About the Author . xiii
About the Technical Reviewer xv
Acknowledgments . xvii
Introduction . xix
PART 1 ■ ■ ■ NTP: The Key to
Time Transcendence
CHAPTER 1 Multiple Views of Time 3
CHAPTER 2 Network Administration and IT Trends
Throughout History! . 27
PART 2 ■ ■ ■ NTP: The Story Behind the
Accuracy and Synchronization
of Network Time
CHAPTER 3 NTP Operational, Historical, and Futuristic Overview 41
CHAPTER 4 NTP Architecture 63
CHAPTER 5 NTP Design, Configuration, and Troubleshooting 93
EPILOGUE NTP: A Journey in Time! . 137
APPENDIX Additional NTP Resources . 139
BIBLIOGRAPHY . 141
INDEX . 143
160 trang |
Chia sẻ: tlsuongmuoi | Lượt xem: 2450 | Lượt tải: 1
Bạn đang xem trước 20 trang tài liệu Expert Network Time Protocol An Experience in Time with NTP, để xem tài liệu hoàn chỉnh bạn click vào nút DOWNLOAD ở trên
eliable
timeservers does not diminish that they need to be synchronized in time if the logging activ-
ity on the network is going to have any integrity whatsoever. And network administrators are
very conscious of how critical accurate logs are when there is a failure, security breach, or
intermittent connectivity problem that needs to be resolved. From the network administra-
tion perspective, it is thus critical that routers and switches be configured as NTP clients,
regardless of whether they additionally act as secondary servers to other clients.
Use of NTP in the Desktop Environment
It seems natural that the desktop computing environment is on the receiving end of the
NTP synchronization services, or basically represents the NTP clients. After all, the desk-
top environment is a lot less stable than the network infrastructure (routers and switches)
or server environments that tend to be isolated and protected from accidental shutdowns
and user intrusion. And NTP server availability is a serious consideration in the process
of choosing your NTP time source. Having said that, consider that with the addition of
third-party software and GPS clocks, even common desktop operating systems such as
Windows NT, 2000, or XP could turn into primary timeservers.
■Tip For more information about desktop timeservers, visit Galleon Systems’ website at
While a workstation may not be optimal as a time source for other devices, if a work-
station’s operational requirements are such that it cannot rely on securing accurate time
over the network, then consider equipping such a workstation with its own reference clock
and appropriate software to integrate the clock into the workstation’s operating system.
Microsoft Windows Workstations and Servers
Microsoft workstation and server software operating systems do not by default support
primary reference clocks. However, in a similar manner to routers and switches, Microsoft
servers are capable of operating at stratum level 2 or higher and offering time service to
other devices throughout the network. It’s not unusual to configure the primary domain
controller to obtain its time from a primary timeserver and then distribute it to clients
throughout the domain. Time synchronization on Microsoft servers (Windows 2003, for
example) is implemented via the Windows Time service (W32Time). Be mindful, though,
that the Windows Time service does not support synchronization from broadcast or
CHAPTER 5 ■ NTP DESIGN, CONFIGURATION, AND TROUBLESHOOTING132
multicast peers. Client devices with a more critical need for accurate time should be
pointing to a local timeserver, even if it is a stratum 2 server. Other client devices with
access to the Internet could point to for its time, which is the
default configuration for workstations not configured to join a domain.
Unix/Linux Workstations and Servers
The various Unix/Linux OSs are probably the most flexible in terms of NTP support. They
facilitate the configuration of primary timeservers, higher-stratum servers, and end-user
clients. The primary NTP program remains the xntpd/ntpd daemon. The other commonly
used programs in these environments are listed in Table 5-3 in the subsequent “NTP-Related
Programs and Utilities” section.
The xntpd/ntpd daemons support peering, client/server point-to-point (symmetric
active mode), and client/server point-to-multipoint (broadcasting and multicasting) NTP
operations. While the NTP configuration process and integration of reference clock drivers
into the daemons might be more of a challenge in the Unix/Linux environments as com-
pared to that of dedicated timeservers or third-party add-ons to Novell or Windows 2003
servers, the flexibility of configuration and opportunity for fine-tuning remain strong
points in these environments. That’s provided you are able to allocate the necessary time
to those tasks!
Troubleshooting NTP Operations
NTP is a TCP/IP application service. If you suspect a problem with NTP, consider that the
lower layers on your TCP/IP network must be functional before you can get into trouble-
shooting an application service. If an NTP client device is experiencing IP connectivity
problems, then chances are its time will also begin to drift. A common approach to trou-
bleshooting any network problem is to start at the physical layer and work your way up.
But troubleshooting doesn’t have a silver-bullet formula. It takes both systems and experi-
ence to be successful at it. Your approach to troubleshooting NTP will also vary greatly as a
function of network management procedures and the type of network management sys-
tem (NMS) that’s in place on your network. Assuming that the lower layers of the network
are functioning well, here are specific tips for dealing with NTP problems:
• Become familiar with the functions of all the NTP-related programs and
utilities: The names of the NTP-related programs may vary from one vendor to
another, but given the pervasiveness of NTP, a pattern emerges with respect to pro-
gram/utility functionalities.
• Use NTP configuration options to your advantage: Optional NTP parameters can
be used to minimize NTP problems that might result from an underlying network
problem. Additionally, specific NTP problems can be reported either to a central
NMS or via e-mail if SNMP has been properly configured.
CHAPTER 5 ■ NTP DESIGN, CONFIGURATION, AND TROUBLESHOOTING 133
NTP-Related Programs and Utilities
In the network infrastructure environments (routers and switches), it’s the show and debug
commands that allow for the monitoring of individual NTP devices following their config-
uration. The show commands allow for the display of NTP status and associations, while
the debug commands allow for identification of potential problems with synchronization,
including those related to authentication. The Linux/Unix environments offer a series of
programs and utilities, as defined in Table 5-3, that facilitate not only the operations but
also the administration and management of NTP servers in those environments.
