Network Management

Network Protocols
Network Time Protocol (NTP
 introduction

• Computer system clocks show users what time it is.

• System time is relevant not only for the user, but also for the
computer itself.
• Time stamps play a vital role in the communication between two or
more systems, and also in the correct flow of cross-network
processes or services.
• To prevent system complications due to different system times, the
so-called network time protocol was published.
 network time protocol(NTP)
• The network time protocol (NTP) describes a protocol for
synchronizing multiple network clocks through a set of spread-out
clients and servers.
• Its predecessors are the time protocol, and ICMP timestamp
message, whose functions were combined in the network time
protocol.
• NTP is based on the user datagram protocol (UDP), which enables
connectionless data transport. The UDP port number for this is 123.
 Internet Control Message Protocol
• The Internet Control Message Protocol (ICMP) is a supporting protocol in
the Internet protocol suite.
• It is used by network devices, including routers, to send error messages and
operational information indicating success or failure when communicating with
another IP address.
• For example, an error is indicated when a requested service is not available or
that a host or router could not be reached.
• ICMP differs from transport protocols such as TCP and UDP in that it is not
typically used to exchange data between systems, nor is it regularly employed
by end-user network applications like ping and traceroute.
 network time protocol(NTP)
• A networking protocol for clock synchronization between computer systems
over packet-switched, variable-latency data networks.
• NTP is intended to synchronize all participating computers to within a few
milliseconds of Coordinated Universal Time (UTC).
• NTP can usually maintain time to within tens of milliseconds over the public
Internet, and can achieve better than one millisecond accuracy in local area
networks under ideal conditions.
• Asymmetric routes and network congestion can cause errors of 100 ms or
more.
 network time protocol(NTP)
• The protocol is usually described in terms
of a client–server model, but can as
easily be used in peer-to-peer
relationships where both peers consider
the other to be a potential time source.
• Diagram showing the relationships
between the various levels of NTP
servers.
• The blue numbers are the layer numbers;
yellow arrows show a direct connection,
such, while red arrows show a network
connection.
 Clock stratam
• NTP uses a hierarchical, semi-layered system of time sources.
• Each level of this hierarchy is termed a stratum and is assigned a number
starting with zero for the reference clock at the top.
• A server synchronized to a stratum n server runs at stratum n + 1.
• The number represents the distance from the reference clock and is used
to prevent cyclical dependencies in the hierarchy.
• Stratum is not always an indication of quality or reliability; it is common to
find stratum 3 time sources that are higher quality than other stratum 2
time sources.
 Stratum 0
• These are high-precision timekeeping devices such as atomic clocks,
GNSS (including GPS) or other radio clocks, or a PTP-synchonized
clock.
• They generate a very accurate pulse per second signal that triggers an
interrupt and timestamp on a connected computer.
• Stratum 0 devices are also known as reference clocks.
• NTP servers cannot advertise themselves as stratum 0.
• A stratum field set to 0 in NTP packet indicates an unspecified stratum
 Stratum 1
• These are computers whose system time is synchronized to
within a few microseconds of their attached stratum 0
devices.
• Stratum 1 servers may peer with other stratum 1 servers for
stability check and backup.
• They are also referred to as primary time servers.
 Stratum 2
• These are computers that are synchronized over a network to
stratum 1 servers.
• Often a stratum 2 computer queries several stratum 1 servers.
• Stratum 2 computers may also peer with other stratum 2
computers to provide more stable and robust time for all
devices in the peer group.
 Stratum 3
• These are computers that are synchronized to stratum 2
servers.
• They employ the same algorithms for peering and data
sampling as stratum 2, and can themselves act as servers for
stratum 4 computers, and so on.
• The upper limit for stratum is 15; stratum 16 is used to
indicate that a device is unsynchronized.
• w32tm To Check and configure
NTP using the Command
Prompt
• This shows the current time.
• time /T
• This shows you many more
details, such as: stratum,
precision, last sync, NTP server
and etc..
• w32tm /query /status
 Why should Time be synchronized?
• If you have communicating programs running on different computers and if you
switch from one computer to another.
• Obviously if one system is ahead of the others, the others are behind that
particular one.
• From the perspective of an external observer, switching between these systems
