Computer Network Time Synchronization

Ben Rothke writes "For most people, having their clocks accurate to within a few millionths of a second is excessive. Yet there are plenty of reasons to ensure that clocks on networks and production systems are that accurate. In fact, the need for synchronized time is a practical business and technology decision that is an integral part of an effective network and security architecture. The reality is that an organizations network and security infrastructure is highly dependent on accurate, synchronized time." Read the rest of Ben's review.

Computer Network Time Synchronization
author	David L. Mills
pages	304
publisher	CRC
rating	10
reviewer	Ben Rothke
ISBN	0849358051
summary	Definitive reference on how to deploy and use NTP

From a practical perspective, nearly every activity requires synchronized time to operate at peak levels, from plane departures and sporting events, to industrial processes, IP telephony, GPS and much more. Within information technology, technologies from directory services, collaboration, to authentication, SIM and VoIP all require accurate and synchronized time to work effectively.

Computer Network Time Synchronization: The Network Time Protocol is a valuable book for those that are serious about network time synchronization. David Mills, the author of the book, is one of the pillars of the network time synchronization community, and an original developer of the IETF-based network time protocol (NTP). The book is the summation of his decades of experience and a detailed look at how to use NTP to achieve highly accurate time on your network.

While network time synchronization is indeed crucial to corporate networks, this is only the second book on the topic. Last year saw Expert Network Time Protocol: An Experience in Time with NTP, which is a most capable title. But this book is clearly the indisputable reference on the subject, given its extraordinary depth and breadth. While Expert Network Time Protocol gets into the metaphysics of time, Mills's book takes a much more rationalist and pragmatic approach, which explains the myriad mathematical equations.

Mills is an electrical engineer by training and a significant part of the books 15 chapters involve advanced mathematics. But even for those who can't manage such equations, there is enough relevant material to make the book most rewarding.

Chapters 1 and 2 provide an excellent overview of the basics of network timekeeping and an overview of how NTP works. We often take for granted that network computers have the capabilities to set their internal clock. But while the capabilities are there, the reality is that these clocks are rarely accurate and subjected to many externalities that affect their ability to provide accurate time. The book shows how highly accurate time is easily achievable; often without the need for additional hardware. The goal of book is to show the reader how they can use NTP to synchronize the time on their network hosts to within a few milliseconds.

Chapters 3 - 11 detail the internals of NTP and time synchronization. Topics such as clock discipline algorithms, clock drivers and more are detailed. For many readers, the information may be overkill, but remember that this is not a For Dummies book.

Chapters 13 - 15 ease up on the abstract mathematics and are much more readable to newbie to the world of time synchronization. Chapter 13 is quite readable and details the metrology and chronometry of how NTP measures time as opposed to other time scales.

One of the key differences is the notion of absolute vs. relative time. Relative or astronomic time is based on the earth's rotation. Since the earth's rotation is not absolute, leap seconds are added to keep UTC (Universal Coordinated Time) synchronized with the astronomical timescale.

So what exactly is this legendary thing called the second? In 1967, the 13th General Conference on Weights and Measures defined the International System unit of time, the second, in terms of atomic time rather than the motion of the Earth. Specifically, a second was defined as the duration of 9,192,631,770 cycles of microwave light absorbed or emitted by the hyperfine transition of cesium-133 atoms in their ground state undisturbed by external fields.

Since the 17th century, time has for the most part been measured astronomically via the solar day. But in the 1940s, it was established that the earth's rotation is not constant, as the earth is spinning slower than it did years ago.

Part of what NTP provides is coordination to UTC. UTC provides operating systems and applications with a common index to synchronize events and prove that events happened when timestamps state they did. UTC is a 24-hour clock system and that any given moment, UTC is the same no matter where you are located.

For the purist, UTC really stands for Coordinated Universal Time, but both terms are used. Mills somewhat humorously notes that we follow the politically correct convention of expressing international terms in English, and their abbreviations in French.

Chapter 15 concludes the book with a fascinating look at the technical history of NTP. As of mid-2006, NTP has been in use for over 25 years and remains one of the longest, if not longest running, continuously operating application protocols in use on the Internet. Currently in version 4.2.1, NTP is a well-developed, stable protocol.

For those that are simply interested in how time synchronization works, or are responsible for time synchronization in their organization, Computer Network Time Synchronization: The Network Time Protocol is the most comprehensive guide available to using NTP.

For those that need an exhaustive tome on all of the minutiae related to NTP and synchronization, this is the source. Short of a vendor and product analysis, the book covers every detail within NTP and is the definitive title on the subject.

Two new books on the subject in a year demonstrate the importance of time synchronization. While this is not likely indicative of a flood of new books on time synchronization, this book should be considered the last word on the topic."

---

You can purchase Computer Network Time Synchronization from bn.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

I've always wondered...

