Network Time Protocol (NTP) is used to synchronize the system time of different hosts on the network. All hosts you manage can synchronize their time with a specified time server called an NTP server. On the other hand, an NTP server synchronizes its time with any public NTP server, or the server you select. All system clocks managed by NTP will be synchronized to the millisecond level.
In a corporate environment, if they do not want to open firewalls for NTP transmissions, it is necessary to set up an internal NTP server and then have employees use internal servers instead of public NTP servers. In this guide, we will describe how to configure a CentOS system as an NTP server. Before we introduce the details, let's take a brief look at the concept of NTP.
Why do we need NTP?
Because of the variety of manufacturing processes, all (non-atomic) clocks do not walk at exactly the same speed. Some clocks go faster and some go slower. So after a long time, a clock time slowly and other offset, which is often said "clock drift" or "time drift." To minimize the impact of clock drift, hosts using NTP should interact periodically with the specified NTP server to keep their clocks synchronized.
Time synchronization between different hosts is important for scheduling backups, intrusion detection records, distributed task scheduling, or transactional order management. It should even be part of a day-to-day task.
The hierarchical structure of NTP
The NTP clock is organized in a hierarchical model. Each layer in the hierarchy is called a stratum (class). Stratum's concept illustrates how many NTP jumps a machine can have to an authorized time source.
Stratum 0 consists of clocks that have no time drift, such as atomic clocks. This clock cannot be used directly on the network. Stratum n (n > 1) Tier Servers synchronize time from stratum N-1 tier servers. Stratum N clocks can interconnect with each other through the network.
NTP supports up to 15 levels of stratum. Stratum 16 is considered to be unsynchronized and cannot be used.
Prepare CentOS Server
Now let's start by setting up an NTP server on the CentOS.
First, we need to ensure that the server's time zone is set correctly. In CentOS 7, we can use the TIMEDATECTL command to view and change the server's time zone (for example, "Australia/adelaide", LCTT: China can be set to Asia/shanghai)
The code is as follows:
# Timedatectl List-timezones | grep Australia
# Timedatectl Set-timezone Australia/adelaide
# Timedatectl
Continue and use Yum to install the required software
The code is as follows:
# yum Install NTP
Then we will add the global NTP server for synchronization time.
The code is as follows:
# vim/etc/ntp.conf
Server 0.oceania.pool.ntp.org
Server 1.oceania.pool.ntp.org
Server 2.oceania.pool.ntp.org
Server 3.oceania.pool.ntp.org
By default, the log for the NTP server is saved in/var/log/messages. If you want to use a custom log file, you can also specify it.
Copy Code
The code is as follows:
Logfile/var/log/ntpd.log
If you choose to customize the log file, make sure that it changes its owner and SELinux environment.
Copy Code
The code is as follows:
# chown Ntp:ntp/var/log/ntpd.log
# chcon-t Ntpd_log_t/var/log/ntpd.log
Now initialize the NTP service and make sure to add it to the boot boot.
The code is as follows:
# Systemctl Restart NTP
# Systemctl Enable NTP
Verifying the NTP Server clock
We can use the NTPQ command to check how the local server clock synchronizes through NTP.
The following table explains the output columns.
Remote sources are defined in ntp.conf. ' * ' means the current use, is also the best source; + ' indicates that these sources can be used as NTP sources; ' -' The source of the token is not available.
refID the IP address of the remote server used to synchronize with the local clock.
St Stratum (Class)
T type. ' U ' means unicast (unicast). Other values include local, multicast (multicast), broadcast (broadcast).
When the elapsed time (in seconds) since the last interaction with the server.
The polling interval for the poll and the server, measured in seconds.
Reach indicates whether there are any errors in the octal number of the server interaction. A value of 337 indicates 100% success (that is, decimal 255).
Delay the time between the server and the remote server.
Offset the time difference between our server and the remote server, in milliseconds.
Jitter The average time difference between two samples, in milliseconds.
Controlling access to an NTP server
By default, the NTP server allows queries from all hosts. If you want to filter in the NTP sync connection, you can add the rule filter traffic to your firewall.
# iptables-a input-s 192.168.1.0/24-p UDP--dport 123-j ACCEPT
# iptables-a input-p UDP--dport 123-j DROP
This rule allows NTP traffic from 192.168.1.0/24 (port udp/123), and any other network traffic is discarded. You can change the rules according to your needs.
Configuring the NTP Client
1. Linux
The NTP client host requires the Ntpupdate software package and server synchronization time. You can easily install this package using Yum or Apt-get. After installing the package, run the following command with the server's IP address.
The code is as follows:
# ntpdate
System commands based on RHEL and Debian are the same.
2. Windows
If you are using Windows, look for network time (Internet times) under Date and time settings.
3. Cisco Equipment
If you want to sync the Cisco device's time, you can use the following command in global configuration mode.
The code is as follows:
# NTP server
The NTP-enabled device from other manufacturers has its own parameters for network time. If you want to sync the device with the NTP server, check the device's documentation.
Conclusion
In short, NTP is a protocol that synchronizes clocks on all your hosts. We have described how to set up an NTP server and synchronize time with devices and servers that support NTP.
I hope I can be of some help to you.