Offered by David L. Mills of Delaware University. http://www.eecis.udel.edu/~mills [email protected]
Slightly adapted from Reinhard V. Hanxleden CAU Kiel. [email protected]
Original http://www.doc88.com/p-7864235424656.html
Related articles http://blog.chinaunix.net/uid-13532695-id-90421.html
Baidu Library Address http://wenku.baidu.com/view/0d5fbe4b2cc58bd63186bdc0
(a) Introduction
(1) Network Time Protocol (NTP) synchronizes the clocks of hosts and routers on the Internet.
(2) On a wide area network, it provides a nominal accuracy of less than a few milliseconds, it provides sub-millisecond accuracy for LAN, and if a precision time generator (such as a cesium oscillator or a GPS receiver) is used, it can provide sub-microsecond error.
(3) The NTP Daemon for UNIX can be ported to almost every workstation and server platform that exists today (from PC to Cray), and is suitable for UNIX,WINDOWS,VMS and embedded systems.
(4) There are over 100,000 network time protocols deployed on the Internet with its tributaries all over the world.
(5) for a variety of types of fault stability, including clock source differences, malicious attacks and implementation of the bug.
Our approach is based on different network paths, redundant servers, and a complex set of manual mitigation algorithms.
(6) The server auto and client configuration optimizes performance under resource constraints.
Our approach is based on network multicasting and broadcasting, along with engineering drop-add heuristics.
(7) Automatic authentication with public key and key encryption.
Our approach uses automatic generation and management of key control lifetimes and design algorithms to avoid loss of precision due to encryption delays.
(ii) How NTP works
(1) Multi-synchronizer provides redundancy and versatility
(2) The clock filter selects the best of the eight clock offset samples from a window
(3) Crossover and clustering algorithms pick the best sub-servers that are considered accurate and have been ruled out
(4) Combinatorial algorithm calculates the weighted average of the most accurate offsets
(5) phase/frequency lock feedback loop trains local clock time and frequency to achieve maximum accuracy and stability
(iii) NTP filtering algorithm
(1) with minimum measurement delay, close to accurate clock offset Q d (wedge vertex)
(2) The phase deviation weighted average is greater than the last eight samples, as an error estimate
(3) Frequency dispersion represents clock reading and frequency tolerance deviation--for distance measurement
(4) Synchronization deviation-with measuring distance and maximum error bounds, the time jitter range must be
(d) Crossover algorithm
(1) Initially, set the error sets F and the calculator c,d to zero
(2) Start scanning from the leftmost endpoint: add one to each low-end point, minus one for each high-level point, and one for each point, plus a
(3) if c>m-f, d>m-f. Test Complete Exit Program
(4) Do the same for the right edge
(5) If success is not announced, F+1, at the beginning of the
(6) If F "M/2, this failure
Note:
(1) The intersection algorithm can eliminate falsetickers, while preserving the truechimers (offset at the midpoint of the interval is truechimers)
(2) The DTS correctness interval is the intersection, and this intersection contains the points in the maximum interval
(3) The midpoint of the interval required by the NTP algorithm is in the intersection
(4) The intersection algorithm is essentially to find the closest time value to the standard NTP
(v) Clustering algorithm
1) by increasing the sync distance, the intersction algorithm filters the survivor sort. n is the number of survivors, nmin the lower limit.
2) For each survivor Si, select Si and all other people to calculate the difference in the clock between them (weighted sum).
3) Let the Smax survivors maximize the selection of dispersion (relative to other survivors) and smin survivors with the lowest sample dispersion (clock differences relative to the previous samples of the same survivor).