[SenorAmor]

It's been proven that the Earth is rotating slower than it used to be, and the definition of a second was changed so that the length of a second remains constant. The day, however, remains the same as it always has been: one full rotation of the Earth. Eventually there will be conflict between the two. If the rotation of the Earth continues to slow, there will be more seconds (and, in turn, more minutes, and then more hours) in a given day. To that end, I've always wondered what would be more disruptive to the human populace: longer days or longer seconds?

Re:NTP gurus wanted... ?

[Just Some Guy]

Seriously... about how many people out there actually need to know NTP to this degree?

Oh, about 10. But how many weird things do you know that not many others would value?

Some people are really, really into keeping time. It's a hobby for them. This book is for that sort of person. Besides, although my company didn't need to hire a person to do nothing but NTP, they certainly needed at least one person on staff with that skillset (hint: Active Directory, Kerberos, "clockskew") to keep everything else working. How fortunate for me that my boss needs the skills that I picked up out of personal curiosity!

About the author

[Raul654]

Mills is a prof in my department and was my advisor back when I was an undergrad. He is a very smart guy (A bit of trivia about him - he was asked to consult for the Chinese government on the Great Firewall and turned down the offer for ethical reasons). He also prides himself on the fact that NTP has never had a serious (any?) security issue despite being around damn-near forever. One very neat observation he described during a seminar on NTP was that high CPU load increases CPU heat, and CPU heat increases clock drift. Thus, NTP can, in effect, be used to measure CPU loads remotely. Another thing is, assuming CPU load is constant, it can be used as a thermometer, and in practice he has used it to detect fan failures.

Duh

[0racle]

a second was defined as the duration of 9,192,631,770 cycles of microwave light absorbed or emitted by the hyperfine transition of cesium-133 atoms in their ground state undisturbed by external fields.

Well of course, I mean, what took them so long? Seriously though it's things like this that make me ask, what on earth lead them to define it like that? Its not 9 million cycles, not 9.5 million, not an obvious number of cycles at all. How did 9,192,631,770 cycles become it, not 9,192,631,771, thats too long, not 9,192,631,769 thats too short. Only 9,192,631,770 was good enough.

Re:NTP gurus wanted... ?

[Raul654]

Mills told me he was rather popular back around the year 2000 ;) {to the point of being called to the White House for a series of meeting about Y2K complaince)

More interestingly, Mills said that he fears a potential DOS against the entire internet would be to use an NTP hack to advance the clocks on all the caches, thus expiring their contents and causing the root servers to be flooded. This would effectively bring down DNS until the caches could be fixed.

Accurate time useful in computer security

[SecureTheNet]

Accurate time is very useful in computer security work. For one, it's needed to accurately correlate log file entries from one computer to another in case of a breach, to identify means of access and creating an accurate picture of what happened and when.

Of Phones and Networks

[nbannerman]

I run the network and phone system in a college, and whilst I appreciate NTP is great, it does have drawbacks.

The biggest problem is keeping computer systems synched to 'real life' systems, such as analogue clocks and college bells. These systems have a mind of their own, and are seemingly set to random times.

A prime example; my computer at work synchs from the web, as do the servers, which in turn means all the Cisco VoIP phones are synched as well. The bells however, are never quite spot on, nor are the many analogue clocks in offices and classrooms.

Does anyone have a method of keeping everything in synch, because centralised and synchronised systems fall apart when dealing with 'real life' systems that are out of my hands.

NTP is great, except if you need it in Windows

[Circuit Breaker]

For various reasons, I'm trying to synchronize a clock to millisecond accuracy among ~50 Microsoft Windows stations, and it's nearly impossible -- No NTP client for Windows (including AboutTime, 2000's internal client, XP's internal client, and a port of the standard NTP client) appears to be able to keep time reasonably synchronized.

Part of the problem is the Windows Kernel counting time in 10ms or 15ms (depending on whether or not you use an SMP kernel), which automatically says you can't get more than ~30ms precision. But it seems so much worse, with every machine drifting up to ~1 second daily unless they are syncrhonized very frequently -- I get somewhat reasonable results synchronizing them every minute.

On Linux and FreeBSD, this is so trivial it's not even funny; My linux machines manage to keep synchronization to ~0.5 ms over months. Please wake me up when Windows is ready for the enterprise. And, yes, the "enterprise" I work in does need millisecond precision time-of-day synchronization among machine, as does any place that seriously tries to correlate network events (especially those related to security) collected at different points in the network.

Re:NTP is great, except if you need it in Windows

[ldspartan]

If its synchronizing on a schedule ("synchronizing them every minute"), you don't have an NTP client, you have an SNTP client. Real NTP doesn't have a concept of a synchronization interval, the clock is either synchronized or it isn't.

I think.

This [meinberg.de] appears to be a port of real-deal NTP code to windows. I've never used it, just found it in a few minutes of googling, but its worth a shot.

