10 Network Time Protocol

The Network Time Protocol (NTP) provides accurate, dependable, and synchronized time for hosts on both wide area networks (WANs) like the Internet network and local area networks (LANs). In particular, NTP provides synchronization traceable to clocks of high absolute accuracy, and avoids synchronization to clocks keeping bad time. The Digital UNIX NTP subsystem is derived from the University of Maryland's implementation, xntp version 3.4m. The /etc/ntp.conf file is the configuration file for the xntpd daemon.

This chapter describes the Digital UNIX NTP subsystem and its components, guidelines for configuring and administering NTP, NTP configuration planning, NTP configuration, and day-to-day management tasks. For introductory information on NTP, see ntp_intro(7).

You can also choose to set your system time by using the rdate command or the timed daemon.

Note
The timed daemon is provided for compatibility. Digital recommends you use NTP for time synchronization. If you plan to run both the timed daemon and NTP, you should configure NTP first.

For more information on the rdate command, see rdate(8) and ntp_manual_setup(7).

For more information on the timed daemon, see timed(8) and timedsetup(8).

10.1 The NTP Environment

In the Digital UNIX NTP environment, systems can have the following roles:

Client -- An NTP client system is a system that synchronizes its time with local NTP servers.
Server -- An NTP server is a local system that synchronizes its time either with an Internet NTP server or with a local reference clock.

Figure 10-1 shows a sample NTP configuration on a LAN in which Host D is an NTP server that uses a local reference clock as its time source. Hosts A, B, C, E, F, and G are NTP clients, synchronizing their time with Host D.

Figure 10-1: Sample NTP Configuration (Local Clock)

Figure 10-2 shows a sample NTP configuration in which host D is an NTP server that uses an Internet time server as its time source. Hosts A, B, C, E, F, and G are NTP clients, synchronizing their time with Host D.

Figure 10-2: Sample NTP Configuration (Internet Source)

10.1.1 Selecting Internet Servers

If you are setting up a local NTP server with Internet NTP servers as its time source, you must select the Internet servers you want to use. The list of possible Internet servers and information about their stratum level is available by means of anonymous File Transfer Protocol (FTP) from louie.udel.edu. In the following sample FTP session the list of NTP servers is copied from the system louie.udel.edu to the local host:

% ftp louie.udel.edu 220 louie.udel.edu FTP server (Version 4.108 Sun Feb 19 22:09:45 EST 1993) ready. Name (louie.udel.edu:my_name): anonymous Password (louie.udel.edu:anonymous): my_login@my_host 331 Guest login ok, send ident as password. 230 Guest login ok, access restrictions apply. ftp> cd pub/ntp/doc 250 CWD command successful. ftp> get clock.txt 200 PORT command successful. 150 Opening ASCII mode data connection for clock.txt (57002 bytes). 226 Transfer complete. local: clock.txt remote: clock.txt 58409 bytes received in 14 seconds (4.2 Kbytes/s) ftp> bye 221 Goodbye.

Note
For security reasons, not all systems at a site can have anonymous FTP access.

10.2 NTP Planning

Appendix A contains a worksheet that you can copy and use to record the information that you need to complete the tasks in this book. If you are viewing this manual online, you can use the print feature to print a copy of this part of the worksheet.

Figure 10-3 shows Part 9 of the Configuration Worksheet. The following sections explain the information you need to record in Part 9 of the worksheet.

Figure 10-3: Configuration Worksheet, Part 9

System's role: Your system can be a local NTP server or an NTP client, or both.

10.2.1 Server Information

Time source

Your system's time source. For local NTP servers, the time source is one of the following:

Internet NTP servers -- If your system is connected to the Internet network, see Section 10.1.1 for information on obtaining a list of the NTP Internet servers and permission to use them. Digital recommends you select a minimum of three systems from the list of Internet servers with which to synchronize the time on your local NTP servers. Obtain permission from the contact person listed for the Internet server before specifying it as a server for your local NTP servers.
A local reference clock -- If your network is not connected to the Internet network, you must select a system on your network to be the local reference clock. A local reference clock is a lightly loaded and highly available system that keeps good time. See ntp_manual_setup(7) and ntp.conf(4) for information on setting up a local reference clock.

Server Internet address: The IP address of the Internet NTP server or the local reference clock. Local NTP servers are the time sources for NTP clients.

Server name: The host name of the Internet NTP server.

