Computer Network Time Synchronization

Ben Rothke writes "For most people, having their clocks accurate to within a few millionths of a second is excessive. Yet there are plenty of reasons to ensure that clocks on networks and production systems are that accurate. In fact, the need for synchronized time is a practical business and technology decision that is an integral part of an effective network and security architecture. The reality is that an organizations network and security infrastructure is highly dependent on accurate, synchronized time." Read the rest of Ben's review.

Computer Network Time Synchronization
author	David L. Mills
pages	304
publisher	CRC
rating	10
reviewer	Ben Rothke
ISBN	0849358051
summary	Definitive reference on how to deploy and use NTP

From a practical perspective, nearly every activity requires synchronized time to operate at peak levels, from plane departures and sporting events, to industrial processes, IP telephony, GPS and much more. Within information technology, technologies from directory services, collaboration, to authentication, SIM and VoIP all require accurate and synchronized time to work effectively.

Computer Network Time Synchronization: The Network Time Protocol is a valuable book for those that are serious about network time synchronization. David Mills, the author of the book, is one of the pillars of the network time synchronization community, and an original developer of the IETF-based network time protocol (NTP). The book is the summation of his decades of experience and a detailed look at how to use NTP to achieve highly accurate time on your network.

While network time synchronization is indeed crucial to corporate networks, this is only the second book on the topic. Last year saw Expert Network Time Protocol: An Experience in Time with NTP, which is a most capable title. But this book is clearly the indisputable reference on the subject, given its extraordinary depth and breadth. While Expert Network Time Protocol gets into the metaphysics of time, Mills's book takes a much more rationalist and pragmatic approach, which explains the myriad mathematical equations.

Mills is an electrical engineer by training and a significant part of the books 15 chapters involve advanced mathematics. But even for those who can't manage such equations, there is enough relevant material to make the book most rewarding.

Chapters 1 and 2 provide an excellent overview of the basics of network timekeeping and an overview of how NTP works. We often take for granted that network computers have the capabilities to set their internal clock. But while the capabilities are there, the reality is that these clocks are rarely accurate and subjected to many externalities that affect their ability to provide accurate time. The book shows how highly accurate time is easily achievable; often without the need for additional hardware. The goal of book is to show the reader how they can use NTP to synchronize the time on their network hosts to within a few milliseconds.

Chapters 3 - 11 detail the internals of NTP and time synchronization. Topics such as clock discipline algorithms, clock drivers and more are detailed. For many readers, the information may be overkill, but remember that this is not a For Dummies book.

Chapters 13 - 15 ease up on the abstract mathematics and are much more readable to newbie to the world of time synchronization. Chapter 13 is quite readable and details the metrology and chronometry of how NTP measures time as opposed to other time scales.

One of the key differences is the notion of absolute vs. relative time. Relative or astronomic time is based on the earth's rotation. Since the earth's rotation is not absolute, leap seconds are added to keep UTC (Universal Coordinated Time) synchronized with the astronomical timescale.

So what exactly is this legendary thing called the second? In 1967, the 13th General Conference on Weights and Measures defined the International System unit of time, the second, in terms of atomic time rather than the motion of the Earth. Specifically, a second was defined as the duration of 9,192,631,770 cycles of microwave light absorbed or emitted by the hyperfine transition of cesium-133 atoms in their ground state undisturbed by external fields.

Since the 17th century, time has for the most part been measured astronomically via the solar day. But in the 1940s, it was established that the earth's rotation is not constant, as the earth is spinning slower than it did years ago.

Part of what NTP provides is coordination to UTC. UTC provides operating systems and applications with a common index to synchronize events and prove that events happened when timestamps state they did. UTC is a 24-hour clock system and that any given moment, UTC is the same no matter where you are located.

For the purist, UTC really stands for Coordinated Universal Time, but both terms are used. Mills somewhat humorously notes that we follow the politically correct convention of expressing international terms in English, and their abbreviations in French.

