Network Time Protocol (NTP) is a standard Internet Protocol (IP) for synchronizing the time of computer clocks over a network. The protocol can be used to coordinate the real time clocks of computers and networked devices to within a few milliseconds of UTC. NTP timestamps are transmitted and received using the User Datagram Protocol (UDP) on port 123. Implementations of NTP are available on most operating systems, including Linux, UNIX, macOS and Windows.
NTP was developed at the University of Delaware in 1985 because of a growing requirement for the synchronization of time of computers over the Internet. NTP is one of the oldest internet protocols, but is still considered to be the standard means of synchronizing computers over a data network.
Being under continuous development, a number of versions of NTP have been released over the years. By far the most common implementations are versions 3 and 4. The latest version 4 is fully compatible with the previous version. It’s continued development and extensive implementation, means that it is likely to be with us for a many years yet.
The Importance of Synchronized Network Time
Distributed computer systems rely on coordinated time to guarantee correct sequencing of processes and accurate logging of events. Time is the only reference that can be used to coordinate processes of independent systems.
In many jurisdictions, for certain applications, it is a legal requirement to accurately synchronize computer systems. For instance, legislation requires that the business clocks of financial trading systems are synchronized very tightly. For operational and often legal reasons, coordinating the time of modern computer systems is of critical importance.
NTP was originally developed for operation on Linux and UNIX-like platforms. The standard NTP distribution can be downloaded as source code for compilation on a host Linux computer. Source code is available from the NTP project web site. However, many Linux operating systems include pre-complied versions of NTP in their distributions. Most install NTP by default. More recently, the standard distribution has also been ported to Windows operating systems.
Most operating systems including macOS and Windows, have some form of NTP synchronization application either pre-installed or available as an option.
How NTP Works
NTP can operate in a number of ways. The most common configuration is to operate in unicast mode, or client-server. This is where a client transmits a request packet to a server, which responds with a time stamp packet. Each packet has originate, receive and transmit timestamps so that network propagation delays can be calculated. This allows clients to synchronize as tightly as possible to the the servers clock.
All time-stamp packets generated by NTP utilize UTC time. Coordinated Universal Time (UTC) is a world-wide time standard. It is closely related to GMT (Greenwich Mean Time). UTC does not vary, it is the same world wide. NTP sets the clocks of computers to UTC, any local time zone offset or day light saving time offset is applied by the operating system. In this manner clients can synchronize to servers regardless of location and time zone differences.
Hierarchy and Stratum
NTP implements a hierarchical architecture. Each level in the hierarchy is known as a stratum. At the very top are hardware reference clocks, such as GPS or radio time receivers, known as stratum 0 hardware clocks. Stratum 1 NTP servers have a direct connection to a hardware clock and therefore have the most accurate time.
Each stratum in the hierarchy synchronizes to the stratum above. The stratum can be considered as an indication of the distance a client is from the source hardware clock. As such, the further a client is from the source, the less accurate its clock.
Hardware Reference Clocks
In order to provide accurate time, a reliable, precise, time source is required. These time sources are known as hardware reference clocks. Most hardware reference clocks obtain time from Global Navigation Satellite Systems such as GPS, GLONASS and Galileo. Additionally, many countries have radio time broadcasts, such as MSF (UK), DCF (Germany) and WWVB (US). However, GNSS receivers provide the highest levels of accuracy. Due to the number of consumer satellite navigation systems in use, the cost of GNSS receivers has fallen rapidly in recent years.
The NTP distribution provides software drivers for many different manufacturers of GNSS and radio timing hardware.
NTP is configured using a configuration file which is read when the service starts. The NTP service needs to be restarted for any configuration changes to take effect. The default configuration file location is /etc/ntp.conf.
As a minimum, the configuration file will consist of one or more servers that are to be used for synchronization. Additionally, the location of a drift file should be specified which will store the frequency error of the system clock. The value is used to initialize the internal frequency error when NTP is restarted.
server 0.pool.ntp.org server 1.pool.ntp.org server 2.pool.ntp.org driftfile /var/lib/ntp/drift
The basic configuration file above specifies three Internet pool NTP servers and a drift file located at /var/lib/ntp/drift.
When provided with a selection of time servers, NTP utilizes complex algorithms to select the most accurate. It also calculates network propagation delays in order to synchronize as tightly as possible to a server. These features mean that even using an Internet time server, client synchronization within 10 milliseconds or so is entirely possible. While a NTP server on a local area network can provide sub millisecond synchronization.
The most reliable synchronization system is a multi NTP server system. Two or more identical servers ideally in different locations provide the most robust configuration. Clients can access all of the NTP servers and automatically deselect any faulty or out of tolerance servers. Best practice is to install an odd number of servers, so that any time divergence of a unit can be detected by comparing to at least two other units.
To enhance redundancy, multiple servers can also be peered together so that if one loses hardware clock synchronization, they can obtain time from other servers in the peered group.
NTP can be secured by implementing encrypted key authentication. A number of identical keys, or passwords, is specified on both the server and client. The keys are encrypted and attached to NTP packets, acting as a digital signature. Packets exchanged between client and server are only processed if matching keys are present. Keys are encrypted using a hashing function, typically MD5.
Authentication keys are stored in a file, which is located, by default, at /usr/local/etc/ntp.keys.
The file has the following format: key number, type of key, key or password.
