Network Time Protocol NTP General Overview David L

Network Time Protocol (NTP) General Overview David L. Mills University of Delaware http: //www. eecis. udel. edu/~mills mailto: mills@udel. edu alautun, Maya glyph 25 -Oct-21 1

Introduction l Network Time Protocol (NTP) synchronizes clocks of hosts and routers in the Internet l Well over 100, 000 NTP peers deployed in the Internet and its tributaries all over the world l Provides nominal accuracies of low tens of milliseconds on WANs, submilliseconds on LANs, and submicroseconds using a precision time source such as a cesium oscillator or GPS receiver l Unix NTP daemon ported to almost every workstation and server platform available today - from PCs to Crays - Unix, Windows, VMS and embedded systems l Following is a general overview of the NTP architecture, protocol and algorithms l Data are included from a survey of NTP clients and servers in the Internet of 1997 25 -Oct-21 2

Needs for synchronized time l Stock market sale and buy orders and confirmation timestamps l Network fault isolation, reporting and restoral l Network monitoring, measurement and control l Distributed multimedia stream synchronization l RPC at-most-once transactions; replay defenses; sequence-number disambiguation l Research experiment setup, measurement and control l Cryptographic key management and lifetime control 25 -Oct-21 3

NTP capsule summary l Primary (stratum 1) servers synchronize to national time standards via radio, satellite and modem l Secondary (stratum 2, . . . ) servers and clients synchronize to primary servers via hierarchical subnet l Clients and servers operate in master/slave, symmetric or multicast modes with or without cryptographic authentication l Reliability assured by redundant servers and diverse network paths l Engineered algorithms reduce jitter, mitigate multiple sources and avoid improperly operating servers l System clock is disciplined in time and frequency using an adaptive algorithm responsive to network time jitter and clock oscillator frequency wander 25 -Oct-21 4

NTP configurations S 3 S 3 S 2 S 4 S 2 S 3 Workstation (a) S 1 * S 2 S 3 * Clients (b) S 1 S 2 S 1 * S 1 S 2 Clients (c) S 1 * S 1 S 2 * * to buddy (S 2) l (a) Workstations use multicast mode with multiple department servers l (b) Department servers use client/server modes with multiple campus servers and symmetric modes with each other l (c) Campus servers use client/server modes with up to six different external primary servers and symmetric modes with each other and external secondary (buddy) servers 25 -Oct-21 5

How NTP works Peer 1 Filter 1 Peer 2 Filter 2 Peer 3 Filter 3 NTP Messages Intersection and Clustering Algorithms Timestamps Combining Algorithm Loop Filter P/F-Lock Loop VFO l Multiple synchronization peers provide redundancy and diversity l Clock filters select best from a window of eight clock offset samples l Intersection and clustering algorithms pick best subset of servers believed to be accurate and fault-free l Combining algorithm computes weighted average of offsets for best accuracy l Phase/frequency-lock feedback loop disciplines local clock time and frequency to maximize accuracy and stability 25 -Oct-21 6

NTP process decomposition (NTPv 4) Peer 1 Filter 1 Peer 2 Filter 2 Peer 3 Filter 3 Remote Servers Peer Processes Selection and Clustering Algorithms Combining Algorithm System Process Loop Filter Clock Adj. Proc. VFO l Each peer process runs independently at poll intervals determined by the system process and remote server l System process runs at poll intervals determined by the measured network phase jitter and local clock oscillator frequency stability l Clock adjust process runs at 1 -s intervals to discipline the VFO phase and frequency 10/25/2021 7

NTP dataflow analysis Server 1 D, E Peer 1 q, d, e, j Server 2 D, E Peer 2 q, d, e , j Server 3 D, E Peer 3 q, d, e , j Selection and Combining Algorithms System Q, D, E, j l Each server calculates server variables offset Q, delay D and dispersion E relative to the root of the synchronization subtree l At each NTP message arrival, the peer process updates peer offset q, delay d, dispersion e and filter error jr (NTPv 4) from timestamps and clock filter algorithm l At system poll intervals, the clock selection and combining algorithms update system variables Q, D, E, and j l Dispersions e and E increase with time at a rate depending on specified frequency tolerance f 25 -Oct-21 8

