NTP

Network Time Protocol( NTP) is a well-known, widely used protocol to synchronize the time of the device over the internet. Using chrony, SoodarOS can be an NTP client supporting Version 3 and Version 4 of the NTP protocol

Setting up NTP

Setting up an NTP client is just as simple as providing one( or more) NTP servers and giving needed options.

ntp server SERVER [OPTIONS]

Specifies an NTP server that can be used as a time source. Available options are:

  • burst:

    With this option, the client will shorten the interval between up to four requests to 2 seconds or less when it cannot get a good measurement from the server.

  • iburst:

    With this option, the interval between the first four requests sent to the server will be 2 seconds or less instead of the interval specified by the minpoll option.

  • key (1-65535):

    The key option specifies which key (with an ID in the range 1 through 65535) should client use to authenticate requests sent to the server and verify its responses. The server must have the same key for this number configured, otherwise no relationship between the computers will be possible.

  • maxpoll (-6-24):

    This option specifies the maximum interval between requests sent to the server as a power of 2 in seconds. For example, maxpoll 9 indicates that the polling interval should stay at or below 9 (512 seconds). The default is 10 (1024 seconds), the minimum is -6 (1/64th of a second), and the maximum is 24 (6 months).

  • minpoll (-6-24):

    This option specifies the minimum interval between requests sent to the server as a power of 2 in seconds. For example, minpoll 5 would mean that the polling interval should not drop below 32 seconds. The default is 6 (64 seconds), the minimum is -6 (1/64th of a second), and the maximum is 24 (6 months). Note that intervals shorter than 6 (64 seconds) should generally not be used with public servers on the Internet, because it might be considered abuse. A sub-second interval will be enabled only when the server is reachable and the round-trip delay is shorter than 10 milliseconds, i.e. the server should be in a local network.

  • prefer:

    Prefer this source over sources without the prefer option.

  • version (3-4):

    This option sets the NTP version of packets sent to the server. The default version is 4.

Example:

soodar(config)# ntp server ir.pool.ntp.org burst iburst version
no ntp server SERVER [OPTIONS]

Remove an existing NTP server from list.

Setting up NTP Authentication

The NTP protocol supports a message authentication code (MAC) to prevent computers from having their system time upset by the rogue packets being sent to them. The MAC is generated as a password function specified in the ntp key-authentication list.

Add a New Key

Each key is made of an id, a hash function and the key value, so users need to provide these three to create a new key.

ntp authentication-key (1-65535) sha1 WORD

Add a new key to the list of authentication keys. Users can choose a key-id in (1-65535) range, SHA1 as its hash function and WORD as the key itself.

Remove a key

To remove a key, knowing key-id is the only necessity.

no ntp authentication-key (1-65535)

Remove a key from the keys database. The key-id should be provided.

Enabling and Disabling NTP Authentication

The NTP authentication mechanism only takes effect after it’s been explicitly enabled. Without it, all connections to servers that are configured to use authentication would switch to simple unauthenticated mode. Vice versa, one can disable all NTP authentications by simply disabling them.

ntp authentication

Enable NTP authentication mode.

no ntp authentication

Disable NTP authentication mode.

Showing NTP status

You can see information about current time sources that the client is accessing by issuing show ntp sources command

show ntp sources [json]

Print current server information.

Example:

../_images/chronyc-sources.png

Also a json output is available:

soodar(config)# do show ntp sources json
{
  "servers":[
    {
      "mode":"^",
      "state":"*",
      "address":"194.225.50.25",
      "stratum":"3",
      "polling_interval":"6",
      "reachability_register":"17",
      "last_rx":"6",
      "adjusted_offset":"0.000333353",
      "measured_offset":"-0.001453500",
      "estimated_error":"0.094937660"
    }
  ]
}

Also, you can see information about the drift rate and offset estimation process for each of the sources currently being examined by the client.

show ntp sources stats

Print offset estimation for sources.

Example:

../_images/chronyc-stats.png

Manual clock

If you have no or restricted internet connection, you can disable NTP and set the date manually.

no ntp

Disable NTP service and remove all its configurations( servers)

Note

NTP service is enabled by default. You should explicitly disable it. To reenable it, just set up NTP and add a server

clock set TIME (1-12) (1-31) (2000-4192)

Set clock. TIME is current time in hh:mm:ss format.