Linux NTP configuration

For server operations, we need to pay special attention to several issues

1, for the e-commerce platform, the first is the time problem, so we first want the server time of the regular synchronization

NTP Server Build- up

NTP ( Network Time Protocol Time Network protocol)

currently used by NTP almost all of them . NTPv3 by RFC1305 Document Description

second-level accuracy SNTP ( Simple Network Time protocol ) by RFC2030 Description

NTP belongs to the Application layer protocol, using UDP 123 Port

NTP In addition to estimating the round-trip delay time of a packet over a network, it is possible to independently estimate the time skew of a computer to achieve high-precision computer - NTP can provide 1~50ms trusted time source and network work path.

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/58/C7/wKioL1S8mK3AvTxoAABp0mH7AbM450.jpg "style=" float: none; "title=" 1.png "alt=" Wkiol1s8mk3avtxoaabp0mh7abm450.jpg "/>

How NTP works

Describe

T1 client-side time of sending packets, clocks from the clients

T2 the time the server receives the packet, the clock from the server

T3 When the server sends an answer packet, the clock from the server

The time the T4 client receives the packet, the clock from the client side

in the NTP sends packets that can be unicast, multicast, or broadcast, while also supporting access control and MD5 authentication Functions

two types of messages from NTP

1, clock synchronization message

the message is the core content of the NTP protocol

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/58/CA/wKiom1S8l9zC29D1AAKPIxMvJW4425.jpg "style=" float: none; "title=" 2.png "alt=" Wkiom1s8l9zc29d1aakpixmvjw4425.jpg "/>

can be seen from the Wireshark user-friendly hints that this is the client side sent to the server side

Leap indicator Jumping timer with a value of one for clock not synchronizing 3bit

Mode length 3bit indicates the working mode of NTP,

3 Customer Model

4 Server Mode

5 Broadcast or multicast mode

6 This message is an NTP control Message

1, control Messages

This message mainly provides users with some additional functions related to network management, which is not necessary for clock synchronization.

Stratum the number of layers of the system clock, the value range "1~16", which determines the accuracy of the clock. the clock with a number of layers of 1 has the highest accuracy, decreasing indescending order, indicating that theclock is not synchronized and cannot be used as a reference clock

Installation

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/58/CA/wKiom1S8l9zQkQGwAACMpjSaeZc032.jpg "style=" float: none; "title=" 3.png "alt=" Wkiom1s8l9zqkqgwaacmpjsaezc032.jpg "/>

Important Documents

NTP.CONF Server's main configuration file

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/C7/wKioL1S8mK_g_ij9AABTMoNBJz0600.jpg "style=" float: none; "title=" 4.png "alt=" Wkiol1s8mk_g_ij9aabtmonbjz0600.jpg "/>

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/CA/wKiom1S8l9yTSqXBAACBzWyPE6c510.jpg "style=" float: none; "title=" 5.png "alt=" Wkiom1s8l9ytsqxbaacbzwype6c510.jpg "/>

Keys holds the key file

Step-tickers Store the address of the clock source host

NTP server-side configuration

ntp.conf configuration file Detailed

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/C7/wKioL1S8mK-B-a08AACkhsu4FNk261.jpg "style=" float: none; "title=" 6.png "alt=" Wkiol1s8mk-b-a08aackhsu4fnk261.jpg "/>

let's see what Driftfile is for.

each system clock frequency has a small error, causing the machine to run for a period of time is not accurate,NTP will automatically monitor our clock error value and adjust,driftfile is to record the error in the operation of the machine, so that the results will not be lost after restarting. This time offset file records the frequency offset of the local clock and the authoritative clock, which is updated hourly based on the synchronization results

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/58/C7/wKioL1S8mK_xrjzJAADwp57froc471.jpg "style=" float: none; "title=" 7.png "alt=" Wkiol1s8mk_xrjzjaadwp57froc471.jpg "/>

can be obtained from the annotations, allowing the client side to treat the NTP server as a synchronous clock source, but cannot change and query the NTP server configuration

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/58/CA/wKiom1S8l92hf3yAAADySdYbApw360.jpg "style=" float: none; "title=" 8.png "alt=" Wkiom1s8l92hf3yaaadysdybapw360.jpg "/>

The loopback interface allows for all access, which can affect some management functions, which means that access control is done through the loopback interface

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/58/C7/wKioL1S8mLDh32KjAACRrVPpfOU736.jpg "style=" float: none; "title=" 9.png "alt=" Wkiol1s8mldh32kjaacrrvppfou736.jpg "/>

Some restrictions on the computer on the local subnet, the default is not to provide modification and remote login functionality

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M01/58/CA/wKiom1S8l96SJ3jzAAImDtW-o5A272.jpg "style=" float: none; "title=" 10.png "alt=" Wkiom1s8l96sj3jzaaimdtw-o5a272.jpg "/>

the item first specifies 4 upper-level servers

The Iburst parameter specifies that when the initial synchronization request is made , 8 messages are sent in a burst connection, with an interval of 2s

The broadcast parameter specifies that the operating mode is broadcast, the broadcast message is sent periodically, and the encryption is used in the message

Broadcastclient that makes the local server a client of other NTP servers that work in broadcast mode

Broadcast uses multicast to send messages and uses encryption

Multicastclient making the local server a client of other NTP servers working in multicast mode

Manycastserver This option is the feature used in NTPV4, which attempts to roam to another subnet using a multicast client and contact the server specified by this option

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/C7/wKioL1S8mLCyE-f4AAGbvTERrGs533.jpg "style=" float: none; "title=" 11.png "alt=" Wkiol1s8mlcye-f4aagbvterrgs533.jpg "/>

Keys Specifies the location of the file where the key is protected. The file contains a key with a symmetric encryption algorithm, with each key corresponding to a number

Trustedkey to specify a trusted key

Requestkey Specifies the key used to communicate with the NTPDC tool

Controlkey Specifies the key used to communicate with the NTPQ tool

NTP Server Test

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M02/58/CA/wKiom1S8l97iKWP8AAEVu0Pxjus974.jpg "style=" float: none; "title=" 12.png "alt=" Wkiom1s8l97ikwp8aaevu0pxjus974.jpg "/>

The above display indicates that the local the NTP server is synchronized with the upper server

local server Layer 3, local clock correction deviation less than 223ms, every 256s to query the time of the upper server

writes the time to the CMOS Clock,the COMs clock is maintained by the battery, even if the computer shuts down the machine can operate

650) this.width=650; "src=" http://s3.51cto.com/wyfs02/M00/58/C7/wKioL1S8mLGydDDRAADFF7EXwwk294.jpg "style=" float: none; "title=" 13.png "alt=" Wkiol1s8mlgydddraadff7exwwk294.jpg "/>

This article is from the "were Willing" blog, make sure to keep this source http://changbo.blog.51cto.com/1316452/1605660

Linux NTP configuration