Clock filter algorithm T 2 Server T 3 x q 0 T 1 l Client T 4 The most accurate offset q 0 is measured at the lowest delay d 0 (apex of the wedge scattergram). – The correct time q must lie within the wedge q 0 ± (d - d 0)/2. – The d 0 is estimated as the minimum of the last eight delay measurements and (d 0 , q 0) becomes the offset and delay output. – Each output can be used only once and must be more recent than the previous output. l The distance metric l is based on delay, frequency tolerance and time since the last measurement. 25 -Oct-21 9

Performance of clock filter algorithm l These plots show the absolute clock offset in semilog coordinates for a path between the US east and west coasts over six days – (left) Raw absolute data offset samples – (right) Data offset samples processed by the clock filter algorithm l The algorithm reduces offset errors by a factor of about ten l The algorithm is particularly effective at removing spikes 10/25/2021 10

Intersection algorithm B A D C Correct DTS Correct NTP correctness interval = q - l £ q 0 £ q + l m = number of clocks f = number of presumed falsetickers A, B, C are truechimers D is falseticker l DTS correctness interval is the intersection which contains points from the largest number of correctness intervals l NTP algorithm requires the midpoint of the intervals to be in the intersection – Initially, set falsetickers f and counters c and d to zero l l Scan from far left endpoint: add one to c for every lower endpoint, subtract one for every upper endpoint, add one to d for every midpoint If c m - f and d m - f, declare success and exit procedure – Do the same starting from the far right endpoint 25 -Oct-21 l If success undeclared, increase f by one and try all over again l if f m/2, declare failure 11

Clustering algorithm Sort survivors of intersection algortihm by increasing synchronization distance. Let n be the number of survivors and nmin a lower limit. For each survivor si, compute the select dispersion (weighted sum of clock difference squares) between si and all others. Let smax be the survivor with maximum select dispersion (relative to all other survivors) and smin the survivor with minimum sample dispersion (clock differences relative to past samples of the same survivor). smax £ smin or n £ nmin? yes no Delete the survivor smax; reduce n by one The resulting survivors are processed by the combining algorithm to produce a weighted average used as the final offset adjustment 25 -Oct-21 12

Error budget - notation l Constants (peers A and B) r maximum reading error f w l l D E js j t maximum frequency error dispersion normalize: 0. 5 Packet variables DB peer root delay EB peer root dispersion l l Sample variables T 1, T 2, T 3, T 4 protocol timestamps x clock offset y roundtrip delay z dispersion t interval since last update 10/25/2021 System variables Q clock offset root delay root dispersion selection jitter interval since last update Peer variables q clock offset d roundtrip delay e dispersion jr filter jitter n filter stages: 8 t interval since last update 13

Error budget - calculations Sample Variables Peer Variables System Variables S S Peer A S Peer B NTP Version 4 Error Budget 10/25/2021 14

Clock discipline algorithm NTP qr + qc- VFO Vc Phase Detector Vd Clock Filter Vs Loop Filter x Clock Phase/Freq y Adjust Prediction l Vd is a function of the phase difference between NTP and the VFO l Vs depends on the stage chosen on the clock filter shift register l x and y are the phase update and frequency update, respectively, computed by the prediction functions l Clock adjust process runs once per second to compute Vc, which controls the frequency of the local clock oscillator l VFO phase is compared to NTP phase to close the feedback loop 10/25/2021 15

NTP protocol header and timestamp formats NTP Protocol Header Format (32 bits) LI VN Mode Strat Poll Root Delay Root Dispersion Reference Identifier Cryptosum Prec leap warning indicator version number (4) stratum (0 -15) poll interval (log 2) precision (log 2) Reference Timestamp (64) NTP Timestamp Format (64 bits) Originate Timestamp (64) Receive Timestamp (64) Seconds (32) Fraction (32) Value is in seconds and fraction since 0 h 1 January 1900 Transmit Timestamp (64) NTPv 4 Extension Field 1 (optional) Extension Field 2… (optional) Authenticator (Optional) LI VN Strat Poll Prec Field Length Field Type Extension Field (padded to 32 -bit boundary) Last field padded to 64 -bit boundary Key/Algorithm Identifier Message Hash (64 or 128) NTP v 3 and v 4 NTP v 4 only authentication only Authenticator uses DES-CBC or MD 5 cryptosum of NTP header plus extension fields (NTPv 4) 10/25/2021 16