1 M MyKey 2 M AnotherKey 5 M YetAnotherKey
The key file above specifies three keys. The first field indicates a unique key number. The second, the encryption type, in this instance MD5. The third field is the key itself.
Periodically, due to fluctuations in the rotation of the Earth, leap seconds are introduced to UTC time. Essentially, an extra second is inserted once every couple of years at midnight on either 30 June or 31 December. During a leap second insertion, sixty seconds into a minute becomes a valid time, i.e. 23:59:60. As of December 2018, 27 leap seconds have been inserted.
NTP automatically warns clients of impending leap seconds well before the actual insertion takes place. Clients can then prepare to insert the leap second, as required, at the correct time.
Internet NTP Servers
There are a large number of NTP servers available on the Internet. Most can be used freely. The NTP pool project provides Internet access to a very large virtual cluster of servers. The servers are free to use. They are administered by volunteers that have NTP servers located on the Internet. Available in most countries, to reduce network latency, the project is a low-cost way of synchronizing computer clocks.
There are, however, a couple of drawbacks to using Internet time servers. Firstly, to access a time server located on the Internet, a UDP port must be left open in any firewall, to let NTP traffic through. This can raise security issues. Additionally, due to round trip network delays, the time received from Internet NTP servers is less accurate. Internet NTP servers also provide no guarantee of service, which can be problematic if network synchronization is critical.
These issues can be solved by a local NTP server.
Local NTP Servers
A stratum 1 NTP server with direct connection to a hardware clock, such as GPS, is often referred to as a local NTP server. These have a number of advantages over Internet time servers. Because they reside on a local network, there are fewer security concerns than associated with Internet access. Also, the coordination of time of computers can be much tighter, since network latency is much reduced. By installing two or more servers, a fully redundant system is achievable, providing almost guaranteed availability.
Simple Network time Protocol (SNTP)
SNTP is a simplified version of the NTP protocol. It was developed for small computers, micro-controllers and applications where the accuracy of the full-blown NTP protocol is not required. SNTP and NTP share identical data packet formats. Therefore, a network device that uses SNTP can synchronize seamlessly to a NTP server.
SNTP does not have the complex mathematical formulas that NTP uses to calculate most accurate server. It also does not have the algorithms to slew time and avoid abrupt time changes, instead it simply implements time adjustments in a stepped manner. SNTP is therefore ideal for applications where accuracy is not critical. For this reason, SNTP should not be used to serve clients. It should only be used at the extremities of the NTP hierarchy.
Alternative NTP Implementations
There are a number of alternative NTP implementations in addition to the NTP project. Most operating systems have some form of NTP package available.
The Windows Time Service
For a number of years various Windows operating system have implemented a Windows Time Service. The service is used to keep the computer clock accurate. Windows Time can be configured to synchronize to a local or internet NTP server.
Initially, earlier Windows operating systems, implemented SNTP. However, the service has developed over time, offering more features. Later versions implement the full NTP protocol with improved accuracy.
OpenNTPD was originally developed as part of the OpenBSD project. The application provides the ability to synchronize to a NTP server as well as acting as a server to time clients. The OpenNTPD software can be downloaded and used free of charge under a OpenBSD licence.
Chrony is an implementation of the Network Time Protocol. It can be used to synchronize a computers system clock to a NTP server or act as a server to synchronize clients. The application can run on Linux, FreeBSF, NetBSD, MacOS and Solaris. Chrony was originally developed to operate on systems that have unreliable or heavily congested network connections. It may be used freely under a GNU General Public License.
Systemd – TimeSyncd
Timesyncd is an SNTP client that is part of the systemd software suite for Linux operating systems. The application is a service that provides basic synchronization to a NTP server. It cannot act as a server itself. TimeSyncd can operate with intermittent network availability and also without a battery backed real-time clock. These features make it ideal for use on small embedded devices.
Alternative Time Synchronization Protocols
A number of alternative time synchronization protocols have been developed, often for specialized applications.
Precision Time Protocol (PTP, IEEE 1588)
Precision Time Protocol is an alternative network time synchronization protocol developed to achieve very high clock accuracy. PTP employs hardware time stamping techniques to achieve sub-microsecond synchronization of client computers. However, special network interface hardware is required to achieve these accuracies. PTP is generally associated with more specialized applications such as high frequency trading and mobile phone communications.
The Time Protocol (RFC 868) was used on many older Linux and UNIX implementations. It is a time transfer protocol implemented over TCP/IP. The accuracy of the Time Protocol is relatively poor at around 1 second. NTP has superseded the Time protocol on most platforms, however, it is still used by legacy systems.
Internet time servers are generally maintained by enthusiasts and volunteers. They provide no guarantee of availability or accuracy. Additionally, NTP security mechanisms cannot be used with public time servers.
If the coordination of time of computers is critical for your organisation, you should consider installing a stratum 1 NTP server on your network. TimeTools is a UK manufacturer of NTP servers and precision timing equipment using GPS and multi-GNSS time references. Our products provide a reliable, accurate and traceable source of time inside your firewall.
RFC 5905 Network Time Protocol Version 4: Protocol and Algorithms Specification
D. Mills, U. Delaware, June 2010
RFC 4430 Simple Network Time Protocol (SNTP) Version 4 for IPv4, IPv6 and OSI
Obsoleted by: 5905, D. Mills, U. Delaware, January 2006