Network Time Protocol

src: www.burningnode.com

Network Time Protocol ( NTP ) is a network protocol for clock synchronization between computer systems via packet-switched data networks, variable-latency. In operation since before 1985, NTP is one of the oldest Internet protocols in use today. NTP was designed by David L. Mills of the University of Delaware.

NTP is meant to sync all participating computers into a few milliseconds from Coordinated Universal Time (UTC). It uses the intersection algorithm, a modified version of the Marzullo algorithm, to select an accurate time server and is designed to reduce the effects of variable network latency. NTP typically can hold up to tens of milliseconds over the public Internet, and can achieve more than a millisecond accuracy in local area networks in ideal conditions. Asymmetric routes and network congestion can cause errors of 100 ms or more.

The protocols are usually described in terms of client-server models, but can easily be used in peer-to-peer relationships where both colleagues consider the other a potential time source. Implementation sends and receives time stamps using User Datagram Protocol (UDP) on port number 123. They can also use broadcasting or multicasting, where the client passively listens for time updates after the initial round-trip calibration exchanges. The NTP provides a warning for the upcoming second jump adjustment, but no information about the local time zone or the time of summer is transmitted.

The current protocol is version 4 (NTPv4), which is the proposed standard as documented in RFC 5905. It is compatible with version 3, specified in RFC 1305.

Video Network Time Protocol

Histori

In 1979, time network synchronization technology was used in what might be the first public demonstration of Internet services run through trans-Atlantic satellite networks, at the National Computer Conference in New York. This technology was later described in the 1981 Internet Engineering Note (IEN) 173 and the public protocol developed from it documented in RFC 778. This technology was first used in local area networks as part of the Hello routing protocol and implemented in the Fuzzball router, the experimental operating system used in a network prototype, where it runs for years.

Other network related tools are available both then and now. They include daytime protocols and time to record event time, as well as Timestamp ICMP and IP Timestamp (RFC 781) options. A more complete synchronization system, although lack of NTP data analysis and clock disciplining algorithms, including the Timime Unix daemon , which uses a selection algorithm to designate servers for all clients; and Digital Time Sync Service (DTSS), which uses a server hierarchy similar to the NTP stratum model.

In 1985, NTP version 0 (NTPv0) was implemented in Fuzzball and Unix, and NTP packet headers and round-trip delay and offset calculations, which have persisted into NTPv4, are documented on RFC 95 958. Although relatively slow computers and networks are available on at that time, an accuracy of better than 100 milliseconds is usually obtained on Atlantic spanning networks, with millisecond accuracy on Ethernet networks.

In 1988, a much more complete specification of the NTPv1 protocol, with related algorithms, was published in RFCÃ, 1059. This draws on experimental results and clock filter algorithms documented in RFC 95 956 and is the first version to describe client-server and peer mode- hoist. In 1991, NTPv1 architecture, protocols and algorithms were brought to the attention of the wider engineering community with the publication of the article by David L. Mills in the IEEE Transactions in Communications.

In 1989, RFC 1119 published defining NTPv2 using state machines, with pseudocode to describe its operation. It introduced the management protocol and cryptographic authentication scheme that both survived to NTPv4. The NTPv2 design is criticized for lacking formal truth principles by the DTSS community. Their alternative designs include the Marzullo algorithm, a modified version that is immediately added to NTP. Most of the algorithms of this era also largely survive to NTPv4.

In 1992, RFC 1305 defines NTPv3. The RFC incorporates analysis of all sources of error, from the reference clock to the last client, allowing the calculation of metrics that help select the best server in which some candidates seem to disagree. Broadcast mode is introduced.

In subsequent years, when new features are added and algorithm improvements are made, it becomes clear that a new protocol version is required. In 2010, RFC 5905 was published containing the proposed specifications for NTPv4. This protocol has changed significantly since then, and by 2014, updated RFCs have not been published yet. After Mills retired from the University of Delaware, the current reference implementation is maintained as an open source project led by Harlan Stenn.

Maps Network Time Protocol

Hourly strata

NTP uses a hierarchical and semi-ply time source system. Each level of this hierarchy is referred to as strata and is numbered starting with zero for the reference clock at the top. The server is synchronized to the strata server n running on strata n 1. The number represents the distance from the reference clock and is used to prevent cycle dependency in the hierarchy. Stratum is not always an indication of quality or reliability; it is common to find a better source of strata 3 time than other stratum 2 timing sources. A short explanation of strata 0, 1, 2 and 3 is provided below.

Stratum 0

This is a high precision timing device such as an atomic clock, GPS or other clock radio. They generate very accurate pulses per second signals that trigger an interrupt and timestamp on the connected computer. The Stratum 0 device is also known as the reference clock.

Stratum 1

This is a computer whose system time is synchronized into several microseconds from the attached stratum 0 device. The Stratum 1 server can view other stratum 1 servers for checking and sanitizing. They are also referred to as the main time servers.