CHAPTER 5 ■ NTP DESIGN, CONFIGURATION, AND TROUBLESHOOTING134
Table 5-3. Linux/Unix NTP-Related Programs and Utilities
Program Name Program Description
ntpd/xntpd The NTP daemon. This program relies on the configuration statements within the
ntp.conf, ntp.drift, and ntp.keys files to keep the server on which it is installed
synchronized and its communications secure with the configured time source(s). The
daemon operates on a server that’s configured as a primary timeserver with a reference
clock, or the daemon operates on an NTP client with the time source being a primary
timeserver or even a high-level stratum server.
ntpq The NTP query program. The use of the restrict command with the noquery flag within
the ntp.conf file can prevent the local host from answering queries from another device
that identifies the local host as a parameter (IP address or hostname) in this command. How-
ever, this utility is useful when it comes to NTP troubleshooting if the target host permits it.
When the command is executed with the name of a target host as a parameter, it allows for
subsequent execution of subcommands for display of the peers, NTP associations, clock
variables to determine what kind of a clock is used by the timeserver, and more.
ntpdc A query utility on the order of ntpq but one that uses the mode field value of 7 (instead of
6 for ntpq) in the NTP message header.
ntpdate A utility that allows the setting of date and time via NTP. This utility can be executed prior
to starting the NTP daemon to perform a one-time synchronization with a target server, in
case the time on the host machine is significantly off. In the event that an administrator
determines that running the NTP daemon poses a potential security risk on a client (you
don’t have much choice on a primary server!), the ntpdate utility can be periodically exe-
cuted (run as a CRON job) to maintain the client synchronized with a target server. Don’t
expect a microsecond accuracy of the host clock with UTC, however, if you decide to use
ntpdate as your only time synchronization tool, especially if it’s run once a week!
ntptrace A utility that allows for the tracing of the chain of NTP servers up to the primary time
source. This is not unlike the Traceroute utility in TCP/IP that allows for the tracing of a
full route to a target host.
ntp-keygen A program for generating public and private keys that can be used with the Autokey
protocol.
The Novell NetWare environments offer programs similar to those of Unix but in the
form of NetWare Loadable Modules (NLMs). For example, the NTPQ NLM, which corre-
sponds to the ntpq Unix utility, can be executed to operate in an interactive mode (via the
–i switch) with the prompts and then written to and the commands read from the standard
output and input, respectively. Associations, peers, and numerous variables can be subse-
quently displayed and monitored. If synchronization is not working at all, it’s advisable to
execute the xtnpd/ntpd daemon with a –d flag to enable debugging and to redirect the
debugging output to syslog or to standard output (STDOUT).
NTP Configuration with Monitoring and
Troubleshooting in Mind
In the Unix/Linux environments, the logging of NTP events is configured by specifying the
location of the statistic collection directory in the ntp.conf file and by enabling the writing
of the statistics records, which relate to the clock driver, peers, and loop filter statistics.
Loop filter is part of the time-server model as specified in RFC 1305’s “Determining Time
and Frequency” section in Appendix F. Listing 5-14 shows a sample section of the ntp.conf
file, illustrating the statistics collection configuration.
Listing 5-14. Statistics Collection Configuration on ntp.conf
#Define the location and enable the NTP statistics collection
statsdir /var/ntp
statistics loopstats peerstats clockstats
filegen Apress_stats_set file Apress_NTP_stats type week
The previous configuration identifies the /var/ntp directory for statistics collection
related to the loop filter, the peers, and the clock driver. The filegen command further
enables the management of the set of stat files, Apress_stats_set, and characterizes the
individual files based on weekly collection intervals (use of the week variable with the type
keyword). The reader is referred to each vendor’s specific documentation on the subject of
configuring NTP statistics collection. In the Novell NetWare environments, the function
of statistics collection that is comparable to that shown in Listing 5-14 is accomplished via
the XNTPD NLM. The XNTPD NLM offers long-term collection capabilities related to the
clock driver, peers, and filter loop statistics. Statistics collection is most likely to be imple-
mented on stratum 1 and 2 servers.
As the NTP hierarchy progresses toward higher stratum levels—from the primary
timeservers through the networking infrastructure to the desktop environment—the
level of monitoring of NTP operations is bound to diminish. It is critical, however, that
as part of routine network management you always ensure the primary timeserver’s IP
connectivity to the rest of the network. Subsequently, each NTP vendor will or should
have management utilities that allow for monitoring the NTP health of the primary
timeserver to verify that it continues to offer accurate synchronization service.
CHAPTER 5 ■ NTP DESIGN, CONFIGURATION, AND TROUBLESHOOTING 135
Generally, the NTP configurations on secondary servers (whether they be routers,
switches, or desktop devices with various OSs) tend to be simpler compared to those of
the primary ones. The NTP management of those timeservers might thus be reduced to
monitoring their operational (“up”) status. As a final configuration tip for routers that are
acting as NTP servers, always consider the use of the ntp source command to define the
IP address that will be used for forming NTP associations. Make the address that of a
loopback interface if possible, and, if not, then make the address that of the interface
that’s considered to be most reliable and least likely to go down.
CHAPTER 5 ■ NTP DESIGN, CONFIGURATION, AND TROUBLESHOOTING136
NTP: A Journey in Time!
Writing about NTP was a journey in time. Literally! It was a journey that scaled diverse
computing environments, science, philosophy, history, and literature, all sharing a com-
mon thread: time! On the surface, NTP is simple and almost inconspicuous, overshadowed
by many giants inside the TCP/IP suite. As the examples in Chapter 5 reflect, basic config-
urations involve no more than a few statements. But start digging into it! Before you know,
it engulfs you, as it deals with that most fundamental and pervasive element of existence:
time! And the science behind it is stunning: atomic clocks, GPS satellites, and complex
clock selection and encryption algorithms. And this is all to support the accuracy and dis-
tribution of this seeming pervasive and most elusive resource: time!
This book could have been larger! It could have cataloged every NTP implementation
on every conceivable networking device and operating system since the protocol’s incep-
tion. But ironically, in that case the effort would have suffered the ravages of time and
never reached the printed page. Thus, what’s behind you represents a compromise that
time forces all writers to make.