Chapter 15 concludes the book with a fascinating look at the technical history of NTP. As of mid-2006, NTP has been in use for over 25 years and remains one of the longest, if not longest running, continuously operating application protocols in use on the Internet. Currently in version 4.2.1, NTP is a well-developed, stable protocol.

For those that are simply interested in how time synchronization works, or are responsible for time synchronization in their organization, Computer Network Time Synchronization: The Network Time Protocol is the most comprehensive guide available to using NTP.

For those that need an exhaustive tome on all of the minutiae related to NTP and synchronization, this is the source. Short of a vendor and product analysis, the book covers every detail within NTP and is the definitive title on the subject.

Two new books on the subject in a year demonstrate the importance of time synchronization. While this is not likely indicative of a flood of new books on time synchronization, this book should be considered the last word on the topic."

---

You can purchase Computer Network Time Synchronization from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Finally, an NTP book for the masses

It's about time!

NTP gurus wanted... ?

Seriously... about how many people out there actually need to know NTP to this degree? Anyone have a rough estimate? I can't imagine any one organization would have to dedicate an individual to this sort of thing or would they?

Microsoft's version of NTP

Actually, having set up the NTP servers in our network, I have to say that the Windows version of NTP draws very substantial vacuum. It's not nearly as easy to configure. It can't be queried about what it thinks of the configured time standards, and I'm not exactly sure how they expect you to manage keys.

As long as you don't give a damn about sub-second accuracy (in our SCADA system, we like to stay in sync within 7 milliseconds or less) and as long as you don't care about traceability, then I guess it's better than nothing. However, the NT version of Mills' NTP is free, it is very stable on all versions I've tested it on from NT through 2003 server, and the configuration is exactly the same as most POSIX systems.

Having been there and tried it, I have to say that Microsoft did a piss poor job with their version of NTP. Get the GNU version. It Just Works Better.

Re:Microsoft's version of NTP

Microsoft did not implement NTP. They first needed it to be simplified to "SNTP", which essentially is what they always did: send a query, receive the result, and put the timestamp in that result in the clock.
A full NTP implementation includes a PLL that locks the clock to the consecutive incoming timestamps. This filters out jitter and ensures that the system knows about the inaccuracy of the clock oscillator. It uses this information during the intervals between incoming timestamps.

So, an NTP-controlled system smoothly advances time staying as close to real time as possible, while a Microsoft system has a sawtooth pattern and may even step the clock backward when a query happens to be delayed in the network.
Don't use SNTP outside of a LAN.

Re:NTP gurus wanted... ?

Seriously... about how many people out there actually need to know NTP to this degree?

Oh, about 10. But how many weird things do you know that not many others would value?

Some people are really, really into keeping time. It's a hobby for them. This book is for that sort of person. Besides, although my company didn't need to hire a person to do nothing but NTP, they certainly needed at least one person on staff with that skillset (hint: Active Directory, Kerberos, "clockskew") to keep everything else working. How fortunate for me that my boss needs the skills that I picked up out of personal curiosity!

Re:NTP gurus wanted... ?

Mills told me he was rather popular back around the year 2000 ;) {to the point of being called to the White House for a series of meeting about Y2K complaince)

More interestingly, Mills said that he fears a potential DOS against the entire internet would be to use an NTP hack to advance the clocks on all the caches, thus expiring their contents and causing the root servers to be flooded. This would effectively bring down DNS until the caches could be fixed.

All you need to know about NTP

1. Operate a stratum 1 ticker.
2. Get D-Link to use you as the non-configurable time source for a line of disposable networking gear.
3. Profit!

Congrats to PHK for finding the elusive middle step!

Re:All you need to know about NTP

> 2. Get D-Link to use you as the non-configurable time source for a line of disposable networking gear.

The man who uses one NTP server always knows what time it is. The man who uses two NTP servers is never sure.

The man who wrote the firmware for D-Link is why nobody's sure anymore.

ieee 1588 is where it is at

NTP is somewhat coarse, IEEE 1588 [nist.gov] gives much tighter timing. IEEE 1588 can be used for industrial automation.

