Networking Sysadmin

Network Time Protocol

Synchronizes clocks across network devices for consistent logging, authentication, and network operations

Network Time Protocol (NTP)

  • Purpose: Synchronizes clocks across network devices to ensure consistent timestamps for logging, authentication, and network operations
  • Critical for: Syslog entries, certificate validation, Kerberos authentication, and troubleshooting (you can’t correlate events without synchronized time)
  • Operates on: UDP port 123
  • Accuracy: Can achieve millisecond precision over WAN, microsecond precision over LAN

NTP Hierarchy (Stratum Levels)

  • Stratum 0: Reference clocks (atomic clocks, GPS) - not directly accessible via network
  • Stratum 1: Primary time servers directly connected to Stratum 0 sources
  • Stratum 2-15: Secondary servers that sync from higher stratum levels
  • Stratum 16: Considered unsynchronized (invalid)

Key Rule: Devices sync to sources with lower stratum numbers (closer to reference clock)

NTP Modes

Mode Description Use Case
Client Requests time from server End devices, most network equipment
Server Provides time to clients Dedicated time servers
Peer Mutual time exchange Redundant servers at same stratum
Broadcast Sends time periodically LAN environments (less accurate)

NTP Configuration Basics

  • Server Configuration: ntp server <ip-address> [prefer]
  • Authentication: ntp authenticate + ntp trusted-key + ntp authentication-key
  • Source Interface: ntp source <interface> (forces NTP packets from specific interface)
  • Master Clock: ntp master [stratum] (makes device act as authoritative source)

Time Synchronization Process

  • Initial Sync: Can take several minutes for accurate synchronization
  • Polling Intervals: Start at 64 seconds, adjust based on network conditions (16-1024 seconds)
  • Offset Threshold: If time difference >1000 seconds, NTP won’t sync automatically (step vs. slew)
  • Multiple Sources: NTP uses algorithms to select best time source and filter out bad actors
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21

NTP Time Sync Process

Client          NTP Server
  |                 |
  |--Time Request-->|
  |                 |
  |<--Time Reply----|
  |                 |
  |--Offset Calc--->|
  |                 |
  |<--Adjustment----|
  |                 |
[Synchronized]

Polling Intervals:
64s → 128s → 256s → 1024s
(adjusts based on stability)

Offset Check:
>1000s = Manual step required
<1000s = Auto slew adjustment

Vocabulary

Stratum: Hierarchical level indicating distance from reference clock source Offset: Time difference between local clock and NTP server Jitter: Variation in network delay between NTP packets Drift: Rate at which local clock deviates from accurate time Step: Immediate time adjustment (large corrections) Slew: Gradual time adjustment (small corrections)

Notes

  • Always configure multiple NTP servers for redundancy (minimum 3 for proper voting)
  • Use show ntp status and show ntp associations to verify synchronization
  • Security consideration: NTP can be exploited for DDoS amplification attacks - use access lists to restrict sources
  • Stratum gotcha: Lower number = higher priority (Stratum 1 beats Stratum 2)
  • For mission-critical environments, consider NTP authentication to prevent time manipulation attacks
  • Real-world tip: Many organizations use internal NTP servers that sync to external sources rather than having all devices sync directly to internet NTP pools
  • SNTP (Simple NTP) is client-only version - sufficient for basic time sync but lacks full NTP features