NTP’s importance is growing just as the NTP resources available on the Internet are
increasing. Yet, it takes time to sift through all those resources and make sense of them
all. Thus, the author’s hope is that the concentrated journey through NTP’s history, archi-
tecture, design, and configuration that this publication represents—with pointers to areas
that could take up the rest of your life if pursued to the nth degree—has been worth your
time. That’s especially true if you are one of those network administrators—forward look-
ing in time—who is recognizing the growing importance of maintaining accurate and
synchronized time on your networks.
137
E P I L O G U E
■ ■ ■
Additional NTP Resources
This appendix consists of references to websites and publications that offer additional
resources for further studies on the subject of NTP. Some of these references are men-
tioned in the main text, while others are not. The websites are categorized by topics
related to
• Public NTP servers and pools
• Interplanetary Internet
• NTP version 4 downloads
• Select NTP vendors
• Ongoing NTP research
• Other sites of potential interest
Dedicated publications on the subject of NTP are far and few between. In various
networking books, the subject of NTP usually occupies anywhere from a few to a dozen
pages. Network operating systems vendors usually have sections on NTP in their product
manuals. Some vendors have published white papers on the subject of NTP. Thus, while
the volume of publications that reference NTP at some level may be significant, the two
key publications that warrant the greatest attention from NTP designers are the latest
specifications for NTP version 3 and SNTP. They are listed at the end of the appendix.
Websites
The following are sites dedicated to public servers and pools:
•
•
• 139
A P P E N D I X
■ ■ ■
APPENDIX ■ ADDITIONAL NTP RESOURCES140
The following are sites dedicated to the Interplanetary Internet:
•
•
The following are sites dedicated to NTP version 4 source code and cryptographic
libraries:
•
•
The following are sites dedicated to select vendors:
•
•
The following are sites dedicated to ongoing research:
•
• https://ntp.isc.org/bin/view/IETF/WebHome
The following are sites dedicated to other miscellaneous NTP-related information:
•
•
Publications
The following are the two key publications of interest:
• Mills, David L. RFC 1305, Network Time Protocol (Version 3) Specification, Imple-
mentation and Analysis. Newark: University of Delaware, 1992.
• Mills, David L. RFC 2030, Simple Network Time Protocol (SNTP) Version 4 for IPv4,
IPv6 and OSI. Newark: University of Delaware, 1996.
Bibliography
Audi, Robert, general editor. The Cambridge Dictionary of Philosophy, pbk ed. Cambridge:
Cambridge University Press, 1995.
Barnes-Svarney, Patricia, editorial director. The New York Public Library Science Desk
Reference. New York: Stonesong Press, 1995.
Barnett, Mary. Gods and Myths of the Romans. New York: Smithmark Publishers, 1996.
Bergmann, Peter Gabriel. Introduction to the Theory of Relativity. With a foreword by
Albert Einstein. New York: Dover Publications, 1942.
Cantor, Norman F. Medieval History: The Life and Death of a Civilization. New York:
Macmillan, 1963.
Corrick, James A. The Industrial Revolution. San Diego: Lucent Books, 1998.
Couch, Malcolm. Greek and Roman Mythology. New York: Todtri Productions, 1997.
Craig, Edward, editor. Concise Routledge Encyclopedia of Philosophy. London: Routledge,
2000.
Durant, Will. The Life of Greece. The Story of Civilization: 2. New York: Simon and Schuster,
1939.
Durant, Will. Caesar and Christ. The Story of Civilization: 3. New York: Simon and Schuster,
1944.
Durant, Will. The Age of Faith. The Story of Civilization: 4. New York: MJF Books, 1950.
Ford, Kenneth William. The Quantum World, Quantum Physics for Everyone. Cambridge,
MA: Harvard University Press, 2004.
Greene, Brian. The Elegant Universe: Superstrings, Hidden Dimensions, and the Quest for
the Ultimate Theory, pbk ed. London: Vintage, 1999.
Halliday, David, and Robert Resnick. Physics Parts I and II. New York: John Wiley & Sons,
1960.
Harmon, William, editor. The Top 500 Poems. New York: Columbia University Press, 1992.
141
■BIBLIOGRAPHY142
Homer. The Illiad, trans. Alston Hurd Chase and William G. Perry Jr. Boston: Little, Brown
and Company, 1950.
Past Worlds: Atlas of Archeology. New York: Borders Press, 2003.
Roberts, Timothy R. Ancient Rome: Chronicles of the Roman World. n.p.: MetroBooks, 2000.
Ross, Stewart. The Industrial Revolution. London: Evans Brothers Limited, 2000.
Sale, Kirpatrick. Rebels Against the Future: The Luddites and Their War on the Industrial
Revolution, Lessons for the Computer Age. Reading, MA: Addison-Wesley, 1995.
Shakespeare, William. William Shakespeare: Complete Poems. New York: Gramercy Books,
1993.
Whittier, John Greenleaf. Poems of Whittier. New York: Books, Inc., n.d.
