Overview of NTP

Time synchronization on computers and networks is very important. In systems that rely on ordered events occurring at specific times or logging of events, time mismatch can be a real problem. For instance, transactions generated by a computer with a system time slower than another computer may log a transaction as being received before the other computer; even though the transaction was generated after it.

Distributed computer systems rely on coordinated time to guarantee correct sequencing of processes and accurate logging of events. Time is the only reference that can be used to coordinate processes of independent systems.

From the perspective of managing a network, it is very important that time be synchronized between network devices for the following reasons;

  • Encryption key exchange
  • Troubleshooting network devices and correlating events to identify the root cause of an event.
  • Security based events correlation across multiple devices like routers, firewalls, switches network access control systems to mention a few.

A mechanism is therefore required to disseminate accurate time around a network to computers and network devices in order to maintain order.

Network Time Protocol (NTP) is a standard Internet Protocol (IP) for synchronizing the time of computer clocks over a network. The protocol can be used to coordinate the real-time clocks of computers and networked. NTP timestamps are transmitted and received using the User Datagram Protocol (UDP) on port 123

How NTP Works

The most common configuration of NTP is to operate in unicast mode, or client-server. This is where a client transmits a request packet to a server, which responds with a time stamp packet.

NTP is based on the concept of hierarchical communication. At the top of the hierarchy, an authoritative time source, such as a radio clock or an atomic clock from which an NTP server usually receives its time from and then distributes the time across the network. NTP uses a stratum to describe the distance between a network device and an authoritative time source and identifies the accuracy of the time clock source. The higher the stratum, the greater the chances of deviation in time from the authoritative time source and the stratum could continue from 1 to 15, 1 is the most reliable and 15 is the worst (but still valid) NTP source. 

The NTP Stratum Model

The NTP Stratum model is a representation of the hierarchy of time servers in an NTP network, where the Stratum level (0-15) indicates the device’s distance to the reference clock. Stratum 0 means a device is directly connected to e.g., a GPS antenna. Stratum 0 devices cannot distribute time over a network directly, they must be linked to a stratum 1 time server that will distribute time to Stratum 2 servers or clients, and so on. The higher the Stratum number, the more the timing accuracy and stability degrades. The NTP protocol does not allow clients to accept time from a Stratum 15 device, hence Stratum 15 is the lowest NTP Stratum. A group of NTP servers at the same Stratum level (Stratum 2, for example) are considered NTP Peers to each other. NTP Servers at a higher Stratum level, on the other hand, are referred to as NTP Servers.

  • A stratum 1 time server is directly attached to an authoritative time source (like a radio or atomic clock or a GPS time source). 
  • A stratum 2 NTP servers receives their time through NTP from a stratum 1 time server. 
  • A stratum 3 NTP servers receives their time through NTP from a stratum 2 time server.

Notice the servers at the forth layer D are supposed to be at stratum 4 but because they are configured to receives their time through NTP from a stratum 1 time server, they are considered to be stratum 2 clients.

Once a cisco device has queried an NTP server, they can immediately act as a server also; meaning, when all servers B above have queried A, they can immediately act as servers for C. NTP master command with the stratum number is used to statically set the stratum for a device when it acts as an ntp server. Organizations deploy a dedicate NTP (time) server which gets its time from stratum 1 server and later this NTP server is used as centralized source of time in entire network. In the exam, we are not allowed to connect however, NTP allows us to use any valid source of time. We can use router’s internal clock as NTP source for the practice and as well as in exam. Regardless of whichever time source we use, configuration steps are the same.

NTP Server Mode and configuration

In this mode, Router reads time from NTP Source. Unless we manually define the NTP source, router uses its own clock as NTP source. As per requirement, we can configure router’s clock or can use an external clock as NTP source. Once NTP Source is configured, NTP Server router advertises this time in network. In this mode, router only advertises NTP updates. It doesn’t accept any NTP update for other NTP server.

To deploy a router as NTP server, the following steps are required.

  • Adjust router clock
  • Configure Loop back interface
  • Add loopback interface’s network in routing table
  • Configure NTP Server
  • Configure active interfaces to act as NTP Server only

Adjust router clock

To use router’s internal clock as NTP source, we have to match it with current time, so, lets show current clock setting

  • Rt1#show clock
  • *0:16:53.870 UTC Mon Mar 1 1993
  • Rt1#

Output of this command provides information about time, time zone and date. As we can see in above output, all these settings are incorrect and need to be set correctly.

