By implementing a few best practice principles, organisations can attain robust and reliable timing for their network infrastructure:
- Install 3 or more redundant Stratum 1 NTP servers.
- Configure lower stratum clients with at least 3 higher stratum servers.
- Peer lower stratum devices to share time.
- Secure NTP communications with authentication.
- Employ Stratum 1 servers that utilize Multi-GNSS receivers.
- Locate GNSS antennas outdoor with a good view of the sky.
- Protect your infrastructure with surge suppressors.
Network Time Protocol (NTP) is a standard Internet Protocol (IP) that is used to coordinate the real-time clocks of networked computers.
NTP is very widely used and can be found on most operating systems, including Linux, UNIX and Windows. It is used to synchronize the system clocks of computers and other network devices to within a few milliseconds of the correct time.
Deploy Redundant Time Servers
“A man with a watch knows what time it is. A man with two watches is never sure”.
Installing a single NTP server provides a network with a source of accurate time. However, things can start to go wrong if a fault occurs with the appliance. Network timing will quickly deteriorate as the system time of clients diverge.
NTP contains a number of algorithms that can be used to implement redundant sources of time to provide a high degree of reliability.
Deploying multiple redundant NTP servers at a site will improve reliability and protect against equipment failure.
Deploying two stratum 1 NTP servers provides a degree of redundancy. If one server develops a fault, the secondary unit provides backup.
However, NTP provides optimal reliability from three or more NTP servers. Three servers allows timing errors in any one server to be detected and mitigated.
If two servers are deployed and the time of one of them diverges from the other, it is impossible to detect. Three or more servers allows erroneous appliances (false-tickers) to be detected and excluded from the synchronization algorithm.
Sharing Time – NTP Peering
NTP peering is a mechanism whereby multiple NTP devices share time. This allows them to compare time from multiple sources, rejecting any outliers, and to agree a common time.
It is generally considered best practice NOT to peer stratum 1 NTP servers. Stratum 1 servers obtain time from hardware clocks and provide the most accurate time.
Sharing time with other servers over a network introduces latencies. Therefore, peering Stratum 1 servers can dilute the precision of the servers.
Best practice is to have 3 or more Stratum 1 NTP servers. Configure lower stratum servers to obtain time time from at least 3 higher stratum servers. Also, peer lower stratum servers together so that they share and agree time between themselves.
In this manner, lower stratum devices, can detect any false ticker (erroneous) higher stratum servers and exclude them from the synchronization algorithm. Moreover, lower stratum peering will provide a common network time that can be distributed to network time clients.
Implement Multiple Reference Clock Sources
Stratum 1 time servers rely on hardware clocks to provide an accurate source of time.
Timing infrastructure that is reliant on a single source of time will fail if that source becomes unobtainable. Therefore, consider using servers with different reference clock sources.
Multi-GNSS appliances, such as TimeTools T550, can synchronize to multiple GNSS constellations and therefore provide enhanced reliability. GPS is the most commonly used satellite constellation, but Galileo, GLONASS and other constellations provide alternatives.
NTP is based on UDP, it is therefore quite straightforward for attackers to spoof network time clients.
However, security features can be implemented that can be used to authenticate time servers.
Authentication allows a time client to prove that a server is who it purported to be and that the supplied time can be trusted.
Also, consider applying restrictions to NTP servers to prevent misuse. Restrictions can be applied to prevent clients from modifying or querying NTP settings. Simple configuration changes can also prevent other servers from peering.
For IPv4 and IPv6 enabled devices consider adding the following restrictions to prevent client misuse:
# Give the localhost full access rights (required) - IPv4 and IPv6: restrict 127.0.0.1 nomodify restrict 0::1 nomodify # Prevent remote clients from querying server - IPv4 and IPv6: restrict default limited kod nomodify notrap nopeer noquery restrict -6 default limited kod nomodify notrap nopeer noquery
To enhance security, it also a good practice to disable any unused protocols that may be configured on a server, such as HTTP, Telnet and FTP. Also ensure that complex passwords are used to prevent access to configuration menus.
The Importance of Symmetrical NTP Communication
NTP uses complex round-trip delay calculations to attempt to maintain very accurate time. It assumes that the network propagation time from a client to server is the same as the response time. It therefore assumes that communication is symmetrical.
If network communication is asymmetrical, significant timing errors can be introduced. ADSL communications generally have much faster download than upload speeds. This can affect the accuracy of NTP.
As a rule, a time client can synchronize much more accurately to NTP servers that are physically closer. This keeps network propagation delays, that can affect timing, to a minimum.
It also aids reliability because there is much less network infrastructure between client and server. For this reason local NTP servers will be more accurate than Internet based servers.
Best practice is therefore to install multiple stratum 1 servers close to network time clients.
NTP Server Installation Best Practice
A stratum 1 NTP server relies on a hardware reference clock to provide accurate and reliable timing information.
If the hardware reference clock is unreliable, the time provided by the server will become less reliable.
Many stratum 1 servers rely on Global Navigation Satellite Systems (GNSS) such as GPS, GLONASS and Galileo.
Many GNSS systems can operate with indoor or window located antennas. However, the most reliable signal will be obtained from an antenna positioned outdoor with an unobstructed 360 degree view of the sky.
A GNSS antenna should be mounted in an upright position. It should also ideally be positioned where it has a 360 degree sky view with an observation angle of 70 degrees from the vertical.
A well located antenna will allow the receiver to track the maximum number of satellites. This will provide a much more reliable signal lock. It will also allow satellites whose timing is out-of-tolerance to be detected and omitted from timing algorithms.
Position antennas in locations where they cannot be covered by drifting snow and also away from radio transmitters.
Outdoor located antennas can be prone to voltage surges from lightning strikes. Ensure that your timing infrastructure is adequately protected by fitting surge suppressors where antenna cables enter a building.
Keep antenna cables away from mains cables or electrically noisy equipment that may introduce noise into the system.
By following a few best practice principles, an organization can build a robust and reliable network timing infrastructure.
Install 3 or more stratum 1 NTP servers with Multi-GNSS antennas, such as TimeTools T550 appliances. Synchronize Stratum 2 servers with at least 3 stratum 1 servers. Peer stratum 2 servers together to share time.
Utilize authentication to secure NTP communication.
Locate GNSS antennas with a good view of the sky and protect your infrastructure from lightning strikes with surge suppressors.