■Numbers and Symbols
802.3i/10Base-T standard
adopted by the IEEE, 31–32
■A
absolute clock source, planetary time
represented by, 43
Advanced Research Projects Agency (ARPA),
funding of Interplanetary Internet
research by, 60–61
Algorithms, description of in NTP version 1,
56
ancient Greece, landscape similarity to NTP
server farms, 29–32
ancient Rome
founding of, 33
and the Roman Empire, 32–34
anycast mode
advantage of, 73
in SNTP specification (RFC 2030), 72–73
Aphrodite, help given to Paris by, 31
Apple of Discord, use of by Eris as ploy
masking a spoofing attack, 30
ARPA. See Advanced Research Projects
Agency (ARPA)
ARPAnet
connection of first nodes for, 28
initial interconnection of, 33
asymmetric cryptography, public key
cryptography referred to as, 84
ASs. See Autonomous Systems (ASs)
astronomical timescale, keeping UTC
synchronized with, 43
Atlantian calendar, 20–21
atomic second, definition of, 8–9
authentication, need for scalable and secure
for NTP, 60
authenticator (96-bits) field, in NTP version 3
data messages, 53
Autokey protocol
backward compatibility of, 87
Key ID and key lifetime duration of, 87
NTP packet modification of, 87
relevant characteristics from
configuration and troubleshooting
perspective, 86–87
RFC memo for published by David Mills,
86
security mechanisms incorporated in,
86–87
separate authentication for each NTP
association, 87
variations (dances) of, 86
Autonomous Systems (ASs)
interconnection of, 34
Aztec calendar, 20
■B
Babylonian calendar, 20
BARRnet, interconnection with NSFnet, 34
BGP. See Border Gateway Protocol (BGP)
bibliography, 141–142
Big Bang, 27–29
Boggs, David, development of first Ethernet
network by, 32
Border Gateway Protocol (BGP),
preeminence of, 34
broadcast mode, function of, 71
business-to-business (B2B), 93
business-to-customer (B2C), 93
■C
calendars
history of Gregorian, 19–20
history of Julian, 18–19
other earthly, 20–21
to measure time’s passage, 3
types of, 18–21
certificate services, availability of, 85
certification authorities (CAs), public keys
maintained by, 85
Chinese calendar, 20
Chronological, defined by Webster, 17
Cisco Catalyst switch, NTP client
authentication configuration on,
121–122
Index
143
Cisco client switch
configured to receive NTP broadcast from
a server, 115
configured with an IP address of a server,
115–116
Cisco router, NTP authentication
configuration on, 122
Cisco router environment, symmetric
passive mode association in, 68
Cisco router NTP configuration file, output
from show ntp associations detail
command for, 114
Cisco routers and switches, NTP security on,
119–122
classical mechanics, laws of, 7–10
client, terminology for in RFC 1305, 64
client mode, function of, 68–69
clock, definition of, 9–10
clock accuracy, 88
clock precision, 88
clock stability, 88
code example
of access control granularity through use
of restrict command, 117–118
of basic Cisco router (client mode) NTP
configuration, 114
basic Juniper NTP configuration, 116
of a basic NTP configuration on a primary
timeserver, 111
Cisco client switch configured to receive
NTP broadcasts, 115
Cisco client switch configured with an IP
address of a server, 115–116
NTP access control configuration on a
Cisco router, 119–120
NTP authentication configuration on a
Cisco router, 122
NTP client authentication configuration
on a Cisco switch, 121–122
output for NTP variables’ analysis, 76
output for NTP variables’ analysis client
and master synchronized, 77
output for NTP variables’ analysis no
synchronization, 77
output from debug ntp packets command,
70
output from debug ntp packets command
showing broadcast NTP mode, 71
output from NTP variables’ analysis (client
and server are synchronized), 76
output from show ntp associations
command on client, 70–71
output from show ntp associations
command on server, 70
of receive message from peer to host, 69
showing contents of a basic npt.conf file,
109
showing NTP symmetric active mode
exchanges, 66
showing symmetric passive NTP mode
exchanges, 67
statistics collection configuration on
ntp.conf, 135
of transmit message from host to peer, 69
of a typical ntp.conf file, 111–112
common variables, defined, 75
computer networking, time mechanism of
choice for, 42
Concise Routledge Encyclopedia of
Philosophy,time references from, 16
configurable variables, in NTP, 79
Coordinated Universal Time (UTC)
represented by the absolute clock source,
43
as time mechanism of choice for
networking and NTP, 42
core routers, configured as stratum 2 servers,
49
Corrick, James A., The Industrial Revolution
by, 36
cryptographic authentication, as a security
mechanism in NTP, 82–87
Cyber Block Chaining (CBC) operation
mode, symmetric key cryptography
based on, 83
■D
dances. See Autokey protocol, variations of
DARPA, funding of Interplanetary Internet
research by, 60–61
Data Encryption Standard (DES), Cyber
Block Chaining (CBC) operation
mode of, 83
dedicated private timeservers
advantages of choosing for NTP
deployment, 96–97
basic NTP configuration of, 107–108
disadvantage of, 98
ease of configuration and installation, 97
redundant, 124
security of, 97
■INDEX144
default parameter, used with restrict
command in ntp.conf file, 113
Defense Research Agency, splitting of
original ARPAnet by, 33
deployment site
deciding upon the NTP topology at, 104
deciding upon the number of NTP clients
at, 104
level of network redundancy within,
104–105
desktop environment, use of NTP in,
132–133
desktop timeservers, website address for
information about, 132
determinism vs. creative chaos (Sparta vs.
Athens), as precursor to Token Ring
LAN access method, 31–32
Digital Equipment Corporation (DEC),
statements by founder Ken Olson, 37
distributed hierarchy of stratum 1 NTP
servers, 30
distribution routers, configured as stratum 3
servers, 49
drift, 88
drift file, purpose of, 110
duration, defined, 8
■E
e-commerce, need for transactional integrity
for, 93
edge routers, configured as stratum 4 servers,
49
Einstein’s theory of relativity vs. Newton’s
theory of gravity, 9–10
Electronic Numerical Integrator and
Computer (ENIAC), history of, 36–37
ENIAC. See also Electronic Numerical
Integrator and Computer (ENIAC)
Epilogue, NTP: a journey in time, 137
“Even Such Is Time” by Sir Walter Raleigh, 23
external reference sources, 44
■F
falseticker, 89
formula to protect you against on public
servers, 102
some public servers as, 101
finite state machine, 89
fudge command, special case use of on client
devices, 110
■G
general theory of relativity, 11–12
global Internet, creation and evolution of, 33
Global Positioning System (GPS) satellite, 43
Goddess of Discord and Strife (Eris), use of
Apple of Discord by, 30
GPS satellite radio station, operated by U.S.
