What do you think is the best way for Network hosts to update its clock automatically?
The answer to that is to use an NTP server, in this article lets find out what is NTP and its stratum values, and we would also configure Cisco and Comware routers as the NTP public and private servers.
What is NTP Server?
An NTP server ( Network Time protocol server ) helps the network hosts to configure its clock automatically on the network. In other words, it helps the hosts to synchronize its time on the network without the administrator or users have to set them manually.
Network Time Protocol can help devices on the network to get the most up to date time and set it’s clock accordingly. And when you have an NTP server pointed on a host, it will have accurate time from the NTP server. You can point or add multiple NTP server on a network hosts for Redundancy if the primary NTP server doesn’t respond, the host can talk to secondary, or Territory.
NTP Public server
Your local NTP server can connect to many of the Public NTP servers out there, all those servers receive time from other public NTP servers based on a value called stratum, which will talk about next. But in order to talk to the Public NTP servers from a private network, you will have to have internet access and Port number 123 should be allowed on the firewall.
All those NTP public servers are available on Location-specific, You can find specific NTP servers based on locations here.
It’s better to point network hosts towards its nearest geographical NTP server area. For example, it doesn’t make any sense for an organization in the US to connect the NTP servers in Asia as the network latency will more.
Google has its own public NTP servers that google cloud computing platforms can use, it’s even available for the public. so you can use the same on your network as well, I have been using that for a long time now and it worked really well.
There are many other companies too that provide these Public NTP services in this lab will focus on google public servers.
NTP stratum is a hierarchical order on how NTP servers are connected.
Let’s start with stratum Zero which is the top-level server in NTP also known as the NTP reference clock.
These reference clocks get the time directly from the Atomic clock or GPS, and the time of this server will be very precise.
Stratum is basically a distance of an NTP server to its reference clock.
But most of the network devices that you use, cannot use the Value Zero as the stratum, as that much of precision of time not required for a Normal Organization unless you require very accurate time in your organization.
See the diagram below, This is how the NTP stratum looks like and the servers in each stratum will have primary and secondary NTP servers configured in each stratum above.
Just below zero would be stratum 1 and below stratum 2 and so on.
The lower the stratum value you can start using it from 1. Usually, you would get to see organization using either stratum 2 or 3 and not so reliable one as stratum 15. The stratum value 16 means it’s out of sync or not reachable.
Though stratum 15 is less reliable NTP value doesn’t really mean lower the value will be more reliable. You may happen to see in some organizations stratum 3 is more reliable than stratum2. It all depends on the network reachability and performance.
Why NTP server is required?
Instead of having an NTP Server cant we just configure them manually?
Yes, we can but it’s not a recommended method since you will have inaccurate time on all the machines.
Imagine you have 100 network hosts newly deployed and you decided to set the time on all of them manually. First of all, it takes a lot of time and effort.
Second, when you do this you cannot guarantee the time will be accurate on all the machines. Some will have seconds or minutes ahead or behind. Which causes issues on time synchronization.
This would again lead to unable to access some of the services on the network. And would be difficult to look into the system logs based on the system clock.
The best way to avoid this issue is by simply point the hosts to the NTP server. It can be a public NTP server or locally on a private network. As I said earlier, to use a public NTP server you will have to have internet access and the UDP port 123 allowed on the Firewall to the internet.
Once your network devices connected to the NTP server, all the NTP clients will have the same time synchronized with the NTP server. Once set, the NTP server would take care of all the headache of setting the time.
How to Configure NTP server on Cisco and Comware routers
You must know that why do we use public NTP server, but might be wondering what is the use of Private NTP server which doesn’t talk to the internet.
The private NTP server is useful when you wanted to configure NTP offline or in the LAB where you don’t have internet access.
Let’s look at both of them now.
Configuring cisco as private NTP server
configure terminal ntp master 2 copy running-config startup-config end
Cisco with google public NTP server
no ntp server ntp server time1.google.com ntp server time2.google.com ntp server time3.google.com ntp server time4.google.com copy running-config startup-config
Configure Hpe Comware Switch as Private NTP server
sys ntp-service enable ntp-service refclock-master 127.127.1.1 1 ntp-service source Vlan-interface 10 save force
Windows as NTP client
To point the Windows machine to use this centos/Redhat Linux box as an NTP server, you could goto.
Control Panel–> date and time settings–>and click on internet time –> add the NTP server IP there.
Note: if your windows machine is part of a domain then you will not be able to see this option. Those machines part of a domain would get the NTP update from the domain controller.
In that case, you can configure the domain controller to use these public pools to sync with the NTP.