For server operations, we need to pay special attention to several issues
1, for the e-commerce platform, the first is the time problem, so we first want the server time of the regular synchronization
NTP Server Build- up
NTP ( Network Time Protocol Time Network protocol)
currently used by NTP almost all of them . NTPv3 by RFC1305 Document Description
second-level accuracy SNTP ( Simple Network Time protocol ) by RFC2030 Description
NTP belongs to the Application layer protocol, using UDP 123 Port
NTP In addition to estimating the round-trip delay time of a packet over a network, it is possible to independently estimate the time skew of a computer to achieve high-precision computer - NTP can provide 1~50ms trusted time source and network work path.
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/58/C7/wKioL1S8mK3AvTxoAABp0mH7AbM450.jpg "style=" float: none; "title=" 1.png "alt=" Wkiol1s8mk3avtxoaabp0mh7abm450.jpg "/>
How NTP works
Describe
T1 client-side time of sending packets, clocks from the clients
T2 the time the server receives the packet, the clock from the server
T3 When the server sends an answer packet, the clock from the server
The time the T4 client receives the packet, the clock from the client side
in the NTP sends packets that can be unicast, multicast, or broadcast, while also supporting access control and MD5 authentication Functions
two types of messages from NTP
1, clock synchronization message
the message is the core content of the NTP protocol
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/58/CA/wKiom1S8l9zC29D1AAKPIxMvJW4425.jpg "style=" float: none; "title=" 2.png "alt=" Wkiom1s8l9zc29d1aakpixmvjw4425.jpg "/>
can be seen from the Wireshark user-friendly hints that this is the client side sent to the server side
Leap indicator Jumping timer with a value of one for clock not synchronizing 3bit
Mode length 3bit indicates the working mode of NTP,
3 Customer Model
4 Server Mode
5 Broadcast or multicast mode
6 This message is an NTP control Message
1, control Messages
This message mainly provides users with some additional functions related to network management, which is not necessary for clock synchronization.
Stratum the number of layers of the system clock, the value range "1~16", which determines the accuracy of the clock. the clock with a number of layers of 1 has the highest accuracy, decreasing indescending order, indicating that theclock is not synchronized and cannot be used as a reference clock
Installation
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/58/CA/wKiom1S8l9zQkQGwAACMpjSaeZc032.jpg "style=" float: none; "title=" 3.png "alt=" Wkiom1s8l9zqkqgwaacmpjsaezc032.jpg "/>
Important Documents
NTP.CONF Server's main configuration file
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/C7/wKioL1S8mK_g_ij9AABTMoNBJz0600.jpg "style=" float: none; "title=" 4.png "alt=" Wkiol1s8mk_g_ij9aabtmonbjz0600.jpg "/>
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/CA/wKiom1S8l9yTSqXBAACBzWyPE6c510.jpg "style=" float: none; "title=" 5.png "alt=" Wkiom1s8l9ytsqxbaacbzwype6c510.jpg "/>
Keys holds the key file
Step-tickers Store the address of the clock source host
NTP server-side configuration
ntp.conf configuration file Detailed
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/C7/wKioL1S8mK-B-a08AACkhsu4FNk261.jpg "style=" float: none; "title=" 6.png "alt=" Wkiol1s8mk-b-a08aackhsu4fnk261.jpg "/>
let's see what Driftfile is for.
each system clock frequency has a small error, causing the machine to run for a period of time is not accurate,NTP will automatically monitor our clock error value and adjust,driftfile is to record the error in the operation of the machine, so that the results will not be lost after restarting. This time offset file records the frequency offset of the local clock and the authoritative clock, which is updated hourly based on the synchronization results
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/58/C7/wKioL1S8mK_xrjzJAADwp57froc471.jpg "style=" float: none; "title=" 7.png "alt=" Wkiol1s8mk_xrjzjaadwp57froc471.jpg "/>
can be obtained from the annotations, allowing the client side to treat the NTP server as a synchronous clock source, but cannot change and query the NTP server configuration
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/58/CA/wKiom1S8l92hf3yAAADySdYbApw360.jpg "style=" float: none; "title=" 8.png "alt=" Wkiom1s8l92hf3yaaadysdybapw360.jpg "/>
The loopback interface allows for all access, which can affect some management functions, which means that access control is done through the loopback interface
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/58/C7/wKioL1S8mLDh32KjAACRrVPpfOU736.jpg "style=" float: none; "title=" 9.png "alt=" Wkiol1s8mldh32kjaacrrvppfou736.jpg "/>
Some restrictions on the computer on the local subnet, the default is not to provide modification and remote login functionality
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/58/CA/wKiom1S8l96SJ3jzAAImDtW-o5A272.jpg "style=" float: none; "title=" 10.png "alt=" Wkiom1s8l96sj3jzaaimdtw-o5a272.jpg "/>
the item first specifies 4 upper-level servers
The Iburst parameter specifies that when the initial synchronization request is made , 8 messages are sent in a burst connection, with an interval of 2s
The broadcast parameter specifies that the operating mode is broadcast, the broadcast message is sent periodically, and the encryption is used in the message
Broadcastclient that makes the local server a client of other NTP servers that work in broadcast mode
Broadcast uses multicast to send messages and uses encryption
Multicastclient making the local server a client of other NTP servers working in multicast mode
Manycastserver This option is the feature used in NTPV4, which attempts to roam to another subnet using a multicast client and contact the server specified by this option
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/C7/wKioL1S8mLCyE-f4AAGbvTERrGs533.jpg "style=" float: none; "title=" 11.png "alt=" Wkiol1s8mlcye-f4aagbvterrgs533.jpg "/>
Keys Specifies the location of the file where the key is protected. The file contains a key with a symmetric encryption algorithm, with each key corresponding to a number
Trustedkey to specify a trusted key
Requestkey Specifies the key used to communicate with the NTPDC tool
Controlkey Specifies the key used to communicate with the NTPQ tool
NTP Server Test
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/CA/wKiom1S8l97iKWP8AAEVu0Pxjus974.jpg "style=" float: none; "title=" 12.png "alt=" Wkiom1s8l97ikwp8aaevu0pxjus974.jpg "/>
The above display indicates that the local the NTP server is synchronized with the upper server
local server Layer 3, local clock correction deviation less than 223ms, every 256s to query the time of the upper server
writes the time to the CMOS Clock,the COMs clock is maintained by the battery, even if the computer shuts down the machine can operate
650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/58/C7/wKioL1S8mLGydDDRAADFF7EXwwk294.jpg "style=" float: none; "title=" 13.png "alt=" Wkiol1s8mlgydddraadff7exwwk294.jpg "/>
This article is from the "were Willing" blog, make sure to keep this source http://changbo.blog.51cto.com/1316452/1605660
Linux NTP configuration