National Institute of Standards and
Technology, 43
GPS stratum 1 servers, 48
GPS timeserver, Symmetricom’s model NTS-
200, 98
Gregorian calendar, history of, 19–20
■H
Harrenstein, H., RFC 868 published by in
May 1983, 42–43
Helen of Troy, kidnapping of by Paris, 31
Hindu calendar, 20
historical perspective of time, 16–23
history, defined, 17
host, terminology for in RFC 1305, 64
hub-and-spoke network infrastructure
design, NTP topology, 105–106
■I
IANA. See Internet Assigned Numbers
Authority (IANA)
ignore parameter, used with restrict
command in ntp.conf file, 113
Industrial Revolution (IR), changes ushered
by, 36
Instantiation, defined, 64
Interface Message Processors (IMPs), birth of
ARPAnet when first interconnected,
33
Internet
drastic changes of from 1983 through
1995, 34
occasional setbacks since 1995, 34
Internet Assigned Numbers Authority
(IANA), numbers assigned by, 71
Internet Engineering Steering Group (IESG),
50
Internet Engineering Task Force (IETF), 50
Internet Group Management Protocol
(IGMP), as multicast management
protocol, 72
Internet-era period vs. written history
period, 28
■INDEX 145
Interplanetary Internet (IPN)
funding for, 60
website addresses for information about,
61
websites dedicated to, 140
IP addresses, panic about running out of, 34
IPN. See Interplanetary Internet (IPN)
IPv6, for solving IP address shortages, 34
IPX/SPX suite, based on XNS protocol suite,
32
IR. See Industrial Revolution (IR)
Iranian calendar, 20
IT trends, and network administration
throughout history, 27–37
■J
Julian calendar, history of, 18–19
Juniper router, basic configuration, 116
JUNOS software, for Juniper Networks
routers, 116
■K
key publications of interest, 140
■L
leap indicator (2-bit indicator) field, in NTP
version 3 data messages, 50
leap second indicator, in NTP version 3 data
messages, 50
leap year, the earthly time synchronizer,
22–23
light, speed of as a universal constant, 7–8
local device, labels applicable to, 64
local NTP “master” device, using and
configuring an existing device as, 103
logical clock design, description of in NTP
version 1, 56
■M
manycast/anycast mode, function of in
SNTP and NTP version 4, 72–73
mass/energy equivalence principle, 11–12
Mayan calendar, 20
MD5. See Message Digest 5 (MD5) algorithm
Mean Time Between Failures (MBTF) value,
for dedicated private timeservers, 97
Menelaus, king of Sparta, 31
Message Digest 5 (MD5) algorithm,
developed by Ronald L. Rivest, 83–85
Metcalf, Bob, development of first Ethernet
network by, 32
MICHnet, interconnection with NSFnet, 34
Microsoft servers, time synchronization on,
132–133
Microsoft Windows workstations and servers,
ability to offer time service to other
network devices, 132–133
Middle (Dark) ages, comparison to Ethernet
broadcast storms, 35
Mills, David L.
RFC 1305, Network Time Protocol (Version
3) Specification, Implementation and
Analysis (University of Delaware,
1992) by, 140
RFC 2030, Simple Network Protocol (SNTP)
Version 4 for IPv4, IPv6 and OSI
(University of Delaware, 1996) by,
140
“The Autokey Security Architecture,
Protocols, and Algorithms” RFC
memo by, 86
mode (3-bit integer) field, in NTP version 3
data messages, 51
modern times, Thomas Watson, Sr.
importance to the Internet, 36–37
monitoring and managing NTP operations,
126–127
MOREnet, interconnection with NSFnet, 34
multicast mode
function of, 71–72
security as key consideration for
deployments of, 72
multicast traffic, limiting the propagation of
to a designated domain, 73
multipoint-to-point mode, 74
■N
NAPs. See Network Access Points (NAPs)
NAT. See Network Address Translation (NAT)
National Institute of Standards and
Technology. See U.S. National
Institute of Standards and
Technology
National Science Foundation (NSF),
timeframe of NFSnet dominance of
Internet, 34
navigational timescale. See astronomical
timescale
Nereus (also know as the Old Man of the
Sea), 29
NetWare Loadable Modules (NLMs), Novell
NetWare environments, 134–135
Network, motivation for NTP deployment
on, 93–94
■INDEX146
Network Access Points (NAPs),
decommissioning NSFnet in favor of,
34
Network Address Translation (NAT), 34
network administration and IT trends
throughout history, 27–37
network infrastructure devices, main
function of, 131–132
network infrastructure security, of an NTP
security framework, 80
network security
impact of public NTP servers’ use on,
102–103
importance of monitoring and periodic
security audits, 81
importance of resource allocation, 81
importance of risk analysis to, 81
importance of threat identification to, 80
Network Time Protocol (NTP). See NTP
(Network Time Protocol)
network time synchronization project, areas
of great concern, 59–60
networks
effect of NTP operations on, 47
NTP deployment for small, medium, and
large, 128–131
NTP deployment on with or without
Internet access, 127–128
Newton’s theory of gravity vs. Einstein’s
theory of relativity, 9–10
Next Generation Internet Initiative,
Interplanetary Internet research as
part of, 60–61
NIST. See U.S. National Institute of Standards
and Technology
nomodify parameter, used with restrict
command in ntp.conf file, 112
nonconfigurable variables, in NTP, 79–80
nopeer parameter, used with restrict
command in ntp.conf file, 112
noquery parameter, used with restrict
command in ntp.conf file, 112
noserve parameter, used with restrict
command in ntp.conf file, 113
notrap parameter, used with restrict
command in ntp.conf file, 112
Novell NetWare environments, NetWare
Loadable Modules (NLMs), 134–135
NSFnet, interconnection with regional
networks, 34
NTP (Network Time Protocol)
additonal resources, 139–140
additonal terms and definitions, 88–91
approach to design and configuration,
94–127
deployment concepts, 47–49
design, configuration, and
troubleshooting, 93–136
determining features to configure for,
106–126
fundamental purpose of, 43
the hierarchical nature of, 48–49
how it operates, 47–54
a journey in time, 137