Stratum 2

This is a computer that is synchronized over the network to the strata 1 server. Often the strata 2 computer will ask for multiple stratum servers 1. Stratum 2 computer can also peek with other 2 stratum computers to provide a more stable and robust time for all devices in the group peer.

Stratum 3

These are computers that are synchronized to the 2nd strata server. They use the same algorithm for peering and sampling data as strata 2, and can act as servers for computer strata 4, and so on.

The upper limit for the strata is 15; stratum 16 is used to indicate that a device is not synchronized. The NTP algorithm on each computer interacts to construct a Bellman-Ford-shortest span-line tree, to minimize the accumulated round-trip delay to server stratum 1 for all clients.

src: i.ytimg.com

Time stamp

The 64-bit timestamp used by NTP consists of 32-bit sections for seconds and 32-bit sections for fractional seconds, giving the rolling time scale every 2 ³² seconds (136 years) and theoretical resolution 2 < soup> -32 seconds (233 picoseconds). NTP uses the time of January 1, 1900 so that the first rollover will be done on February 7, 2036.

Future versions of NTP can extend the time representation to 128 bits: 64 bits for seconds and 64 bits for fractions of a second. The current NTPv4 format has support for the Era Number and Offset Era , which when used correctly will help fix the rollover issue of dates. According to Mills, "the 64-bit value for the fraction is sufficient to solve the amount of time it takes for photons to pass an electron at the speed of light." The value of 64 bits a second is enough to provide an unambiguous time representation until the universe goes.

src: i.ytimg.com

Clock synchronization algorithm

Klien NTP biasa akan secara teratur melakukan polling terhadap tiga atau lebih server di berbagai jaringan. Untuk menyinkronkan jamnya, klien harus menghitung waktu offset dan penundaan bolak-balik. Waktu diimbangi ? ditentukan oleh

${\ displaystyle \ theta = {(t_ {1} -t_ {0}) (t_ {2} -t_ {3}) \ over 2}}  ÂÂ$ ,

dan penundaan pulang-pergi ? oleh

${\ displaystyle \ delta = {(t_ {3} -t_ {0}) - (t_ {2} -t_ {1})}}  ÂÂ$ ,

Where

t ₀ is the client time stamp of the request packet transmission,

t ₁ is the server time stamp of the request packet acceptance,

t ₂ is the server timestamp of the response packet transmission and

t ₃ is the client timestamp of the response packet receipt.

Values ​​for ? and ? passed through the filter and undergo statistical analysis. Outliers are discarded and the estimated time offset comes from the three best remaining candidates. The clock frequency is then adjusted to reduce the offset gradually, creating a feedback loop.

Sync is correct when both inbound and outbound routes between client and server have symmetric nominal delay. If the route does not have a general nominal delay, there will be a systematic bias of half the difference between the travel time to the front and the back.

src: slideplayer.com

Implementation of the software

Reference implementations

The NTP reference implementation, together with the protocol, has been continuously developed for over 20 years. Backward compatibility has been maintained as new features have been added. It contains some sensitive algorithms, especially for disciplining hours, which can be bad when synced to servers that use different algorithms. The software has been moved to almost all computing platforms, including personal computers. It runs as a daemon called ntpd under Unix or as a service under Windows. Reference clocks are supported and offsets are filtered and analyzed in the same way as remote servers, although they usually poll more frequently.

This table shows the common reference identifier code (refid). Other refid codes can be specified and encountered.

SNTP

A less complex implementation of NTP, using the same protocol but without requiring state storage over a long period of time, is known as Simple Network Time Protocol ( SNTP ). It is used in some embedded and in-app devices where full NTP capability is not required.

Windows Time Service

All versions of Microsoft Windows since Windows 2000 include the Windows Time service ("W32Time"), which has the ability to synchronize computer clocks to NTP servers.

The W32Time service was originally implemented for the purpose of the Kerberos 5 authentication protocol, which takes time to be within 5 minutes of the correct value to prevent replay attacks. Versions in Windows 2000 and Windows XP only implement SNTP, and violate some aspects of the standard version of NTP 3. Starting with Windows Server 2003 and Windows Vista, a complete NTP complete implementation is included. Microsoft says that the W32Time service can not maintain a synchronization time up to a range of 1 to 2 seconds. If higher accuracy is required, Microsoft recommends using a different NTP implementation.

Windows Server 2016 now supports 1 ms time accuracy under certain operating conditions.

OpenNTPD

In 2004, Henning Brauer presented OpenNTPD, a NTP implementation with a focus on security and includes a separate design privilege. While it's aimed more closely at the simpler generic needs of OpenBSD users, it also includes some protocol security fixes while still being compatible with existing NTP servers. It was originally designed for OpenBSD but has a portable version available and that is already available as a package in the Linux package repository.

