoswitch> enablepassword: *********ciscoswitch# set ntp client enableciscoswitch# ntp server 192.168.0.10ciscoswitch# ntp server 192.168.1.201

ciscoswitch# exit

Summary

• NTP server is adjust time and date on nodes

• Configuration sit in /etc/ntpd.conf

• Calibration files sit in /etc/ntpd/

• Strata levels tells system accuracy

• Strata level 1 is most accurate

• Stratalevel 2 is next accurate

• Many applications rely on exact time

• NTPD is the name of client and server demon

• Show ntp status with ntpq –p

• Update time manually: ntpdate –u ntp.research.gov

• Most routers/Switches has NTP timesettings