Use Beidou satellite to design and develop an NTP clock server
Use Beidou satellite to design and develop an NTP clock server
Abstract: With the rapid development of the network and the increasing number of devices, many network applications and network security have put forward an urgent need for time synchronization. Therefore, NTP-based time synchronization solutions have become a reasonable choice to solve these problems. This article introduces the principle, working mode and architecture of the NTP protocol in the time synchronization technology, and discusses the application of NTP in the campus network based on the actual network structure of the campus network.
Keywords: time synchronization, network time protocol
1. Introduction:
With the popularization of the network, many units have built their own campus networks, using more network equipment and servers. These devices have their own clocks, and they can be adjusted. However, there is no guarantee that the time of all devices and hosts in the network are synchronized, because these clocks will generate errors of several seconds or even minutes every day. After long-term operation, the time difference will become larger and larger. This kind of deviation does not have much impact in a single machine, but may cause unexpected problems in applications in a network environment. For example, in a distributed computing environment, because the time of each host is inconsistent, the recording time of the same operation on different hosts will be inconsistent, and the service will not be performed normally. With the continuous development of various network applications, the requirements for time are getting higher and higher, otherwise it will cause many problems.
2. Overview of time synchronization
The time information (year, month, day, hour, minute, and second) of various devices or hosts in the network environment is limited to a sufficiently small range (such as 100ms) based on UTC (Universal Time Coordinated). This synchronization process It is called time synchronization [1].
Currently, there are two important time synchronization technologies, namely, the Network Time Protocol (NTP) protocol and the direct connection time transmission technology. Among them, the direct connection time transmission technology requires all clients to directly connect to the standard time source. NTP is suitable for network environments and can provide accurate and robust time services in a disorderly network environment. Here we only discuss time synchronization technology and applications based on the NTP principle.
3. NTP working principle and application
3.1. Overview of NTP protocol
NTP was first designed and implemented by a professor at the University of Delaware in the United States, and developed from the time protocol, ICMP timestamp messages, and IP timestamp options [2]. NTP is used to synchronize the time of a computer client or server to another server or reference clock source. It uses UTC as the time standard. It is an application layer protocol based on the connectionless IP protocol and UDP protocol. It uses a hierarchical time distribution model. The accuracy that can be achieved depends on the accuracy of the local clock hardware and the delay to the device and process. strict control. When configuring, NTP can use redundant servers and multiple network paths to obtain high accuracy and high reliability of time. In practical applications, there is a Simple Network Time Protocol (SNTP) that ensures second-level accuracy.
Figure 1 is the NTP information in a UDP packet. Among them, LI is the indication of the insertion or deletion of seconds; VN is the version number of the NTP protocol; Mode, Stratum and Precision represent the working mode, clock level and local clock accuracy respectively. Poll is the expected value of the current time interval for sending NTP messages. Root Delay represents the total delay of the main reference source. Root Dispersion represents a normal error relative to the main reference source. Synchronizing Distance and Synchronizing Dispersion are the current round-trip delay and the error range relative to PRS. Reference Timestamp represents the type of current clock reference source and the last update time, and is set up for management purposes. The following three fields represent three timestamps: the time when the sender of the Organic Timestamp last touched the packet, the time when the receiver of Receive Timestamp received the packet, and the time when the receiver of Transmit Timestamp sent the echo reply. Authenticator is a key indicator and encrypted check box.
Figure 1: NTP information in UDP packets [4]
3.2. The working principle
of NTP The most critical reason affecting the accuracy of the NTP protocol lies in the inaccuracy of the clock delay calculation caused by the randomness of the network delay. Due to the inaccurate delay, it is impossible to rely on the unilateral transmission from the time server to the client to transmit accurate time information. To solve this problem, the two-way information exchange between time server and client and the concept of timestamp are used in the NTP protocol. Figure 2 shows the basic principle of using this method to determine delay and offset.
As shown in the figure, Ti, Ti-1, Ti-2, Ti-3 are the values of the last 4 timestamps between host A and B. Assumptions:
a=Ti-2-Ti-3; b=Ti-1-Ti. Then the round-trip transmission delay between A and B hosts δi and the time offset θi of B relative to A at time Ti should be: δi=ab; θi=(a+b)/2
due to the packet transmission in network transmission The flow is uncertain, may be large or small, and usually arrives at the client in a burst, so the transmission delay is not a steady-state random process. However, we can correct the completion deviation by measuring the transmission delay. In Figure 2, the true time offset of B relative to A is θ. Assuming that x is used to represent the true transmission delay from A to B, then: x+b=Ti-2–Ti-3=a. Since x must be positive, that is, x=a–θ≥0, so θ≤a. In the same way, we can get b≤θ, so b≤θ≤a, namely: b=(a+b)/2-(ab)/2≤θ≤(a+b)/2+(ab) /2=a. Equivalent to: θi -(δi)/2≤θ≤θi +(δi)/2.
