Network Services

My name is DNS & Time Check with NTP, Part 2

Next up is NTP – which stands for Network Time Protocol and the server it runs on… (you guessed it!) Is called an NTP Server.  The purpose of NTP is to synchronize the time of all devices within a domain and to provide ‘timestamps’ based on the services that utilizes them. Per David L. Mills, ‘…NTP is intended to synchronize all participating computers to within a few milliseconds of Coordinated Universal Time (UTC)’.

Ever wondered where your Windows computer/laptop gets its time from?  Well it gets the time from a NTP Server on the Internet and keeps it in synch to the system time in the BIOS (fun fact, I suppose).

Now the NTP Server(s) on your network – should synch its time from a reference clock that sits in the Internet which is to supposed to be quite accurate.  These [reference clocks] are named stratum 0 – highest of quality.

Commonly, Companies would be best served by implementing an NTP server of stratum 1 to ensure that devices on the network are properly synchronized, maintain accurate time behind a firewall, and comply with timekeeping regulations.

Accurate timestamping is key to root-cause analysis, determining when problems occurred and finding correlations. If network devices are out of sync by a few milliseconds or, in extreme cases a few seconds, it can be very difficult for network administrators to determine the sequence of events.

Ok so let’s go ahead and build out NTP Server…
As per usual, we’re going to use a CentOS VM to install our NTP services.

Task 1: Download and install CentOS 7
You can find the CentOS image here: https://www.centos.org/download/

Once installed.  It’s best to perform an update and install net-tools

1
2
[root@ntp ~]# yum -y update
[root@ntp ~]# yum –y install net-tools

Task 2: Install NTP Service

1[root@ntp ~]# yum -y install ntp

Now, take a look at the /etc/ntp.conf file and see the NTP Servers on the Internet to which you would sync to.  You can find a list of NTP time servers at http://www.pool.ntp.org/en/use.html and https://tf.nist.gov/tf-cgi/servers.cgi

1
2
3
4
5
6
7
8 9
[root@ntp ~]# vi /etc/ntp.conf

# Use public servers from the pool.ntp.org project.</pre>
<pre># Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst

The iburst option is used for each of the servers, per the NTP Pool recommendations. That way, if the server is unreachable, this will send a burst of eight packets instead of the usual one packet. Using the burst option in the NTP Pool Project is considered ‘abuse’ as it will send those eight packets every poll interval, whereas iburst sends the eight packets only the first time.

Task 3: Turn on NTP Services
To start the NTP services, check the status, stop the services and enable NTP services when the server is rebooted use the following:

1
2
3
4
[root@ntp ~]#systemctl start ntpd
[root@ntp ~]#systemctl status ntpd
[root@ntp ~]#systemctl enable ntpd
[root@ntp ~]#systemctl stop ntpd

Task4: Check NTP Synchronization
Check your NTP synchronization with your Internet time servers.  It should look like this:

1
2
3
4
5
[root@ntp ~]#ntpstat
synchronised to NTP server (204.27.56.163) at stratum 3
time correct to within 217 ms
polling server every 64 s
[root@ntp ~]#

If your NTP server won’t synchronize – stop the service perform the following to a specific server and start the service again:

1
2
3
4
5
6
7
8
9
10
[root@ntp ~]# systemctl stop ntpd
[root@ntp ~]# ntpdate -u server 0.centos.pool.ntp.org
Error resolving server: Name or service not known (-2)
17 Jun 17:10:04 ntpdate[1441]: Can’t find host server: Name or service not known (-2)
17 Jun 17:10:11 ntpdate[1441]: adjust time server 64.113.44.55 offset
-0.002823 sec
[root@ntp ~]# systemctl start ntpd
[root@ntp ~]# ntpstat
synchronised to NTP server (66.96.98.9) at stratum 3
time correct to within 1012 ms
polling server every 64 s

You can also check the health of your time server with the following option:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
[root@ntp ~]# ntpq -p  

remote                  refid       st      t   when  poll  reach   delay     offset  jitter  

==========================================================================================  
-propjet.latt.ne    44.24.199.34     3      u   52    64    377     72.870    8.885   4.040  

+66-96-98-9.ccup    64.250.105.227   2      u   58    64    377     42.723    4.831   1.566  

+dns-e.wdc-us.ho    128.227.205.3    2      u   54    64    377     12.032    4.881   1.121  

*ntp1.wiktel.com    .PPS.            1      u   45    64    377     37.768    4.630   1.098  

[root@ntp ~]#

Alright – Now you’re all set to present this NTP Server to your devices on your network.

Happy Configuring!

Leave a Reply

Your email address will not be published. Required fields are marked *