From the intro [nist.gov]:

Measurement and control systems are widely used in traditional test and measurement, industrial automation, communication systems, electrical power systems and many other areas of modern technology. The timing requirements placed on these measurement and control systems are becoming increasingly stringent. Traditionally these measurement and control systems have been implemented in a centralized architecture in which the timing constraints are met by careful attention to programming combined with communication technologies with deterministic latency. In recent years an increasing number of such systems utilize a more distributed architecture and increasingly networking technologies having less stringent timing specifications than the older more specialized technologies. In particular Ethernet communications are becoming more common in measurement and control applications. This has led to alternate means for enforcing the timing requirements in such systems. One such technique is the use of system components that contain real-time clocks, all of which are synchronized to each other within the system. This is very common in the general computing industry. For example essentially all general purpose computers contain a clock. These clocks are used to manage distributed file systems, backup and recovery systems and many other similar activities. These computers typically interact via LANs and the Internet. In this environment the most widely used technique for synchronizing the clocks is the Network Time Protocol, NTP, or the related SNTP.

Measurement and control systems have a number of requirements that must be met by a clock synchronization technology. In particular:

• Timing accuracies are often in the sub-microsecond range,
• These technologies must be available on a range of networking technologies including Ethernet but also other technologies found in industrial automation and similar industries,
• A minimum of administration is highly desirable,
• The technology must be capable of implementation on low cost and low-end devices,
• The required network and computing resources should be minimal.

In contrast to the general computing environment of intranets or the Internet, measurement and control systems typically are more spatially localized.

IEEE 1588 addresses the clock synchronization requirements of measurement and control systems.

Origination of abbreviation UTC

In case anyone's interested, one of the reasons that the abbreviation is UTC is because there are a series of Universal Time time references: UT0, UT1, etc. Despite being officially "Coordinated Universal Time", it's abbreviated as UTC partly to continue the UTx notation.

Re:Origination of abbreviation UTC

Also, so nobody suggests using Coordinated Universal Network Time.

Step #1

Don't synchronize with a time server in Denmark, unless of course you are in Denmark.

I've always wondered...

It's been proven that the Earth is rotating slower than it used to be, and the definition of a second was changed so that the length of a second remains constant. The day, however, remains the same as it always has been: one full rotation of the Earth. Eventually there will be conflict between the two. If the rotation of the Earth continues to slow, there will be more seconds (and, in turn, more minutes, and then more hours) in a given day. To that end, I've always wondered what would be more disruptive to the human populace: longer days or longer seconds?

Re:I've always wondered...

"easy to measure" being one of those relative terms that make normal people roll their eyes when thinking about engineers & scientists :-)

About the author

Mills is a prof in my department and was my advisor back when I was an undergrad. He is a very smart guy (A bit of trivia about him - he was asked to consult for the Chinese government on the Great Firewall and turned down the offer for ethical reasons). He also prides himself on the fact that NTP has never had a serious (any?) security issue despite being around damn-near forever. One very neat observation he described during a seminar on NTP was that high CPU load increases CPU heat, and CPU heat increases clock drift. Thus, NTP can, in effect, be used to measure CPU loads remotely. Another thing is, assuming CPU load is constant, it can be used as a thermometer, and in practice he has used it to detect fan failures.

time joke

These prisoners were hanging out in the cell when the new guy asks, "Anybody know what time it is?", and one of the older inmates says, "Oh, it's about 2006".

Duh

a second was defined as the duration of 9,192,631,770 cycles of microwave light absorbed or emitted by the hyperfine transition of cesium-133 atoms in their ground state undisturbed by external fields.

Well of course, I mean, what took them so long? Seriously though it's things like this that make me ask, what on earth lead them to define it like that? Its not 9 million cycles, not 9.5 million, not an obvious number of cycles at all. How did 9,192,631,770 cycles become it, not 9,192,631,771, thats too long, not 9,192,631,769 thats too short. Only 9,192,631,770 was good enough.

Re:Duh

It's part of the Davinci code.

