11 Network Time Protocol

The Network Time Protocol (NTP) provides accurate, dependable, and synchronized time for hosts on both wide area networks (WANs) like the Internet network and local area networks (LANs). In particular, NTP provides synchronization traceable to clocks of high absolute accuracy, and avoids synchronization to clocks keeping bad time. The Tru64 UNIX NTP subsystem is derived from the University of Delaware's implementation, NTP Version 3.4x.

This chapter describes:

The Tru64 UNIX NTP subsystem and its components

How to configure your system to use NTP

How to enable the high-resolution clock

How to manage NTP clients and servers

For introductory information on NTP, see the ntp_intro(7) reference page. For troubleshooting information, see Section 14.13. Also, for information about the latest releases of NTP, more examples of how to configure NTP subnets, and more extensive NTP troubleshooting information, visit the NTP website at http://www.eecis.udel.edu/~ntp.

As an alternative to NTP, you can set your system time by using the rdate command or the timed daemon.

Note

You should use NTP for time synchronization. The timed daemon is provided only for compatibility. If you plan to run both the timed daemon and NTP, you should configure NTP first and run the timed daemon with the -E option.

For more information on the rdate command, see rdate(8) and ntp_manual_setup(7).

For more information on the timed daemon, see timed(8) and timedsetup(8).

11.1 NTP Environment

In the NTP environment, systems can have the following roles:

Client -- An NTP client system is a system that synchronizes its time with local NTP servers.

Server -- An NTP server is a local system that synchronizes its time with an Internet NTP server or with a local reference clock, or both for better accuracy.

Figure 11-1 shows a sample NTP configuration on a LAN in which host D is an NTP server that uses a local reference clock as its time source. Hosts A, B, C, E, F, and G are NTP clients, synchronizing their time with host D.

Figure 11-1: Sample NTP Configuration (Local Clock)

Figure 11-2 shows a sample NTP configuration in which host D is an NTP server that uses an Internet time server as its time source. Hosts A, B, C, E, F, and G are NTP clients, synchronizing their time with host D.

Figure 11-2: Sample NTP Configuration (Internet Source)

11.2 Planning NTP

Figure 11-3 shows the NTP Setup Worksheet, which you can use to record the information required to configure NTP. If you are viewing this manual online, you can use the print feature to print a copy of this worksheet. The following sections explain the information you need to record on the worksheet.

Figure 11-3: NTP Setup Worksheet

Your system can be a local NTP server or an NTP client, or both.

11.2.1 Server Information

Time source

Your system's time source. For local NTP servers, the time source is one of the following:

Internet NTP servers -- If your system is connected to the Internet, you can obtain a list of possible NTP Internet servers from http://www.eecis.udel.edu/~ntp on the World Wide Web. You should select a minimum of three systems from the server list with which to synchronize the time on your local NTP servers. Obtain permission from the contact person listed for each Internet server before specifying it as a server for your local NTP servers.

A local reference clock -- If your network is not connected to the Internet network, you must select a system on your network to be the local reference clock. A local reference clock is a lightly loaded and highly available system that keeps good time. See ntp_manual_setup(7) and ntp.conf(4) for information on setting up a local reference clock.

Server Internet address

The IP address of the Internet NTP server or the local reference clock. Local NTP servers are the time sources for NTP clients.

Server name

The host name of the Internet NTP server.

NTP version

The version of NTP daemon running on the Internet NTP server or the local reference clock. This can be Version 1 (the ntpd daemon), Version 2 (the xntpd daemon), or Version 3 (the xntpd daemon).

11.2.2 Client Information

Local NTP server address: The local NTP server IP address. Local NTP servers are the time sources for NTP clients.
Server name: The local NTP server name.
NTP version: The version of NTP daemon running on the local NTP server. This can be Version 1 (the ntpd daemon), Version 2 (the xntpd daemon), or Version 3 the (the xntpd daemon). Servers running Version 3.2 or earlier of the Tru64 UNIX operating system run Version 2 (the xntpd daemon); servers running Version 4.0 of the Tru64 UNIX operating system run Version 3 (the xntpd daemon).

11.3 Configuring NTP

Use the SysMan Menu application of the Common Desktop Environment (CDE) Application Manager to configure NTP. It enables you to configure all NTP local servers and clients, provided they use Internet NTP servers as their time source. To invoke the SysMan Menu application, follow the instructions in Section 1.1.1.

Note

Do not use the SysMan Menu to configure NTP on local NTP servers that use a local or external reference clock as a time source. Instead, see ntp_manual_setup(7) for instructions.
Also, if you plan to use both NTP and the timed daemon, set up NTP prior to setting up the timed daemon.

To configure NTP, do the following:

From the SysMan Menu, select Networking-->Additional Network Services-->Network Time Protocol (NTP)-->Configure system as an NTP client to display the Configure NTP Client dialog box.
Alternatively, enter the following command on a command line:
```
# /usr/bin/sysman ntp_config
```

Indicate whether you want to enable authentication by selecting the appropriate check box. If you choose to enable authentication, you must enter at least one authentication key as follows; repeat the steps to add additional keys:
1. Select Add under Authentication Keys to display the Add/Modify dialog box.
2. Enter the Key Number and Key for a peer or peers. The Key Number is a number from 1-15 that identifies the Key. The Key is an alphanumeric password of 1-8 characters with no spaces.
3. Select OK to add the authentication key to the list and to dismiss the Add/Modify dialog box.
Your authentication keys are stored in the /etc/ntp.keys file when you save your configuration and close the Configure NTP Client dialog box.

Select Add under Servers & Peers to display the Add/Modify dialog box.