4) The last survivor treatment combines the algorithm to produce a weighted average as the final compensation adjustment
(vi) NTP automatic configuration
1) Dynamic peer discovery
Initial discovery using NTP multicast and manycast mode
Enhanced by DNS, network and service location protocol
Enhanced NTP subnet search using standard monitoring facilities
2) Automatic optimal configuration
Measurement distances designed to maximize accuracy and reliability
Constraint depends on wedge type limit and maximum distance constraint
Complexity issues require intelligent judgment
3) candidate Optimization algorithm
multicast mode with or without initial propagation delay calibration
-Broadcast mode with administrative and/or TTL delimited ranges
Distributed, hierarchical, greedy add/delete selection
4) Multicast program (moderate accuracy)
Local server flooding and periodic multicast response messages
The customer then uses the client/server unicast mode for the first contact to measure propagation delay and then continues to receive only mode
5) Broadcast plan (maximum accuracy)
--At the beginning, customer local flood multicast request message
Server response and Multicast response messages
The client then continues the server as if the client/server mode is configured in normal unicast
6) Two solution requires effective implosion/explosion control
Ring search using TTL and management scope
Redundant network traffic avoids the use of multicast responses and rumors spread
Overpopulation client/server uses NTP clustering algorithm and control timeout to discard
7) Cyclic dilemma
Encryption keys cannot endure beyond the execution of life
Implementing a life-long need for secure timekeeping
Secure timing requires password authentication
8) authentication and synchronization protocol for each peer to work independently, with each one can achieve a preliminary result
9) When authentication is received and synchronization is complete, the peer is added to the server data that acknowledges that it can be used for system clock synchronization
10) concurrency requires all public keys for the entire process, including those used for signing certificates that must be executed.
11) But the Achilles ' heel of using public key encryption is that it's too slow.
(vii) Delay calculation
1) We want T3 and T4 timestamps to accurately correct the network
If the server output latency is small, t3a will approximate T3
-T3A The Cryptosum calculation cannot be included in the package, but can be included in the next sent message; use t3b close to T3
T4 is the most network driver outage time, if not, the best approximation for using T4A T4
2) The biggest error is usually in the cryptosum output
Depending on the architecture of the private key algorithm (MD5,DES-CBC), the operating time range is from ten MS to 1 milliseconds, but can be predicted fairly well
Based on schema public key algorithm (RSA) run time range of MS, but height variable and depends on message content
Note: T3B client packet time, T3A server receive time, T3 server processing time, T4 client Accept package time, T4A client processing time.
(eight) Summary of MD5 information
Measure sub-structure 128-bit hash 48-octet NTP using MD5 algorithm in Rsaref head
(ix) MD5/RSA digital signature
Measurement time (s) building a digital signature using Rsaref
Message authentication code is hashed by 48-octet NTP header and MD5 and then encrypted with RSA 512-bit private key
(10) NTP authentication scheme
Session key generation identifier using IP address and key
The initial key identifier is random, and each success indicator is random for the previous one
Use reverse in the session key list; The client verifies that the hash current session key matches the nearest session key identifier
Interval, the server generates a random server key and generates a public value to encrypt it with RSA
When the server key changes, the customer gains public value and decrypts and verifies that it matches the key of the server
(11) NTPv4 Progress and status
1) NTP version 4 architecture and algorithm implementation and testing
Simple NTP (SNTP) version 4 spec now Internet draft
Improved local clock model now standard NTP features
Precision Digital Core modification now Unix4.0 and Sun Solaris 2.6
2) automatic configuration
Multicast server discovery now standard NTP functionality
-manycast server discovery Implementation and testing
Distributed Add/Remove greedy heuristic design and simulation
-span-limited, layered multicast groups using NTP distributed mode and Add/remove heuristic learning
3) Password Authentication
-Automatic key scheme is implemented and tested
Public key certificate discovery and validation scenarios will follow the IETF model
4) Complete the NTP version 4 protocol test and validation project
Deploy, test, and evaluate the NTP version 4 daemon on the local network
Deploy and Test at DARPA Test Bench (Dartnet and Kane)
Deploy and test friendly locations in the United States, Europe and Asia
5) Check standards conform to IETF, ANSI, ITU, POSIX
Modify NTP formal specifications and standards
Participation in the NIST deployment strategy, USNO, etc.
6) Other application Web caches such as development scenarios, DNS servers, and other multicast services
(12) NTP network resources
1) Internet (draft) standard RFC-1305 version 3
Simple NTP (department) version 4 specification rfc-2030
Designation SafeNet Standard (Navy)
Based on ANSI, ITU, POSIX
2) NTP page http://www.eecis.udel.edu/~ntp
NTP version 3 Release notes and HTML documents
Attach some public NTP time servers (primary and secondary)
NTP Newsgroups and FAQ outline
tutorials, tips, and bibliography
3) NTP version 3 implementation and documentation for UNIX, VMS, Windows
Porting to 24 architectures and operating systems
Remote monitoring, control and performance evaluation for utility projects
A discussion of multi-network clocks