Re:Duh

Seriously though it's things like this that make me ask, what on earth lead them to define it like that? Its not 9 million cycles, not 9.5 million, not an obvious number of cycles at all.

Most of the SI units have been through several iterations. At each refinement you try to have a more precise value, whilst changing the absolute value as little as possible.

For example, why do we define an international mile to be 0.9144 metres, rather than the original 1000 double paces of a Roman legionary? Well, it's pretty hard to find a properly calibrated legionary these days.

Synchronization is important in the military

Our General raised hell over the fact that our wall clock (which is a set of LED clocks of local time, zulu time, Baghdad and Kabul) in one conference room was two minutes faster than the wall clock in another conference room. I'm not really sure why so much vitrol was spent over a clock discrepency (the clocks aren't used to conduct operations with, just to give rough situational awareness of what time it is in different parts of the world) but that day our systems guys learned the importance of synchronized clocks. Although I think their solution wasn't anything elaborate (like syncing to a central database), just adjusting the slower clock two minutes forward.

Accurate time useful in computer security

Accurate time is very useful in computer security work. For one, it's needed to accurately correlate log file entries from one computer to another in case of a breach, to identify means of access and creating an accurate picture of what happened and when.

Of Phones and Networks

I run the network and phone system in a college, and whilst I appreciate NTP is great, it does have drawbacks.

The biggest problem is keeping computer systems synched to 'real life' systems, such as analogue clocks and college bells. These systems have a mind of their own, and are seemingly set to random times.

A prime example; my computer at work synchs from the web, as do the servers, which in turn means all the Cisco VoIP phones are synched as well. The bells however, are never quite spot on, nor are the many analogue clocks in offices and classrooms.

Does anyone have a method of keeping everything in synch, because centralised and synchronised systems fall apart when dealing with 'real life' systems that are out of my hands.

Clock wisdom

"A man with one clock knows what time it is. A man with two clocks is never quite sure."

screw this!

screw this! bring on metric time!

NTP is great, except if you need it in Windows

For various reasons, I'm trying to synchronize a clock to millisecond accuracy among ~50 Microsoft Windows stations, and it's nearly impossible -- No NTP client for Windows (including AboutTime, 2000's internal client, XP's internal client, and a port of the standard NTP client) appears to be able to keep time reasonably synchronized.

Part of the problem is the Windows Kernel counting time in 10ms or 15ms (depending on whether or not you use an SMP kernel), which automatically says you can't get more than ~30ms precision. But it seems so much worse, with every machine drifting up to ~1 second daily unless they are syncrhonized very frequently -- I get somewhat reasonable results synchronizing them every minute.

On Linux and FreeBSD, this is so trivial it's not even funny; My linux machines manage to keep synchronization to ~0.5 ms over months. Please wake me up when Windows is ready for the enterprise. And, yes, the "enterprise" I work in does need millisecond precision time-of-day synchronization among machine, as does any place that seriously tries to correlate network events (especially those related to security) collected at different points in the network.

GPS card

If you really care about time why not use a GPS card in your PC.

eg http://www.visualgps.net/NMEATime/ [visualgps.net]

Hasn't this already been written?

man ntpd

I am into accurate time.

For my computer I am testing an old Heath Most Accurate Clock II* with its RS232 attachment that goes to the serial port on my HP Pavilion. The only problem is the brick sized power transformer gets very hot because its supplying two amp heavy circuits. Use ThinkGeek's KillAWatt to measure power consumption. AWK the transformer is hungry. I guess for real use eventually I will peek at time once a day or so.

*Heath Most Accurate Clock II, synchronizes with WWV at 10 meters.

I think that the network, with all its erratic latency, is not really the best source to use as a timing transport.

Some people have occasionally picked up old cesium clocks from ebay to set the PC's time. Most are from labs and after purchase, probably gather dust in the garage.
http://tycho.usno.navy.mil/cesium.html [navy.mil]

For my wrist, myself and lots of us geeks, use a Casio G-Shock (GW-700a) that updates its time from WWV three times a night. Its more accurate than the clocks at our local public DART train station. They are always four seconds slow.

