Build an NTP server in Ubuntu

Source: Internet
Author: User
Preface a time error occurred on a self-managed server, which caused a problem in the display time of mail sending, here we will take the time to record the process of building an NTP server. The Network Time procotol (NTP protocol) aims to deliver a unified and standard time on the Internet. The specific implementation scheme is to specify several clock source websites on the network to provide time service for users, and these websites should be able to compare with each other to improve accuracy. NTP is a complex synchronization time protocol that spans a wide area network or a LAN. It generally provides millisecond-level precision. Rfc2030 describes SNTP (Simple Network Time Protocol) for hosts that do not require complete NTP for complexity. It is a subset of NTP. Generally, several hosts on the LAN synchronize the clock with other NTP hosts over the Internet, and then provide the time synchronization service to other clients in the LAN. The NTP protocol is a high-level protocol of the OSI reference model. It complies with the UDP transmission protocol format and has a dedicated port of 123. Over time, the computer clock tends to drift. Network Time Protocol (NTP) is a way to ensure that your clock remains accurate. It provides a time synchronization mechanism between routers, switches, workstation and servers. NTP server is often used in IT system environments with time synchronization requirements. Server configuration and installation
sudo apt-get install ntp
Configuration File Location
sudo  /etc/ntp.conf

Configuration method

The upper-layer NTP server is configured using the server. The upper-layer NTP server is configured in the following way: Server [IP or hostname] [prefer] parameter description: IP or hostname: IP address or domain name prefer of the Upper-layer NTP server: indicates the master driftfile that is preferentially used: record the time difference. Because the preset NTP server's time calculation is based on the BIOS chip fluctuation cycle frequency, but this value is different from the upper-layer time server. So the NTP daemon will automatically calculate the frequency of our host and the upper timeserver, and record the error of the two frequencies, the recorded file is the complete file name followed by driftfile.
Note:
  • It is recommended that the server use hostname because IP addresses may change due to data center migration in the LAN.

Common time servers: http://www.pool.ntp.org/zone/cnconfiguration file example restart ntpserver
sudo /etc/init.d/ntp restart

Command for viewing NTP running status

ntpq -p

Example parameter explanation

NTP parameter description remote: Remote NTP server refID connected to the local machine: refers to the address st of the last NTP Host referenced in the remote server level. Because NTP is a hierarchical structure, there is a top server, and the multi-layer relay server goes to the client. therefore, the server level from high to low can be set to 1-16. in order to reduce the load and network congestion, in principle, we should avoid directly connecting to the when of a server with a level of 1: Use timing, it is used to tell us how long the local machine will need to synchronize time with the remote server poll: the local host and remote server time for one synchronization (in seconds) Reach: This is an octal value, indicates the number of times that the NTP server has requested updates. Every successful connection, its value is added with 1 delay: the delay time during network transmission, in the unit of microsecond offset: time difference between our local machine and the server. Unit: millisecond jitter: time difference between Linux system time and bios hardware time, unit: microsecond
Server Status Parameters
*: It tells us that the remote server has been confirmed as our master NTP server, and our system time will be provided by this machine +: it will serve as a secondary NTP server and a server with a * number to provide us with synchronization services. when the * server is unavailable, it can take over-: remote servers are considered to be unqualified by clustering algorithm NTP serverx: remote servers are unavailable

Security requirements for NTP security settings run an NTP server does not need to occupy a lot of system resources, so you do not need to configure an independent server to provide time synchronization services for many clients, however, some basic security settings are still necessary, providing an idea:

  1. Only some users in the LAN are allowed to connect to our server.
  2. These clients cannot modify the time on our server.
Security settings in the/etc/NTP. conf file, we can use the restrict keyword to configure the above requirements:
[Restrict] parameter setting method: restrict [Your IP] Mask [netmask_ip] [parameter]. Parameter parameters mainly include: Ignore: rejecting all types of NTP connections nomodify: the client cannot use the ntpc and ntpq programs to modify the server's time parameter noquery: the client cannot use commands such as ntpq and ntpc to query the server time, which is equal to notrap when no NTP network is provided: the remote time logon function of trap is not provided. notrust: reject unauthenticated client nopeer: synchronize time with NTP servers on the same layer.
Reference Configuration
  1. Deny all operations on the default client.
    restrict default kod nomodify notrap nopeer noquery

  2. Then allow all operations on the local address
    restrict 127.0.0.1

  3. Finally, allow the specified client in the LAN to connect to the server for synchronization, but refuse to modify the server time.
    restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

Default Configuration

Note:

The default configuration is to prohibit all clients from modifying the server time. Therefore, I think the default configuration is sufficient for the NTP client configuration synchronization method. Here we already have our own relay NTP server. If we want to synchronize time between all clients in the LAN, we should set up relay server according to the above method, and then all clients will point to that server. Note:
  • Because the time error between ntpd server/client cannot exceed 1000 seconds, you need to manually synchronize time and then set NTP. conf
Ntpdate
Ntpdate [-DV] [ntp ip/hostname] parameter description:-D: Enter debug to show more effective information-V: display more messages
The difference between ntpdate and ntpd: ntpd is not only a time synchronization server, but also a client and a standard server for synchronous time. ntpdate is not an immediate synchronization of ntpdate, and should be used with caution in the production environment. Because ntpdate is synchronized immediately, after obtaining a time, ntpdate uses settimeofday (2) to set the system time, which will generate a clock hop. Using ntpdate to adjust the time has several obvious problems:
  • This is not safe.
  • This is not accurate enough
  • Not elegant enough
Reference http://www.mike.org.cn/articles/linux-time-set-and-sync-ntp/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.