Ntimed

The new NTP client, ntimed , was started by Poul-Henning Camp in 2014. This new implementation is sponsored by the Linux Foundation as a substitute for reference implementation, as it is determined to more easily write new implementations from scratch than to fix problems exists with an existing code base. Starting June 2015, no official releases have been made yet, but ntimed can sync your watch reliably. ntimed works under Debian and FreeBSD, but still needs to be ported to Windows and macOS.

NTPsec

NTPsec is a fork of a systematically strengthened reference implementation. The fork point is in June 2015 and in response to the compromise upheaval in 2014; per 2017, this software is in beta testing. Between removal of unsafe features, removal of support for outdated devices, and removal of support for obsolete Unix variants, NTPsec has been able to reduce 60% of the original codebase, making the rest more auditable.

Chrony

Chrony comes by default in Red Hat distribution and is available in the Ubuntu repositories. Chrony is for ordinary computers, which are unstable, go into sleep mode or have intermittent connections to the Internet. Chronys are also designed for virtual machines, a much more unstable environment. It is characterized by low resource consumption (cost) and supports PTP as well as NTP. It has two main components: chronyd daemon that starts when the computer starts and chronyc the command line interface to the user for its configuration. It has been evaluated as very secure and with only a few incidents, the advantage is the versatility of the code, written from scratch to avoid code complexity. Chrony was written under the GNU General Public License version 2, created by Richard Curnow in 1997 with the rest of the time and is currently managed by Miroslav Lichvar, a development supported by Red Hat Software.

src: i.ytimg.com

Leap seconds

On the day of the second jump event, ntpd receives notifications from the configuration file, attached reference clock, or remote server. Because of the time requirements it must appear monotonically increased, the seconds jump is inserted in the order of 23:59:59, 23:59:60, 00:00:00. Although the hours are actually stopped during the event, all processes that ask for system time cause it to increase by a small amount, keeping the sequence of events. If a second negative jump should become necessary, it will be removed in sequence 23:59:58, 00:00:00, jump 23:59:59.

src: nicolas.aimon.fr

Security worries

Some security issues arose at the end of 2014. Previously, researchers realized that NTP servers can be vulnerable to man-in-the-middle attacks unless the packets are signed cryptographically for authentication. The overhead of computing involved can make this impractical on a busy server, especially during denial of service attacks. Spoofing of NTP messages can be used to move the clock on the client computer and allow a number of attacks based on passing the expiration of the cryptographic key. Some services affected by the identified fake NTP messages are TLS, DNSSEC, various caching schemes (such as DNS cache), BGP, Bitcoin, and a number of persistent logging schemes.

Only a few other security issues have been identified in the reference implementations of the NTP codebase in its history of more than 25 years, but what emerged recently is a cause for significant concern. This Protocol has undergone revision and review of its entire history. As of January 2011, there is no security revision in the NTP specification and no reports in CERT. The current code base for reference implementations has been undergoing security audits from several sources for several years now, and no known high-risk vulnerabilities in software are released at this time.

NTP has been used in distributed denial of service (DDoS) attacks. Small queries are sent to the NTP server with a false sender address to be the target address. Similar to DNS amplification attacks, the server responds with a much larger reply that allows the attacker to substantially increase the amount of data sent to the target. To avoid participating in attacks, servers can be configured to ignore external queries, or they can be upgraded to 4.2.7p26 or later.

A stack-based buffer overflow exploit was found and patches available on December 19, 2014. This includes all versions of NTP Version 4 before version 4.2.8. Apple is quite worried that it uses auto-update capabilities for the first time, though only for the latest version of macOS. In the case of version 10.6.8 there is a manual fix for the server version, and regular "client" users can only turn off automatic time updates in System Preferences for Date & amp; Time. Researchers believe that the protocol design is excellent and that defects arise in the implementation of the protocol. Some errors are basic, such as lost returns in routines, which can cause unlimited access to systems running multiple versions of NTP in the root daemon. Systems that do not use a root daemon, such as BSD, are not subject to this deficiency.

src: i.ytimg.com

See also

• Allan variance
• Clock network
• International Atomic Time
• NIST
• NITZ
• NTP pool
• Abuse and abuse of NTP servers
• Ntpdate
• OpenNTPD
• Precision Time Protocol (IEEE 1588 PTP)

src: i.pinimg.com

Note

src: slideplayer.com

References

src: nicolas.aimon.fr

Further reading

• Definition of Managed Objects for Network Time Protocol Version 4 (NTPv4) . doi: 10.17487/RFC5907. RFC 5907 . https://tools.ietf.org/html/rfc5907.
• Network Time Protocol (NTP) Server Options for DHCPv6 . doi: 10.17487/RFC5908. RFC 5908 . https://tools.ietf.org/html/rfc5908.

src: previews.123rf.com

External links

• Official website
• IETF NTP working group
• Time and NTP paper
• NTP 2005 survey
• NTP Server Server Test Tools
• The current NIST leap seconds file is compatible with ntpd
• David L. Mills, Brief History of NTP Time: Confessions of Internet Timekeeper

Source of the article : Wikipedia