NTP: be on time, always
November 21st, 2007 edited by WolfgerArticle submitted by Folkert van Heusden. Please help DPOTD by submitting good articles about software you like!
So there you are. You’re an average geek with a nice cluster of Linux systems. All configured to act together in whatever you’re doing with it.
Example 1: Your systems are connected via a fast pipe to the Internet. And since systems on the Internet are cracked on an almost hourly basis, you want your logging on all systems to be correct enabling you to contact the abuse center of the ISP of that script kiddie. For that you want correct timestamps in your logging. You want to know exactly when that cracker started his attacks.
Example 2: Besides being a cluster on the Internet, your cluster also acts as a software-building cluster, all connected via NFS shares and executed using make. For make to do its thing, the time on all nodes of your cluster must be equal or else files will be skipped.
Example 3: You’re a very environment friendly IT expert. You always travel by train to your customers. For this you need to know exactly how late it is so that you can jump on your bicycle and be at the train station just in time for that train.
For all of these examples you could get your watch and try to configure your systems to exactly the same time. That’s a bit of a challenge because typing the time takes time and interpreting the time on your watch (by your brain) takes time as well. Also, when the time is finally set, you’re not there: PCs have notoriously bad CMOS clocks with an enormous drift. That means that in a few days the clock of your system might be way off.
Now, there is a solution for all of these problems. One solution that takes care of it all and even more. The solution is called NTP. NTP stands for Network Time Protocol. An NTP daemon will determine the drift of the clock of your PC and then disciplines it up to the point that you can be sure it won’t be off. Also when connecting multiple systems, the NTP instances on each system can talk to each other (or a central NTP server) so that all of them correct their own time against each other! That solves example 2 and 3, but what about example 1: the problem that you would like to have the time of your PC to be the same as the rest of the Internet? For that, NTP can synchronize itself to time servers on the Internet.
Quite a few ISPs have a system set up in their network connected to a GPS or DCF77 receiver or something similar to which their customers can sync their computers. If your system gets cracked, you know for sure that the timestamps in the logging of your systems is the same as the ones of your ISP and, hopefully, of the ISP of the cracker as well.
If your ISP does not provide time servers (normally you should have between 3 and 6 upstream servers to ensure accurate time), you can let your local NTP daemon synchronize to the NTP pool project as well. The NTP pool project consists of volunteers with a static IP address and an NTP daemon that either synchronizes to steady trustworthy time sources (stratum 1). The NTP daemon included in Debian syncs by default to the NTP pool project.
With all the new Debian (and other Linux distributions) being installed the NTP Pool is under constant pressure to handle more traffic. If you have a static IP address and a stable server, please consider adding your server and help out!
NTP is included in all Debian and Ubuntu releases, and can be enabled or disabled via a checkbox on your Set Date/Time dialog.
November 21st, 2007 at 3:17 pm
I always sync to one of the military atomic clocks (tock.usno.navy.mil comes to mind). Here in the States, I figure if the Government sets a “standard” time, I might as well use it.
November 22nd, 2007 at 8:50 pm
@James
Thanks for the tip. Is there a list of military NTP clocks or you just have to know an address?
November 22nd, 2007 at 10:53 pm
Took a bit of Googling, but here you go:
http://tycho.usno.navy.mil/ntp.html
November 25th, 2007 at 10:02 am
There is no need in terms of accuracy to use a military clock as your source. NTP is designed to work no matter how far away you are (in terms of NTP stratum) from the GPS or atomic clocks.
If you’re looking for publicly available servers, you should find some in this list that are close to you in terms of response time, and use them: http://support.ntp.org/bin/view/Servers/WebHome
November 25th, 2007 at 10:12 am
And, for the record, you should not attempt to set up NTP without first reading these documents:
http://www.sun.com/blueprints/0701/NTP.pdf
http://www.sun.com/blueprints/0801/NTPpt2.pdf
http://www.sun.com/blueprints/0901/NTPpt3.pdf
If you read only one thing about NTP, make it pages 8-10 of the 3rd document - it explains *so* many things about NTP it’s likely the only troubleshooting help you’ll ever need.
June 24th, 2008 at 7:53 am
Have a look at Chrony for a less draconian alternative.