the key to time transcendence, 3–37
modes of operation and associations,
64–74
need for scalable and secure
authentication, 60
network administrators absolute clock
source, 44
operational, historical, and futuristic
overview, 41–61
packet variables, 75
parameters variables, 75
peer variables, 75
port number assigned to, 43
reasons for using, 45–47
RFC 958 published in September 1985, 43
and routing, 48
security features, 116–122
servers, clients, hosts, and peers, 64–80
specification in NTP version 1, 56
story behind accuracy and
synchronization of, 39–137
system variables, 75
time mechanism of choice for, 42
use of in the desktop environment,
132–133
use of within the network infrastructure,
131–132
variables and procedures, 74–80
websites dedicated to ongoing research,
140
websites dedicated to select vendors, 140
what it is, 43–44
What, Why, and How?, 42–54
NTP access control
on Cisco router, 119–120
function of, 81–82
typical filtering mechanisms for, 82
■INDEX 147
NTP architecture, 63–91
NTP associations
defined, 89
modes of operation and, 64–74
NTP authentication, in Unix/Linux
environments, 118
NTP authentication configuration, on a
Cisco router, 122
NTP client, checking round-trip delays
between servers and, 99
NTP client authentication configuration, on
a Cisco Catalyst switch, 121–122
NTP clock-filter procedure, round-trip delay
variable in, 72
NTP configuration
additional options, 126
basic, 107–116
basic approach to, 95–96
basic for a Juniper router, 116
basic for Cisco router/switch, 113–116
basic for dedicated timeserver, 107–108
basic for Unix/Linux clients, 108–110
basic for Unix/Linux primary timeserver,
110–111
with monitoring and troubleshooting in
mind, 135–136
need for scalability of, 59
typical for a Unix/Linux client, 111–113
NTP control messages, 51
functions of, 54
operation code values in, 54
NTP cryptographic authentication, as a
security mechanism, 82–87
NTP daemon, ntpd/xntpd program for
Linux/Unix, 134
NTP data message, structure of, 53
NTP deployment
choosing your NTP time source, 94–95
deciding on the NTP topology design, 95
determining features to configure for,
95–96
guidelines for small, medium, and large
networks, 128–131
importance of for businesses, 46–47
key steps for designing an effective, 94–96
monitoring and managing NTP
operations, 96
motivation for on a network, 93–94
on networks with and without Internet
access, 127–128
security considerations for, 80–87
NTP deployment concepts, 47–49
NTP design and configuration
approach to, 94–127
choosing your NTP time source, 96–103
deciding upon NTP topology at
deployment site, 104–106
determining NTP features to configure,
106–126
NTP devices, modes of operation and
associations they form, 64–74
NTP features, determining what to configure,
106–126
NTP hierarchy, illustration of the concept of,
49
NTP messages, types and functions of, 50–54
NTP mode categories, 74
NTP modes of operation, and associations
they form, 64–74
NTP networks
configuration for large, 131
configuration for medium sized, 130
configuration for small, 129
large, 130–131
management of large, 131
management of medium sized, 130
management of small, 129
medium-size, 129–130
ratio of internal servers to end user
devices for small, 129
time source for small, 129
time sources for large, 130
time sources for medium sized, 130
topology for large, 130
topology for medium sized, 130
topology for small, 129
NTP operational modes, 124–125
from the “Net Admin” perspective, 125
NTP operations
monitoring and managing, 126–127
tips for dealing with problems, 133
troubleshooting, 133
NTP peer, used by many networking
vendors, 107
NTP pool or public server(s)
access policies, 100
availability consideration, 98–99
considerations for NTP deployment,
98–103
disadvantages of for NTP deployment, 99
NTP pool servers, website address for
information about, 101
■INDEX148
NTP proposal: RFC 958, 55
NTP query program, ntpq for Linux/Unix,
134
NTP sample analysis, components included
in, 78
NTP sanity checks, 78–80
NTP security
on Cisco routers and switches, 119–122
considerations for NTP deployment,
80–87
features of, 116–122
in Unix/Linux environments, 117–119
NTP server
referred to as primary timeserver or a
stratum 1 server, 44
viewed from a quantum perspective,
13–14
NTP service environment, described in NTP
version 1, 56
NTP tests (sanity checks), relating to NTP
message header and data validity,
78–79
NTP time sources
choices for, 94–95
choices for networks with or without
Internet access, 127–128
choosing for your NTP deployment, 94–95
consideration for public servers vs. NTP
pool servers, 101
dedicated NTP servers, 87
factors involved in choosing, 96
local “masters” on the deployment
network, 88
possible for NTP deployment, 87–88
public servers, 88
redundant, 123–124
summary of key features, 103
NTP topology
deciding upon at the deployment site, 104
hub-and-spoke network infrastructure
design, 105–106
impact of network physical topology and
geography on, 106
level of network redundancy within,
104–105
NTP topology design, factors to consider in,
95
NTP variables
configurable, 79
nonconfigurable, 79–80
NTP variables’ analysis
first output from if client and server are
synchronized, 76
fourth output for client and master again
synchronized, 77
second output for time on the master
advanced by 10-plus years, 76
third output for no synchronization, 77
NTP variables classes, sample analysis of,
75–80
NTP version 1: RFC 1059, key topics
addressed by, 55–56
NTP version 2: RFC 1119, enhancements to
over NTP version 1, 57
NTP version 3, modes specified in, 65–73
NTP version 3 data messages
fields included in, 50–54
mode types and values for, 51
NTP version 3: RFC 1305, enhancements
over NTP version 2, 57–58
NTP version 4
modes specified in, 65–73
utility for generating public and private
keys, 85
NTP version 4 source code and
cryptographic libraries, websites
dedicated to, 140
