what is ntp and how to configure ntp server on rhel and centos

In this post we will be discussing about one of the main dependency service, for many other services.

Network Time Protocol:

its a protocol used for synchronizing clock between machines, it works on the principle of Marzullo's algorithm. NTP protocol can maintain time accuracy in the range of 1 milliseconds, if configured correctly and is under ideal conditions.

• The current version of the protocol is NTPv4.
• It works on User Data gram Protocol
• it uses port 123
• When an ntp server queries another ntp server both source and destination ports are 123. but when a client queries a server, then source port is above 1023 and destination port is 123.

NTP uses hierarchical level of clocks, for its accuracy. its maintained as follows.

Each and every level in ntp heirarchy is defined by stratum. Stratum specifies the distance from the reference ntp server.

Stratum 0: these are devices like atomic clock, these devices are not used in the network. But stratum 1 servers are directly connected to the stratum  0 devices.

Stratum 1: these are servers that synchronises its time from the stratum 0 devices, and are connected to the stratum 0 devices.

Stratum 2: these devices are connected to stratum 1 servers for their time synchronisation. there are multiple stratum 2 servers, which will be contacting other stratum 1 servers, and based of the accuracy provides data to stratum 3 servers.

stratum 3: These devices are exactly the same as stratum 2 servers, and they take their synchronization data from stratum 2 servers.

Upto 256 stratum is supported in NTP. As of now only anybody beyond 16 strata is considered as not ntp time synchronised.

• The NTP servers firewall must be configured in such a way that it must allow both outgoing and incoming traffic to port 123 UDP.

Following are some of the stratum 1 servers from where you can get your NTP servers time synchronized.

ntp.amnic.net

time.markosyan.info

ntp.tbpl.com.au

ntp.melbourne.nmi.gov.au

and many more stratum 1 servers can be found from support.ntp.org

Installing and configuring our NTP server:

Installing NTP server can be done by the following method in Red hat Enterprise linux or Centos.

[root@myvm1 ~]# yum install ntp
 

The main config file for ntp /etc/ntp.conf

we need to enter all the ntp server hostname or ip's from where our NTP server will get synchronisation data.By default installation of the ntp package, the file will contain the following as servers.

server 0.rhel.pool.ntp.org
server 1.rhel.pool.ntp.org
server 2.rhel.pool.ntp.org
 

you can either change them and add the ntp server's of your choice there, or can use the same.

Restricting the servers mentioned in the file is a good idea from the security point of view. We can deny those NTP servers, to not to query us, and not to modify run time.

restrict default kod nomodify notrap nopeer noquery
 

the above entries are added by default after installation, which says that default entires cannot modify,cannot query our system.

Now As we are configuring an NTP server for our local network, we need to give them permission to allow time synchronization with our server.

this can be done by the following method.

restrict 172.16.0.0 mask 255.255.0.0 nomodify notrap

this says that the network 172.16.0.0 can query this server but cannot modify anything.

Now lets ask our NTP server to get synchronised with some stratum 1 server as below.

[root@myvm1 ~]# ntpq -p ntp.amnic.net
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
oGPS_NMEA(0)     .GPS.            0 l   13   16  377    0.000   -0.001   0.001
-ntp1.adc.am     .PPS.            1 u   39   64  377    2.440   -0.332   0.080
-nav.metrologie. .ATOM.           1 u   33   64  377  111.772   -2.719   0.267
-ntp4.ja.net     .DCFa.           1 u   23   64  377   92.657   -1.257   1.135
*ntp1.rrze.uni-e .DCFp.           1 u   48   64  377   73.475   -3.794   0.140
+ntp2.rrze.uni-e .PPS.            1 u   43   64  377   72.896   -3.368   1.921
+ptbtime1.ptb.de .PTB.            1 u    7   64  377   77.358   -3.194   1.035

Now lets check our NTP server's status and confirm whether its synchronized.

[root@myvm1 ~]# ntpstat
synchronised to NTP server (204.45.7.82) at stratum 3
   time correct to within 516 ms
   polling server every 64 s

Now this result says me that am synchronized with the server 173.248.148.27 at stratum 3.

Now we just need to make sure that our ntpd server is enabled to get started at bootime by

chkconfig ntpd on

Now client machines in our network can mention our newly configured NTP server IP in their config file and keep synchronized with our newly created server.

Hope you guys understood and enjoyed the post...Thank You