What do you think is the best way for Network hosts to update its clock automatically?
The answer to that is to use an NTP server, in this article lets find out what is NTP and its stratum values, and we would also configure Cisco and Comware routers as the NTP public and private servers.
How To Setup NTP Server In Linux? (Centos, Rhel, Ubuntu)
Why is NTP important?
An NTP known as Network Time protocol, helps the network hosts to configure its clock automatically on the network. In other words, it helps the hosts to synchronize its time on the network without the administrator or users have to set them manually.
Network Time Protocol can help devices on the network to get the most up to date time and set it’s clock accordingly. And when you have an NTP server pointed on a host, it will have accurate time from the NTP server. You can point or add multiple NTP server on a network hosts for Redundancy if the primary NTP server doesn’t respond, the host can talk to secondary, or Territory.
What is NTP port?
If you are wondering, Is NTP a TCP or UDP protocol and what is the port number it uses?
The NTP is a UDP protocol and just like any other network protocol, the NTP uses port number 123 to communicate. So while configuring the NTP, you need to make sure that the NTP port number is allowed on the firewall in order for the client to get the time synced with the NTP server.
What is a public NTP server?
The NTP servers that are available on the internet to which we can point our network devices to talk and get its time synced, and it is available for free.
Below are the some of the sample NTP servers that you can use in your network.
Your local NTP server can connect to many of the Public NTP servers out there, all those servers receive time from other public NTP servers based on a value called a stratum, which will talk about next.
But in order to talk to the Public NTP servers from a private network, you will have to have internet access and Port number 123 should be allowed on the firewall.
All those NTP public servers are available on Location-specific, You can find specific NTP servers based on locations here.
It’s better to point network hosts towards its nearest geographical NTP server area. For example, it doesn’t make any sense for an organization in the US to connect the NTP servers in Asia as the network latency will more.
Google has its own public NTP servers that google cloud computing platforms can use, it’s even available for the public. so you can use the same on your network as well, I have been using that for a long time now and it worked really well.
There are many other companies too that provide these Public NTP services in this lab will focus on google public servers.
What is NTP Stratum?
NTP stratum is a hierarchical order on how NTP servers are connected.
Let’s start with stratum Zero which is the top-level server in NTP also known as the NTP reference clock.
These reference clocks get the time directly from the Atomic clock or GPS, and the time of this server will be very precise.
Stratum is basically a distance of an NTP server to its reference clock.
But most of the network devices that you use, cannot use the Value Zero as the stratum, as that much of precision of time not required for a Normal Organization unless you require very accurate time in your organization.
See the diagram below, This is how the NTP stratum looks like and the servers in each stratum will have primary and secondary NTP servers configured in each stratum above.
Just below zero would be stratum 1 and below stratum 2 and so on.
The lower the stratum value you can start using it from 1. Usually, you would get to see organization using either stratum 2 or 3 and not so reliable one as stratum 15. The stratum value 16 means it’s out of sync or not reachable.
Though stratum 15 is less reliable NTP value doesn’t really mean lower the value will be more reliable. You may happen to see in some organizations stratum 3 is more reliable than stratum2. It all depends on the network reachability and performance.
Why NTP server is required?
Instead of having an NTP Server cant we just configure them manually?
Yes, we can but it’s not a recommended method since you will have inaccurate time on all the machines.
Imagine you have 100 network hosts newly deployed and you decided to set the time on all of them manually. First of all, it takes a lot of time and effort.
Second, when you do this you cannot guarantee the time will be accurate on all the machines. Some will have seconds or minutes ahead or behind. Which causes issues on time synchronization.
This would again lead to unable to access some of the services on the network. And would be difficult to look into the system logs based on the system clock.
The best way to avoid this issue is by simply point the hosts to the NTP server. It can be a public NTP server or locally on a private network. As I said earlier, to use a public NTP server you will have to have internet access, and the UDP port 123 allowed on the Firewall to the internet.
Once your network devices connected to the NTP server, all the NTP clients will have the same time synchronized with the NTP server. Once set, the NTP server would take care of all the headache of setting the time.
How do I configure my router as an NTP server?
You can configure your router to talk to the public internet and configure as public NTP server or you can configure it as private NTP server.
The private NTP server is useful when you wanted to configure NTP offline or in the LAB where you don’t have internet access.
Let’s look at both of them now.
Configuring cisco as private NTP server
As you can see in the configuration below, I am not asking the router to talk to any other server and I configured myself to be the NTP master with the stratum of 2.
configure terminal ntp master 2 copy running-config startup-config end
When any of the NTP client try to talk to this router, its stratum will become 3.
Cisco with google public NTP server
In this method, My cisco router can talk to the internet, so I am pointing the cisco router to talk to the internet to get the IP synced, and here I am using google as the public NTP server.
no ntp server ntp server time1.google.com ntp server time2.google.com ntp server time3.google.com ntp server time4.google.com copy running-config startup-config
Configure Hpe Comware Switch as Private NTP server
Here I have configured my HPE comware switch to become the private NTP server
First I will set the date and time manually with the below command.
clock datetime 00:00:00 01/01/2020
And then I configure it to become the private NTP server.
sys ntp-service enable ntp-service refclock-master 127.127.1.1 1 ntp-service source Vlan-interface 10 save force
Point comware router to point to google public NTP servers.
ntp-service refclock-master 127.127.1.1 15 ntp-service unicast-server time.google.com priority ntp-service unicast-server time3.google.com
Windows as NTP client
To test the connectivity you can point any of the windows machine to the NTP server and that windows machine would become an NTP client.
We have configured our router to be an NTP server right, lets point one of the windows box connected to the router to act as a NTP client.
- Goto Control Panel–> date and time settings–>and click on internet time –> add the NTP server IP there.
Note: if your windows machine is part of a domain then you will not be able to see this option. Those machines part of a domain would get the NTP update from the domain controller.
In that case, you can configure the domain controller to use these public pools to sync with the NTP.