I also have a great little Nixie clock kit that gets its info, not from WWV via radio, but from satellite GPS time. Its the dinky one at the bottom of the page. Looks fantastic though.
http://www.amug.org/~jthomas/clockpage.html [amug.org]

 

offtopic

Best dept. reference EVER!

One thing about accuracy...

On production systems it's much more important that the servers are all close to each other, not so much that they are close to NIST time. So, don't care so much that your servers are stratum 2 or 3, set up a couple of sources and then sync the rest of your boxes to them. I'd rather have all my machines be one second off but the same one second off, than have them all be closer to real time with larger differences between them.

Also, one thing about the time on earth changing that I didn't realize before. Damming water is one of the few activities that has changed the rotation speed of the earth, I've been told. Because it collects large masses of water further from the equater.

And if you don't want to buy a GPS, the guy responsible for the NIST time standard at NIST Boulder says that syncing your clock once a day via phone from one of their services is good enough to be considered stratum 1.

One final time note... We used to hold our LUG meetings at NIST. One time during a meeting, their official digital clocks stopped for the better part of a minute, and then ran quickly to catch up.

Sean

In french?

For the purist, UTC really stands for Coordinated Universal Time, but both terms are used. Mills somewhat humorously notes that we follow the politically correct convention of expressing international terms in English, and their abbreviations in French.

Actually not exactly, there's no way you can put it in french so it fits the UTC abbreviation, but as the wikipedia says, it's a compromise between the english CUT and the french TUC, which is quite unusual.

I need femtosecond accuracy ...

I have an application at a research lab where we have 100 networked computer/RF systems distributed over a distance of approximately 1 kilometer. We need to maintain the system clocks such that the time drift between any of the clocks is maintained at less than 250 fs. We do this (or attempt to) with a distributed RF system but if anyone knows how to do this over the computer network it would be quite interesting.

Do they have Mills' leap second stuff in there?

Dave Mills used to like to observe what happens after a leap second. Among other things, every generator on the power grid has to make sixty extra turns, which takes about four hours. Some computer clocks used to count the power line (this seems to be rare today) and you could watch, via NTP, the stress in the clock network as the power line clocks disagreed with the WWV clocks, and slowly came into synchronism.

Actually, synchronization is less important than it used to be, because more stuff is buffered. All three US television networks used to be locked together in frame sync to a master clock in New York, so that video sources could be switched without all the TV receivers rolling for a few frames. Now everything goes through frame buffers, so that's not an issue.

Similarly, US telephony used to be locked to a master clock in New Jersey, so that all the T1 lines ran in sync and bit for bit transfer worked. That's not as important as it used to be, with so many different transmission media, some synchronous and some packetized.

plane departures?

nearly every activity requires synchronized time to operate at peak levels, from plane departures...

It's so important that a computer be millisecond accurate, so they can choose *exactly* the right moment to tell the control tower guy to radio the pilot, and tell him to start moving? Doesn't the human factor /way/ overshadow any errors from computers being even an entire second off?

Les Temps

If UTC is a French term shouldnt the lunchhour does not contain 9,000 seconds?

I just want to know...

Does it explain why some servers, both claiming or seeming to use authoritative time sources, are off by as much as two minutes?

Da Vinci Code Quest

Sounds like something Google and Sony could have used for the Da Vinci code Quest! I'd say there are thousands of people out there all comparing "times" they finished the last puzzle. Really what matters is the time stamp given in Google world, and who knows if they all use the same watch. ;)

Re:I propose a new standard!

What about the Second Modulating Entropic Laser Light Yield issue?

Re:In other words...

Clever, time is money (CENTS).

Re:It's really too bad...

Sheesh, my hard drive recorder was out by an hour for a week. Obviously the BBC (who broadcast freeview) haven't heard of daylight saving time (british summer time) because if I fixed the clock, it would get set back by the broadcast signal. It was also a pain since for some days some tv channels were an hour ahead of others, and recordings were all screwed up.