would cause time to jump forward and back, a non-desirable effect.
• As a consequence, isolated networks may run their own wrong time, but as
soon as you connect to the Internet, effects will be visible.
 Why should Time be synchronized?
• Imagine an email message arriving five minutes before it was sent, with a reply
timed two minutes before the message was sent.
• Even on a single computer some applications have trouble when the time jumps
backwards.
• For example, database systems using transactions and crash recovery like to
know the time of the last good state.
• Even if a database uses integer numbers for transaction sequencing internally,
users may want to perform time-based recovery.
• Air traffic control was one of the first applications for NTP.
 basic features of NTP
• NTP needs some reference clock that defines the true time to
operate.
• All clocks are set towards that true time.
• It will not just make all systems agree on some time, but will make
them agree upon the true time as defined by some standard.
• NTP uses UTC as reference time.
• UTC (Universal Time Coordinated) is an official standard for the current
time. To convert UTC to local time, one would have to add or subtract the
local time zone.
 basic features of NTP
• NTP automatically selects the best of several available time
sources to synchronize to.
• Temporarily or permanently unreliable time sources will be
detected and avoided.
• NTP is highly scalable. A synchronization network may consist of
several reference clocks.
• Propagating time from one node to another forms a hierarchical
graph with reference clocks at the top.
 basic features of NTP
• Having available several time sources, NTP can select the best candidates
to build its estimate of the current time.
• The protocol is highly accurate, using a resolution of less than a
nanosecond.
• Even when a network connection is temporarily unavailable, NTP can use
measurements from the past to estimate current time and error.
• For formal reasons NTP will also maintain estimates for the accuracy of
the local time.
 NTP servers in the Internet
• According to A Survey of the NTP Network(1999) there were at least 175,000
hosts running NTP in the Internet.
• Among these there were over 300 valid stratum-1 servers.
• In addition there were over 20,000 servers at stratum 2, and over 80,000
servers at stratum 3.
• Africa — africa.pool.ntp.org (84)
• Antarctica — antarctica.pool.ntp.org (0)
• Asia — asia.pool.ntp.org (334)
• Europe — europe.pool.ntp.org (3016)
• North America — north-america.pool.ntp.org (1078)
• South America — south-america.pool.ntp.org (68)
• Oceania — oceania.pool.ntp.org (160)
 Good Practice for Public NTP Servers
• You should avoid excessive use of public NTP servers. Only query servers at
reasonable intervals.
• This may vary from once a day to a few times an hour, depending on your
system requirements.
• NTP clients should never be configured to request time from a NTP server more
frequently than once every four seconds.
• Clients that exceed this rate may be flagged as attempting a denial of service
(DoS) attack and may be refused service.
• Public time servers are often maintained by volunteers. They provide no
guarantee of availability or accuracy. You use them at your own risk.
 What if the Reference Time changes?
• Ideally the reference time is the same everywhere in the world.
• Once synchronized, there should not be any unexpected changes
between the clock of the operating system and the reference clock.
• Therefore, NTP has no special methods to handle the situation.
 Time encoding in NTP
• The NTP timestamp is a 64 bit binary value with an indirect fraction
point between the two 32 bit splits.
• If you take all the bits as a 64 bit unsigned integer, stick it in a floating
point variable with at least 64 bits of double and do a floating point
divide by 2^32, you’ll get the right answer.
• As an example the 64 bit binary value:

• 00000000000000000000000000000001 10000000000000000000000000000000
 Time encoding in NTP
• In addition one should know that the epoch for NTP starts in year 1900 while
the epoch in UNIX starts in 1970.
• Therefore the following values both correspond to
2000-08-31_18:52:30.735861
• UNIX: 39aea96e.000b3a75
00111001 10101110 10101001 01101110.
00000000 00001011 00111010 01110101
• NTP: bd5927ee.bc616000
10111101 01011001 00100111 11101110.
10111100 01100001 01100000 00000000
 Limit for the Number of Clients
• The limit depends on several factors, like speed of the main processor and
network bandwidth, but the limit is quite high.
• 2 packets/256 seconds * 500 K machines -> 4 K packets/second (half in each
direction).
• Packet size is close to minimum, definitely less than 128 bytes even with
cryptographic authentication:
• 4 K * 128 -> 512 KB/s.
• So, as long as you had a dedicated 100 Mbit/s full duplex leg from the central
switch for each server, it should see average networks load of maximum 2-3%.