Enter the host name, mode, version, and key number for an NTP server. If the NTP Server's IP address is not available through DNS or NIS, you must add it to the /etc/hosts database on your system as described in Section 2.3.7.
For clients, enter the information for an NTP server that is local to your site. For servers, enter the information for an Internet NTP server. (See Section 11.2.1 for information on selecting Internet servers.) In either case, you should specify a minimum of three NTP servers.
The information is recorded in the /etc/ntp.conf file. For clients, entries in this file are designated as server entries because clients can synchronize their time only with these systems. An NTP server, however, can contain server and peer entries in its ntp.conf file. A peer system can be synchronized to another system's time or it can synchronize another system's time to its own.

Select OK to add the NTP server to the list and to dismiss the Add/Modify dialog box. To add other NTP servers, repeat steps 3 through 5.

Indicate whether you want to correct large time differences by selecting the appropriate check box.
This option, enabled by default, allows xntpd to correct differences of more than 1000 seconds between your system time and your system's NTP server's time that occur after the xntpd daemon is started. The ntpdate command is run at boot time by the /sbin/init.d/settime script to correct initial time differences. If your system is sensitive to security threats, do not enable this option. If you do not use this option, time differences of more than 1000 seconds will cause the xntpd daemon to log a message to syslog and exit.

Indicate whether you want to prevent time from being set backwards by selecting the appropriate check box. The default is to allow the xntpd daemon to set the system time backward.

Select OK to accept the configuration and to close the Configure NTP Client dialog box.

A new dialog box is displayed indicating that the changes have been saved and prompting you to start the xntpd daemon.

Select Yes to start the daemon and apply your changes immediately, or select No to close the Configure NTP Client dialog box apply the changes the next time you reboot your system.

Note

When you start NTP, the system attempts to synchronize its clock with an NTP server's clock. If you previously enabled a screen saver on your system, the time difference might be enough to activate it. In some cases, this blanks the screen, but it does not harm the system. Move the mouse or hit a key on the keyboard to reactivate the display.

If you choose Yes, you are informed that the NTP daemons have been started. Select OK to dismiss the message and to close the Configure NTP Client dialog box.

You can modify your NTP configuration after the initial setup. You can also start and restop the xntpd daemon as necessary. See the online help for more information.

11.4 Enabling the High-Resolution Clock

The operating system includes an optional high-resolution clock that can be used for time-stamping and for measuring events that occur on the order of microseconds, such as the time spent in a critical code path. Programmers might be able to use this information to find the source of a bug or to determine where a program should be optimized to improve performance.

To enable the high-resolution clock, add the following line to the kernel configuration file and rebuild the kernel:

options MICRO_TIME

The system clock (CLOCK_REALTIME) resolution as returned by the clock_getres function does not change, nor does the timer resolution. However, the time as returned by the clock_gettime routine is extrapolated between the clock ticks, and the granularity of the time returned is in microseconds. The resulting time values are SMP-safe, they are monotonically increasing, and they have an apparent resolution of 1 microsecond.

11.5 Monitoring Hosts Running the xntpd Daemon

You can monitor the hosts running the xntpd daemon by using either the ntpq command or the xntpdc command.

To monitor the local host's NTP status using the ntpq command, use the following syntax:

ntpq [options...]

To monitor remote hosts' NTP status using the ntpq command, use the following syntax:

ntpq [options...] host1 host2...

Table 11-1 shows the ntpq command options.

Table 11-1: Options to the ntpq Command

Option	Function
`-c command`	Interprets `command` as an interactive format command and adds it to a list of commands to be executed on the specified host or hosts
`-i`	Forces `ntpq` to operate in interactive mode
`-p`	Prints a list of peers and a summary of their state

In interactive mode, use the host command to set the host to use as a reference for the other options; the local host is the default. Use the peers option to display the offsets between the current host and its xntpd servers. See ntpq(8) for more information about this command and its options.

The following example shows normal output from the ntpq command with the -p option:


% ntpq -p
     remote           refid      st  when poll reach  delay  offset   disp
==========================================================================
*host2.corp.com  host121.corp.co  2    47   64  377    31.3   93.94   16.5
+host4.corp.com  host2.corp.com   3   212 1024  377    33.8   89.58   16.9
 host8.corp.com  host2.corp.com  16 never   64    0     0.0    0.00  64000

The last line of the previous example shows that host8 is either not running NTP or cannot be reached.

To monitor the local host's NTP status using the xntpdc command, use the following syntax:

xntpdc [options...]

To monitor remote hosts' NTP status using the xntpdc command, use the following syntax:

xntpdc [options...] host1 host2...

Table 11-2 shows some of the xntpdc command options.

Table 11-2: Options to the xntpdc Command

Option	Function
`-c command`	Interprets `command` as an interactive format command and adds it to a list of commands to be executed on the specified host or hosts.
`-i`	Forces `xntpdc` to operate in interactive mode.
`-l`	Prints a list of peers that are known to the server.
`-p`	Prints a list of peers and a summary of their state. This is similar in format to the `ntpq -p` command.

See xntpdc(8) for more information on this command and its options.

The following example shows normal output from the xntpdc command with the -p option:


% xntpdc -p
     remote           refid      st  when poll reach  delay  offset   disp
==========================================================================
*host2.corp.com host121.corp.co   2    47   64   377   31.3   93.94   16.5
+host4.corp.com host2.corp.com    3   212 1024   377   33.8   89.58   16.9
.host5.corp.com host12.usc.edu    2   111 1024   377   39.1   46.98   17.7

11.6 Monitoring Hosts Running the ntpd Daemon

You can monitor the hosts running the ntpd daemon by using the ntpdc command; however, you should use the xntpdc command because it works with all versions of NTP and provides additional features.

11.7 Querying Servers Running NTP

You can query time by using the ntp and ntpdate commands. However, you should use the ntpdate command because it works with all versions of NTP and provides additional features to those provided by the ntp command.