A day in the life of a busy NTP server l NTP primary (stratum 1) server rackety is a Sun IPC running Sun. OS 4. 1. 3 and supporting 734 clients scattered all over the world l This machine supports NFS, NTP, RIP, IGMP and a mess of printers, radio clocks and an 8 -port serial multiplexor l The mean input packat rate is 6. 4 packets/second, which corresponds to a mean poll interval of 157 seconds for each client l Each input packet generates an average of 0. 64 output packets and requires a total of 2. 4 ms of CPU time for the input/output transaction l In total, the NTP service requires 1. 54% of the available CPU time and generates 10. 5, 608 -bit packets per second, or 0. 41% of a T 1 line l The conclusion drawn is that even a slow machine can support substantial numbers of clients with no significant degradation on other network services 25 -Oct-21 18

Server population by stratum (from survey) 25 -Oct-21 19

Client population by stratum (from survey) 25 -Oct-21 20

Reference clock sources l In a survey of 36, 479 peers, found 1, 733 primary and backup external reference sources l 231 radio/satellite/modem primary sources – 47 GPS satellite (worldwide), GOES satellite (western hemisphere) – 57 WWVB radio (US) – 17 WWV radio (US) – 63 DCF 77 radio (Europe) – 6 MSF radio (UK) – 5 CHU radio (Canada) – 7 modem time service (NIST and USNO (US), PTB (Germany), NPL (UK)) – 25 other (precision PPS sources, etc. ) l 1, 502 local clock backup sources (used only if all other sources fail) l For some reason or other, 88 of the 1, 733 sources appeared down at the time of the survey 25 -Oct-21 23

Current progress and status l NTP Version 4 protocol, architecture and algorithms – Backwards compatible protocol algorithm implemented and tested – Improved local clock model completed and tested – Nanokernel precision time kernel modifications simulated, implemented and tested with SPARC, Alpha and Intel architectures – IETF pulse-per-second application program interface implemented and tested for SPARC and Intel architectures l Autonomous configuration autoconfigure – Multicast discovery with propagation correction completed and tested – Manycast discovery largely completed – Distributed add/drop greedy heuristic designed and simulated – Span-limited, hierarchical multicast groups using NTP distributed mode and add/drop heuristics under study l Autonomous authentication autokey – Implemented and in test 25 -Oct-21 26

Future plans l Complete autoconfigure and autokey implementation in NTP Version 4 l Deploy, test and evaluate NTP Version 4 daemon in DARTnet II testbed, then at friendly sites in the US, Europe and Asia l Revise the NTP formal specification and launch on standards track l Participate in deployment strategies with NIST, USNO, others l Prosecute standards agenda in IETF, ANSI, ITU, POSIX l Develop scenarios for other applications such as web caching, DNS servers and other multicast services 25 -Oct-21 27

NTP online resources l NTP specification documents – Internet (Draft) NTP standard specification RFC-1305 – Simple NTP (SNTP) RFC-2030 – NTP Version 4 papers and reports at http: //www. eecis. udel. edu/~mills – Under consideration in ANSI, ITU, POSIX l NTP web page http: //www. ntp. org/ – NTP Version 3 and Version 4 software and HTML documentation l Utility programs for remote monitoring, control and performance evaluation l Ported to over two dozen architectures and operating systems – Supporting resources 25 -Oct-21 l List of public NTP time servers (primary and secondary) l NTP newsgroup and FAQ compendia l Tutorials, hints and bibliographies l Links to other NTP software 28

Further information l Network Time Protocol (NTP): http: //www. ntp. org/ – Current NTP Version 3 and 4 software and documentation – FAQ and links to other sources and interesting places l David L. Mills: http: //www. eecis. udel. edu/~mills – Papers, reports and memoranda in Post. Script and PDF formats – Briefings in HTML, Post. Script, Power. Point and PDF formats – Collaboration resources hardware, software and documentation – Songs, photo galleries and after-dinner speech scripts l FTP server ftp. udel. edu (pub/ntp directory) – Current NTP Version 3 and 4 software and documentation repository – Collaboration resources repository l Related project descriptions and briefings – See “Current Research Project Descriptions and Briefings” at http: //www. eecis. udel. edu/~mills/status. htm 25 -Oct-21 29