NTP version 4 source files, website address
for current release of, 85
NTP versions 1, 2, 3, and 4, 55–58
ntp.conf file
parameters used with restrict command
in, 112–113
statistics collection configuration on, 135
ntpdc utility
a Linux/Unix query utility, 134
mode value normally used by, 51
ntp-genkeys utility, for generating public and
private keys, 85
NTP-inherent security features, of an NTP
security framework, 80
ntp-keygen program, for generating public
and private keys, 134
ntp.keys file, structure of, 118–119
ntpq utility, mode value normally used by, 51
NTP-related information, websites dedicated
to, 140
NTP-related programs and utilities,
Linux/Unix, 134
■INDEX 149
ntptrace utility, for tracing chain of NTP
servers up to primary time source,
134
ntpupdate utility, for setting date and time
via NTP, 134
■O
Offset, defined, 56, 89
Old Man of the Sea, Nereus known as, 29
Open System Interconnection (OSI)
reference model, tracing basis of
back to Troy, 33
OpenSSL library, website address, 85
operating system security, of an NTP security
framework, 80
operation code values, in NTP control
messages, 54
originate timestamp (64-bit unsigned fixed-
point integer) field, in NTP version 3
data messages, 53
■P
packet variables, NTP (Network Time
Protocol), 75
Palo Alto Research Center (PARC),
employment of Bob Metcalf and
David Boggs by, 32
parameters variables, NTP (Network Time
Protocol), 75
Paris, son of King Priam of Troy, choice made
by, 31
past, present, and future, as measures of
time, 3
Past Worlds: Atlas of Archeology, quotation
from, 28
Peer, terminology for in RFC 1305, 64
peer variables, NTP (Network Time Protocol),
75
Peleus, marriage to Thetis, 29–30
Period, defined, 8
per-VLAN spanning tree (PVST), 30
philosophical perspective, of time, 16
philosophy, defined, 16
physical network topology and geography,
impact of on NTP topology, 106
point-to-multipoint modes, 74
point-to-point (unicast) modes, level of
configuration needed by, 74
poll interval (8-bit signed integer) field, in
NTP version 3 data messages, 51
Pope Gregory the XIII, calendar changes
decreed by, 20
Postel, J., RFC 868 published by in May 1983,
42–43
precision (8-bit signed integer) field, in NTP
version 3 data messages, 51–52
prehistoric times, 27–29
vs. written history period, 28
PREPnet, interconnection with NSFnet, 34
primary reference source, network
administrators absolute clock
source, 44
primary timeserver/stratum 1 server. See also
dedicated private timeserver
advantages of choosing for NTP
deployment, 96–97
defined, 89
synchronization of time with UTC, 48
that sources time via GPS or NIST radio
station, 44
private dedicated timeservers. See dedicated
private timeservers
private key cryptography, problem with key
distribution in, 84
protocol machine, 89
public, defined in context of public key
cryptography, 85
public key cryptography, advantage and
disadvantage of, 84–85
public server(s) or NTP pool
access policies, 100
administration of is on voluntary basis,
101
availability consideration, 98–99
considerations for NTP deployment,
98–103
disadvantages of for NTP deployment, 99
formula to protect you against falsetickers,
102
impact of on your network’s security,
102–103
security, accuracy, and load consideration,
100–102
websites dedicated to, 139
■Q
quantum mechanics, 12–14
■R
Raleigh, Sir Walter, “Even Such Is Time” by, 23
receive timestamp (64-bit unsigned fixed-
point integer) field, in NTP version 3
data messages, 53
■INDEX150
redundant NTP time sources
redundancy between peers, 123
redundancy configuration on clients,
123–124
redundant secondary timeservers, 125
reference clock, 89, 90. See also primary
reference source
reference clock identifier (32-bit code) field,
in NTP version 3 data messages, 52
reference clock IP addressing, 90
reference timestamp (64-bit unsigned fixed-
point integer) field, in NTP version 3
data messages, 52
relative clock source, defined, 44
remote device, labels applicable to, 64
resource allocation, importance of for
network security, 81
restrict command
illustration of access control granularity
through the use of, 117–118
meaning of parameters used with in
ntp.conf file, 112–113
RFC 1059, NTP version 1, 55–56
RFC 1119, NTP version 2, 57
RFC 1305
mode value of 7 reserved by, 51
NTP version 3, 57–58
RFC 1305, Network Time Protocol (Version 3)
Specification, Implementation and
Analysis (University of Delaware,
1992)
by David L. Mills, 140
RFC 1361, SNTP initially defined in, 58
RFC 1602, for information on the protocol
standardization process, 51
RFC 1769, SNTP updated by, 58
RFC 1800, for information on the protocol
standardization process, 51
RFC 2030
anycast mode in SNTP specification,
72–73
SNTP updated by, 58
RFC 2030, Simple Network Protocol (SNTP)
Version 4 for IPv4, IPv6 and OSI
(University of Delaware, 1996)
by David L. Mills, 140
RFC 3228, IANA Considerations for IPv4
IGMP addressed in, 72
RFC 3376, IGMP version 3 specified in, 72
RFC 868, “Time Protocol” published in May
1983, 42–43
RFC 958, the initial NTP proposal, 55
risk analysis, importance of for network
security, 81
Rivest, Ronald L., Message Digest 5 (MD5)
algorithm developed by, 83
Roman Empire
ancient Rome and, 32–34
beginning of, 33
Roman Republic, end of, 33
root delay (32-bit signed fixed-point
number) field, in NTP version 3 data
messages, 52
root dispersion (32-bit signed fixed-point
number) field, in NTP version 3 data
messages, 52
round-trip delay, defined, 72
routing protocols
improved for Internet stabilization, 34
preeminence of Border Gateway Protocol
(BGP), 34
rule-of-thumb formula, for ascribing a size to
a business, 129
■S
sanity checks, 77. See also NTP sanity checks;
NTP tests (sanity checks)
scientific perspective of time, 6–16
seasons, as measures of time’s passage, 4
secure authentication, functions performed
in the course of facilitating, 86
secure NTP, 58
security audits, importance of for network