--
Phil

I am into accurate time.

[JavaManJim]

For my computer I am testing an old Heath Most Accurate Clock II* with its RS232 attachment that goes to the serial port on my HP Pavilion. The only problem is the brick sized power transformer gets very hot because its supplying two amp heavy circuits. Use ThinkGeek's KillAWatt to measure power consumption. AWK the transformer is hungry. I guess for real use eventually I will peek at time once a day or so.

*Heath Most Accurate Clock II, synchronizes with WWV at 10 meters.

I think that the network, with all its erratic latency, is not really the best source to use as a timing transport.

Some people have occasionally picked up old cesium clocks from ebay to set the PC's time. Most are from labs and after purchase, probably gather dust in the garage.
http://tycho.usno.navy.mil/cesium.html [navy.mil]

For my wrist, myself and lots of us geeks, use a Casio G-Shock (GW-700a) that updates its time from WWV three times a night. Its more accurate than the clocks at our local public DART train station. They are always four seconds slow.

I also have a great little Nixie clock kit that gets its info, not from WWV via radio, but from satellite GPS time. Its the dinky one at the bottom of the page. Looks fantastic though.
http://www.amug.org/~jthomas/clockpage.html [amug.org]

 

Re:NTP gurus wanted... ?

[QuietLagoon]

Seriously... about how many people out there actually need to know NTP to this degree?

A small percentage of computers need to be controlled to the accuracy of NTP's capability, and to the level of knowledge represented in this august book.

For the rest of us there's OpenNTP [openntpd.org] which is a much simplified and more secure version of NTP. If you're happy with a clock that is accurate to two- or three-hundred milliseocnds, check it out.

Re:I am into accurate time.

[Koutarou]

WWV and other similar radio clocks (I use JJY in japan) are only 1 second resolution, which makes those sort of clocks not really suitable for seriously mission critical timing needs, even though they technically qualify as stratum 1.

At home I use a little JJY-clock built from a kit that cost me about US$40 and connects via RS-232 and is supported in the reference ntp implementation. Has a PIC, some RS-232 glue and not much more other than the antenna and VCO.

I need femtosecond accuracy ...

[Anonymous Coward]

I have an application at a research lab where we have 100 networked computer/RF systems distributed over a distance of approximately 1 kilometer. We need to maintain the system clocks such that the time drift between any of the clocks is maintained at less than 250 fs. We do this (or attempt to) with a distributed RF system but if anyone knows how to do this over the computer network it would be quite interesting.

Do they have Mills' leap second stuff in there?

[Animats]

Dave Mills used to like to observe what happens after a leap second. Among other things, every generator on the power grid has to make sixty extra turns, which takes about four hours. Some computer clocks used to count the power line (this seems to be rare today) and you could watch, via NTP, the stress in the clock network as the power line clocks disagreed with the WWV clocks, and slowly came into synchronism.

Actually, synchronization is less important than it used to be, because more stuff is buffered. All three US television networks used to be locked together in frame sync to a master clock in New York, so that video sources could be switched without all the TV receivers rolling for a few frames. Now everything goes through frame buffers, so that's not an issue.

Similarly, US telephony used to be locked to a master clock in New Jersey, so that all the T1 lines ran in sync and bit for bit transfer worked. That's not as important as it used to be, with so many different transmission media, some synchronous and some packetized.

Re:About the author

[Jacer]

One would assume with the nick GeekGirlSarah, that your name is Sarah....

Re:NTP gurus wanted... ?

[macdaddy]

Oh, I see. So what you're saying is that you'd forego actually knowing how to properly design a NTP system in lieu of simply bombarding stratum 2 and 3 servers with queries directly from your individual desktops. I see. That makes sense.

Yes folks, there is a right and a wrong way to set up NTP. Having each of your individual clients poll stratum 2 or 3 (or Allah forbid a stratum 1 server) directly is like configuring each of your clients to poll the the Internet's DNS Root Servers [root-servers.org] directly. After all very few of the queries sent to the root servers are unnecessary [circleid.com] or frivolous [slashdot.org]. A proper NTP design is essential for any entreprise-class network. I include in this ISPs. ISPs should provide their customers with a locally-available NTP service. It's extremely easy to do. Then they should block outbound NTP queries from their dynamically-assigned customers (allowing the statics out, like you normally would for exceptions to ACLs like when you block SMTP out (you do block outbound SMTP, don't you?)). I've long-since believed that NTP will someday become a point of attack. It's not that I find a fault in the program or protocol but the very fact that it's a protocol used to enhance security and improve auditing and certainly isn't out of the minds of hackers. NTP would be fairly easy to DoS if proper ACLs aren't in place.

The point of all this is that NTP is very easy to set up correctly and is even easier to set up wrong. I wish everyone would spend the extra 0.001% of effort to do it right.