NTP version: The version of NTP daemon running on the Internet NTP server or the local reference clock. This can be Version 1 (ntpd), Version 2 (xntpd), or Version 3 (xntpd).

10.2.2 Client Information

Local NTP server address: The local NTP server IP address. Local NTP servers are the time sources for NTP clients.

Server name: The local NTP server name.

NTP version: The version of NTP daemon running on the local NTP server. This can be Version 1 (ntpd), Version 2 (xntpd), or Version 3 (xntpd). Servers running Version 3.2 or earlier of the Digital UNIX operating system run Version 2 (xntpd); servers running Version 4.0 of the Digital UNIX operating system run Version 3 (xntpd).

10.3 Configuring NTP

After you gather the necessary information and select your Internet servers, configure NTP by using the ntpsetup script. The script enables you to configure all NTP clients and local NTP servers, provided they use Internet NTP servers as their time source.

Note
Do not use the ntpsetup script to configure NTP on local NTP servers that use a local or external reference clock as a time source. Instead, see ntp_manual_setup(7) for instructions.

If you plan to use both NTP and the timed daemon, set up NTP prior to setting up the timed daemon.

To configure NTP, do the following:

Invoke the ntpsetup script by choosing the Network Time Protocol (NTP) option from the Setup Menu or by entering the following command:

# /usr/sbin/ntpsetup

An explanation of ntpsetup appears on your screen.

If the timed daemon has been configured on the system, the following message appears:

NOTE: timed has been configured on this system.

 

In order to insure proper coexistence, timed must be
configured AFTER NTP.

 

If you continue with the NTP configuration, the timed
configuration data will be removed (which means timed cannot run).
You will need to re-enable timed by using timedsetup again.

 

Do you wish to continue (yes/no) [no default]?

Press Return following the script's explanation of what ntpsetup does.
Indicate whether you want to run the xntpd daemon with authentication.
Authentication enables you to verify the authenticity of received NTP packets and indicate authenticity of outgoing NTP packets. If you want to use authentication, enter Y. If you do not want to use authentication, press Return.
Enter the names of the NTP servers for this system.
For clients, enter the names of your site's local NTP servers. For servers, enter the names the Internet NTP servers. (See Section 10.1.1 for information on selecting Internet servers.) In either case, Digital recommends you specify a minimum of three NTP servers.
For NTP clients, entries in the ntp.conf file are designated server entries because clients can only synchronize their time with them. NTP servers, however, can contain server and peer entries. The term peer indicates that the local server can be synchronized to the remote server and that the remote server can be synchronized by the local server.
If you enter the name of a host that your system cannot find an address for in the local /etc/hosts database or through BIND or NIS, the ntpsetup script prompts you for its IP address. For example:
Hostname of NTP server/peer [no default]: host1 Mode for host1 (server or peer) (s/p) [s]: [Return] Looking up host host1 Cannot find an address for "host1". To add "host1" to the /etc/hosts file, you must know "host1"'s internet (IP) address. Would you like to add "host1" to the /etc/hosts file (y/n) [y]? [Return] What is host1's internet (IP) address [no default] ? 120.105.1.2 Is 120.105.1.2 correct (y/n) [no default] ? y Is host1 running ntpd (V1) or xntpd (V2/V3) (V1/V2/V3) [V3] ? V2 [Return] Hostname of NTP server/peer [no default]: host2 Mode for host1 (server or peer) (s/p) [s]: [Return] Looking up host host2 ...found. Is host2 running ntpd (V1) or xntpd (V2/V3) (V1/V2/V3) [V3] ? V2 [Return] Hostname of NTP server/peer [no default]: host3 Mode for host1 (server or peer) (s/p) [s]: [Return] Looking up host host3 ...found. Is host3 running ntpd (V1) or xntpd (V2/V3) (V1/V2/V3) [V3] ? V2 [Return] Hostname of NTP server/peer [no default]: [Return]

If you have selected to use authentication, ntpsetup prompts you for a key number to be associated with each server after it prompts you for the mode, as follows:
Enter the key number to be associated with hostname:

The ntpsetup script then displays the list of servers that you entered. If the list is correct, enter c to continue. If the list in incorrect or incomplete, enter r to redo it.
Press Return following the script's explanation that if any of your NTP servers are not on your subnet you must run either the routed or the gated daemon to access them.
For information on running the gated or routed daemon, see Chapter 2.
Indicate whether you want to run the xntpd daemon with the -g option.
The -g option allows xntpd to correct time differences of more than 1000 seconds between your system and that of your system's NTP servers that occur after the xntpd daemon is started. Initial time differences are corrected before the xntpd) daemon is started by the ntpdate command, which is run at boot time by the /sbin/init.d/settime script. If your system is sensitive to security threats, do not use the -g option. If you do not use the -g option, time differences of more than 1000 seconds will cause the xntpd daemon to log a message to syslog and exit.
Indicate whether you want to run the xntpd daemon with the -x option.
The -x option prevents xntpd from setting the system time backward. The default is to allow xntpd to set the system time backward.
If you have chosen authentication, enter the authentication keys and key identifiers to be put in the /etc/ntp.keys file. Enter as many as you need. For example:
Enter key and key identifiers separated by one space (no default): 1 defcd Enter key and key identifiers separated by one space (no default): [Return]

The ntpsetup script then displays the list of keys and key identifiers that you entered. If the list is correct, enter c to continue. If the list in incorrect or incomplete, enter r to redo it.
The ntpsetup script displays a message similar to the following and exits:
```
Configuring your system to run NTP...done.

 

Starting the NTP daemon (xntpd)...
Setting kernel timezone variable
Setting the current time and date with ntpdate
Ntpdate succeeded.
Network Time Service started
To monitor NTP, type "/usr/bin/ntpq -p".
```

10.4 Monitoring Hosts Running the xntpd Daemon

You monitor the hosts running the xntpd daemon by using either the ntpq command or the xntpdc command.

To monitor the local host's NTP status using the ntpq command, use the following syntax:

ntpq [options...]

To monitor remote hosts' NTP status using the ntpq command, use the following syntax:

ntpq [options...] host1 host2...

Table 10-1 shows the ntpq command options.

Table 10-1: Options to the ntpq Command

Option	Function
`-c command`	Interprets `command` as an interactive format command and adds it to a list of commands to be executed on the specified host or hosts
`-i`	Forces `ntpq` to operate in interactive mode
`-p`	Prints a list of peers and a summary of their state

In interactive mode, use the host command to set the host to use as a reference for the other options; the local host is the default. Use the peers option to display the offsets between the current host and its xntpd servers. See ntpq(8) for more information.

The following example shows normal output from the ntpq command with the -p option:

% ntpq -p

     remote           refid      st  when poll reach  delay  offset   disp
==========================================================================
*host2.corp.com  host121.corp.co  2    47   64  377    31.3   93.94   16.5
+host4.corp.com  host2.corp.com   3   212 1024  377    33.8   89.58   16.9
 host8.corp.com  host2.corp.com  16 never   64    0     0.0    0.00  64000

The last line of the previous example shows that host8 is either not running NTP or cannot be reached.

To monitor the local host's NTP status using the xntpdc command, use the following syntax:

xntpdc [options...]

To monitor remote hosts' NTP status using the xntpdc command, use the following syntax:

xntpdc [options...] host1 host2...

Table 10-2 shows some of the xntpdc command options.

Table 10-2: Options to the xntpdc Command

Option	Function
`-c command`	Interprets `command` as an interactive format command and adds it to a list of commands to be executed on the specified host or hosts.
`-i`	Forces `xntpdc` to operate in interactive mode.
`-l`	Prints a list of peers that are known to the server.
`-p`	Prints a list of peers and a summary of their state. This is similar in format to the `ntpq -p` command.

See xntpdc(8) for more information on this command and its options.

The following example shows normal output from the xntpdc command with the -p option:

% xntpdc -p

     remote           refid      st  when poll reach  delay  offset   disp
==========================================================================
*host2.corp.com host121.corp.co   2    47   64   377   31.3   93.94   16.5
+host4.corp.com host2.corp.com    3   212 1024   377   33.8   89.58   16.9
.host5.corp.com host12.usc.edu    2   111 1024   377   39.1   46.98   17.7

10.5 Monitoring Hosts Running the ntpd Daemon

You can monitor the hosts running the ntpd daemon by using the ntpdc command; however, Digital recommends that you use the xntpdc command. The xntpdc command works with all versions of NTP and provides additional features.

10.6 Querying Servers Running NTP

You can query time by using the ntp and ntpdate commands. However, Digital recommends that you use ntpdate because it works with all versions of NTP and provides additional features to those provided by ntp.