security, 81
security mechanisms, incorporated in the
Autokey protocol, 86–87
server, terminology for in RFC 1305, 64
server mode and association, function of,
69–71
servers, checking round-trip delays between
NTP client and, 99
Shakespeare, William
Sonnet 123 by, 24
Sonnet 64 by, 24
show ntp associations detail command,
sample outputs on a Cisco router,
75–80
Simple Network Time Protocol (SNTP),
evolution of, 58–59
Skew, defined, 90
SNTP, multicast mode available in, 71–72
SNTP version 4, specified by RFC 2030, 58
Sonnet 123, by William Shakespeare, 24
■INDEX 151
Sonnet 64, by William Shakespeare, 24
space, 3
Spanning Tree Protocol (STP), similarity to
Apple of Discord, 30
Sparta vs. Athens (determinism vs. creative
chaos), as precursor to Token Ring
LAN access method, 31–32
special theory of relativity, 10–11
state machine, 90
state variables and parameters, categorized
in NTP version 1, 56
stratum, defined, 91
stratum 0 server, defined, 91
stratum 1 server. See also primary
timeserver/stratum 1 server
reference clock identifier (32-bit code)
field, 52
stratum 2 server, reference clock identifier
(32-bit code) field, 52
stratum (8-bit integer) field, in NTP version 3
data messages, 51
stratum numbers, for identifying NTP
servers, 48–49
string theory, 15–16. See also superstring
theory
superstring theory, 14–16
supersymmetry theories, 15–16
SURAnet, interconnection with NSFnet, 34
symmetric active mode
function of, 65–68
redundant NTP servers operating in, 67
symmetric key cryptography, initial
implementation of, 83
symmetric passive mode, function of, 68
Symmetricom’s GPS timeserver, model NTS-
200, illustration of, 98
Symmetricom’s SyncServer S100, TCP/IP
configuration screen for, 109
system monitoring, importance of for
network security, 81
system variables, NTP (Network Time
Protocol), 75
■T
TCP/IP, replacement of Network Control
Protocol (NCP) by, 33
TCP/IP configuration screen, for
Symmetricom’s SyncServer S100, 109
TCP/IP suite, NTP as an application services
protocol within, 43–44
“The Autokey Security Architecture,
Protocols, and Algorithms” RFC
memo, published by David Mills, 86
The Cambridge Dictionary of Philosophy,
definition of time from, 16
The Industrial Revolution (James A. Corrick),
World History Series for young
readers, 36
The Life of Greece, from the Story of
Civilization series (Will Durant), 17
“The New Year”, by John Greenleaf Whittier,
24–25
theory of relativity. See also Einstein’s theory
of relativity
general, 11–12
special, 10–11
Thetis, 29–30
threat identification, importance of for
network security, 80
time
definition from The Cambridge Dictionary
of Philosophy, 16
the historical perspective, 16–23
importance of accurate and synchronized
on a network, 94
leap year the earthly synchronizer, 22–23
the literary perspective, 23–25
multiple views of, 3–25
the mysteries of, 25
the philosophical perspective, 16
prehistoric, 27–29
reference to in The Life of Greece, 17–18
references from Concise Routledge
Encyclopedia of Philosophy, 16
the scientific perspective, 6–16
time consumers, defined, 91
time dilation factor, derived from Hendrik
Lorentz’s transformation equations,
10–11
“Time Protocol”, RFC 868 published in May
1983, 42–43
time providers, defined, 91
time reference source, in NTP version 3 data
messages, 52
time sources, possible for NTP deployment,
87–88
time synchronization
importance of for time-dependent
operational activities, 46
tools, 21
time transcendence, the key to, 3–37
■INDEX152
time-dependent operational activities,
importance of time synchronization
for, 46
timestamps, values of in data messages, 54
Token Ring LAN access method, Sparta vs.
Athens as precursor of, 31–32
Token Ring LAN controllers, initial shipment
of by IBM, 31
transactional integrity, need for as
motivation for NTP deployment on a
network, 93
transmit timestamp (64-bit unsigned fixed-
point integer) field, in NTP version 3
data messages, 53
Trojan War, networking aspects of, 29–31
Troubleshooting, NTP operations, 133
Truechimer, defined, 91
■U
undisciplined local clock, 109
Universal Solvent (US), application of to the
“past” energy states, 35
Unix/Linux clients, basic NTP configuration
of, 108–110
Unix/Linux environments
NTP authentication in, 118
NTP security in, 117–119
Unix/Linux primary timeserver, basic NTP
configuration of, 110–111
Unix/Linux workstations and servers, NTP
programs for these environments,
133
U.S. National Institute of Standards and
Technology
call letters for radio stations operated by,
43
GPS satellite radio station operated by, 43
UTC. See Coordinated Universal Time (UTC)
utilities
ntpdc utility, 51
ntp-genkeys utility, 85
ntpq utility, 51
■V
version number (3-bit integer) field, in NTP
version 3 data messages, 50–51
Virgil (Roman poet), epic poem Aeneid by, 32
■W
W32Time. See Windows Time service
(W32Time)
Watson, Thomas, Sr., one-time chairman of
IBM, 36
website address
for current release of NTP version 4 source
files, 85
dedicated to ongoing research for NTP,
140
dedicated to select vendors for NTP, 140
for information about IPN, 61
for information about NTP pool servers,
101
for information about Symmetricom’s
timeservers, 107
for OpenSSL library, 85
for public NTP stratum 1 server
information, 48
for sites dedicated to Interplanetary
Internet, 140
for sites dedicated to NTP version 4 source
code and cryptographic libraries, 140
for sites dedicated to public servers and
pools, 139
Western Empire, fall of, 33
Whittier, John Greenleaf, “The New Year” by,
24–25
Windows Time service (W32Time), time
synchronization on Microsoft servers
with, 132–133
written history period
vs. Internet-era period, 28
vs. prehistoric times, 28
■X
Xerox Networking Service (XNS) protocol
suite, 32
xntpd/ntpd daemon, drift file maintained by,
110
■Z
Zeus, interest in Thetis daughter of Nereus,
29–30
■INDEX 153
Các file đính kèm theo tài liệu này:
- Expert Network Time Protocol.pdf