Let’s correct these settings

SET TIMEZONE

  • R1#conf t
  • R1(config)#clock timezone EST 0
  • R1(config)#clock summer-time EST recurring
  • R1(config)#exit
  • R1#

 (NJ is 0, we have from between 0-59 to choose, adjust until you get your exact time for your state. Example: -1 will give me 11am instead of 12 noon which is my time as shown below in the time)

EST [Keyword]: –
This parameter allows us to set a descriptive name for our time zone. Router does not care what name we choose here, it accepts any value and displays that as our time zone. Since router uses this parameter to display the name of time zone, we should always choose the meaningful value here such as keyword which represents our time zone for example EST (US Eastern Standard Time), IST (Indian Standard Time), CST (Central Standard Time), etc.

Clock summer-time EST recurring: –
We should choose the name which reflects “day light saving time” in our time zone such as EDT (Eastern Daylight Time).

recurring [Value]: – Router uses this parameter to take the appropriate action when “day light saving time” occurs. The recurring value tells the router to spring forward an hour and fall back an hour automatically each year.

SET TIME

  • Rt1#clock set 12:11:25 July 5 2020
  • Rt1#
  • (my exact time as at the time of this book is shown below)

Verify

  • Rt1#show clock
  • 12:11:30.240 EST Sun Jul 5 2020  

Configure Loopback interface

Although NTP allows us to use any interface for NTP Server reference, but we should always use loopback interface for this purpose. A physical interface can be down at any time for several reasons, but loopback interface once up, remains up until we manually shut it down. Let’s create a loopback interface in R1

  • Rt1#conf t
  • Rt1(config)#interface loopback 0
  • Rt1(config-if) #ip address 10.10.10.1 255.255.255.0
  • Rt1(config-if) #

Add loopback interface’s network in routing: It is important to add the loopback interface to the routing table otherwise; other devices will not be able to able to connect with it. We have enabled rip protocol in our lab.

  • Rt1(config)#router rip
  • Rt1(config-router) #network 10.10.10.0
  • Rt1(config-router) #exit
  • Rt1(config)#

Configure NTP Server

NTP server configuration has just two commands to deploy a router as NTP Server.

  • Router(config)#ntp master [stratum level]
  • Router(config)#ntp source [Interface / hostname or IP address of NTP Source]

Command stratum level is optional. If we do not specify it, router will use default value and the default stratum level of router’s internal clock is 7. In second command, we must specify the NTP source. We can use any valid NTP source here. To use a public NTP server, type its IP address here, remember, the router must be connected to Internet and UDP port 123 must be allowed in firewall.

To use another NTP server from internal network, type the IP address of that server. To use internal clock of this router, use any configured IP address in any interface of this router. For our lab, we are using R1’s internal clock as NTP source, so, we can use the IP address of loopback interface. The only benefit of using loopback interface’s IP address over physical interface’s IP address is that loopback interface is always on.

NOTE: For some reason, my packet tracer is not showing source option, the configuration below is from my live router 2650xm in my lab. Another advantage of having both live equipment and packet tracer, without the live lab, I would have spent times troubleshooting why source option is not available.

  • R1(config)#ntp master
  • R1(config)#ntp source loopback 0
  • R1(config)#

Configure interfaces to act as NTP Server only

By default, router works in NTP Server/client mode. In NTP Server/client mode, router advertises and listen for NTP broadcast from all active interfaces. If we want to deploy this router as NTP Server only, you will have to configure all active interfaces in a way that they only broadcast the NTP message.

  • R1(config)#interface f0/0
  • R1(config-if) #ntp broadcast
  • R1(config-if) #exit
  • R1(config)#

REPEAT for all other interfaces. Ntp broadcast not working for me in packet tracer again.

NTP Server/Client Mode and Configuration

This is the default mode for the router. In this mode, router receives updates from NTP server and advertises them from its own interfaces. This way router plays both roles. As NTP Client it receives NTP updates and as NTP Server it advertises NTP updates. In this mode, as a NTP Server, instead of using its own NTP Source, router uses received NTP updates from other NTP server to advertise the NTP updates. This feature allows us to use a single centralized NTP source at NTP Server.

By default, routers work in this mode so, no additional configuration is required to deploy a router in this mode; router uses its own clock as NTP source. But if we want to build a hierarchy where this router receives time from other NTP server, we must have to change the NTP source in this router.

  • Router(config)#ntp server [NTP Source IP Address]
  • R2(config)#ntp server 10.10.10.1

This should be done on R2 since it will be picking it updates from R1

NTP Client Mode

In this mode, router only receives NTP updates. It does not advertise received updates. It uses them to sync its own clock.

  • Router(config)#ntp server [NTP Server IP address]
  • Router(config-if) #ntp broadcast client

As explained earlier, first command tells the router to use NTP server time instead of its own local time and second command configures active interface to listen NTP broadcast message only.

Testing and troubleshooting NTP setup

For testing and troubleshooting, NTP offers two show commands, ntp status and ntp associations.

  • R2#ntp status
  • R2#ntp association