Next up is NTP – which stands for Network Time Protocol and the server it runs on… (you guessed it!) Is called an NTP Server. The purpose of NTP is to synchronize the time of all devices within a domain and to provide ‘timestamps’ based on the services that utilizes them. Per David L. Mills, ‘…NTP is intended to synchronize all participating computers to within a few milliseconds of Coordinated Universal Time (UTC)’.
Ever wondered where your Windows computer/laptop gets its time from? Well it gets the time from a NTP Server on the Internet and keeps it in synch to the system time in the BIOS (fun fact, I suppose).
Now the NTP Server(s) on your network – should synch its time from a reference clock that sits in the Internet which is to supposed to be quite accurate. These [reference clocks] are named stratum 0 – highest of quality.
Commonly, Companies would be best served by implementing an NTP server of stratum 1 to ensure that devices on the network are properly synchronized, maintain accurate time behind a firewall, and comply with timekeeping regulations.
Accurate timestamping is key to root-cause analysis, determining when problems occurred and finding correlations. If network devices are out of sync by a few milliseconds or, in extreme cases a few seconds, it can be very difficult for network administrators to determine the sequence of events.
Ok so let’s go ahead and build out NTP Server…
As per usual, we’re going to use a CentOS VM to install our NTP services.
Task 1: Download and install CentOS 7
You can find the CentOS image here: https://www.centos.org/download/
Once installed. It’s best to perform an update and install net-tools
|[root@ntp ~]# yum -y update |
[root@ntp ~]# yum –y install net-tools
Task 2: Install NTP Service
|1||[root@ntp ~]# yum -y install ntp|
Now, take a look at the /etc/ntp.conf file and see the NTP Servers on the Internet to which you would sync to. You can find a list of NTP time servers at http://www.pool.ntp.org/en/use.html and https://tf.nist.gov/tf-cgi/servers.cgi
|[root@ntp ~]# vi /etc/ntp.conf |
# Use public servers from the pool.ntp.org project.</pre>
<pre># Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
The iburst option is used for each of the servers, per the NTP Pool recommendations. That way, if the server is unreachable, this will send a burst of eight packets instead of the usual one packet. Using the burst option in the NTP Pool Project is considered ‘abuse’ as it will send those eight packets every poll interval, whereas iburst sends the eight packets only the first time.
Task 3: Turn on NTP Services
To start the NTP services, check the status, stop the services and enable NTP services when the server is rebooted use the following:
|[root@ntp ~]#systemctl start ntpd |
[root@ntp ~]#systemctl status ntpd
[root@ntp ~]#systemctl enable ntpd
[root@ntp ~]#systemctl stop ntpd
Task4: Check NTP Synchronization
Check your NTP synchronization with your Internet time servers. It should look like this:
|[root@ntp ~]#ntpstat |
synchronised to NTP server (22.214.171.124) at stratum 3
time correct to within 217 ms
polling server every 64 s
If your NTP server won’t synchronize – stop the service perform the following to a specific server and start the service again:
|[root@ntp ~]# systemctl stop ntpd |
[root@ntp ~]# ntpdate -u server 0.centos.pool.ntp.org
Error resolving server: Name or service not known (-2)
17 Jun 17:10:04 ntpdate: Can’t find host server: Name or service not known (-2)
17 Jun 17:10:11 ntpdate: adjust time server 126.96.36.199 offset
[root@ntp ~]# systemctl start ntpd
[root@ntp ~]# ntpstat
synchronised to NTP server (188.8.131.52) at stratum 3
time correct to within 1012 ms
polling server every 64 s
You can also check the health of your time server with the following option:
|[root@ntp ~]# ntpq -p |
remote refid st t when poll reach delay offset jitter
-propjet.latt.ne 184.108.40.206 3 u 52 64 377 72.870 8.885 4.040
+66-96-98-9.ccup 220.127.116.11 2 u 58 64 377 42.723 4.831 1.566
+dns-e.wdc-us.ho 18.104.22.168 2 u 54 64 377 12.032 4.881 1.121
*ntp1.wiktel.com .PPS. 1 u 45 64 377 37.768 4.630 1.098
Alright – Now you’re all set to present this NTP Server to your devices on your network.