This means that the true clock deviation value is centered on the measured deviation value, and its possible variation range is equal to the measured delay. Each NTP message contains the latest 3 timestamps, and the fourth timestamp is determined by the arrival time of the message. Therefore, both the server and the client can determine the time offset separately. The advantage of this symmetrical continuous sampling time transmission method is that there is no requirement on the order of sent and received messages, so a reliable transmission path is not required. Obviously, the final accuracy will depend on the statistical characteristics of the sending and receiving paths.
3.3. NTP
working mode There are three working modes of NTP:
Client/Server mode: The client periodically requests time information from the server. The server is used to synchronize the client but cannot be synchronized by the client. The client first sends an NTP packet to the server, which contains the time stamp when the packet leaves the client. When the server receives the packet, it fills in the time stamp when the packet arrives, the source address and destination address of the exchange packet, and Fill in the time stamp when the packet left, and then immediately return the packet to the client. When the client receives the response packet, it fills in the time stamp when the packet returns. With these time parameters, the client can calculate two key parameters: the round-trip delay of packet exchange and the clock offset between the client and the server. The client uses the clock offset to adjust the local clock to make its time consistent with the server time [2].
Active/passive symmetric mode: basically the same as the client/server mode. The only difference is that both parties can synchronize or be synchronized by each other.
Broadcast mode: There is no synchronized initiator. In each synchronization cycle, the server broadcasts a message packet with its own timestamp to the network, and all target nodes passively receive these messages to adjust their time. Generally used in places where the network delay is very small, or the time accuracy is not high, like in a local area network, the use of broadcast mode can save bandwidth.
3.4. NTP system architecture
NTP uses a hierarchical time distribution model. The network architecture mainly includes the transmission path between the master time server, slave time server, client and each node. The main time server synchronizes with the high-precision time source and provides time services for other nodes. Each client obtains time synchronization from the time server via the main server. Under normal circumstances, nodes (including time servers and clients) only use the most reliable and accurate server and transmission path for synchronization, so the usual synchronization path is a hierarchical structure. Among them, the master time server is located at the root node, other slave time servers are located on the layer close to the leaf nodes as the synchronization accuracy increases, and the host and school servers are located at the leaf nodes. NTP divides the transmission path into an active synchronization path and a backup synchronization path, both of which transmit time information packets at the same time, but the node only uses the active synchronization path data for synchronization processing [2].
Figure 3: An implementation model of the client/server model [3] In
this model, the local clock process: Process the offset obtained by the correction module and adjust the phase and frequency of the local clock with a special algorithm in NTP. Transmission process: Triggered by different timers corresponding to each remote entity to collect information from the database and send NTP messages to the remote entity. Each message includes the local timestamp when it was sent, the timestamp of the previous reception, and the information used to determine the synchronization network hierarchy and manage the connection. Receiving process: Receive NTP messages and calculate the offset between the remote clock and the local clock. Correction module: Process the offset between each remote entity, and use an algorithm in NTP to select the best one. Local clock process: Process the offset obtained by the correction module and adjust the local clock with a special algorithm in NTP.
4. The application of NTP in the campus network
In our school’s campus network, there are a large number of network devices, servers, and hosts, which carry the billing, maintenance, and management functions of the campus network. The requirements for time accuracy are relatively high. The information transmitted between networks can maintain a high degree of consistency in time.
The application of time synchronization in the campus network mainly focuses on the following aspects:
1. Log audit of the network management system: When malicious attacks or network failures occur in the network, the network administrator needs to follow the logs generated in the relevant network equipment Analyze and judge in order to find the source of the attack, the harm to the network and the cause. However, if the time in the network cannot be synchronized, the logs generated by the same behavior on different devices will not be serialized. It is impossible to analyze and solve these problems. In addition, when the network management center adopts multi-point logging, if the time of each node in the network is not synchronized, it will also cause confusion in logging. If you need this information to locate faults quickly and accurately, accurate time is essential [1].
2. Application authentication process: Some application systems in the campus network and the all-in-one card system to be built in the future require that the time in the network must be synchronized during user authentication. Because the digital time stamp service in authentication requires the client to use local time as a parameter to exchange authentication information packets with the authentication server. If the time synchronization in the network cannot be achieved, the system will encounter problems, and the authentication process may be subject to replay attacks.
3. Time-related application system: The network application system that strictly records the time of data submission must ensure the accuracy and unchangeability of the submission time. In addition, application systems that perform limited-time operations on clients also require time synchronization.
4. Campus network backup system: Incremental backup between the backup server and client requires time synchronization between the two systems.
5. Ensure that remote system calls between systems can be performed normally: because in order to ensure that a system call will not be repeated, the system call is only valid within a time interval. If the clocks between the systems are not synchronized. The system call may not be performed due to timeout before it occurs.
6. Billing system: The digital time stamp service is also used in the network billing system, so accurate time synchronization is also required.
Various application systems, security systems, and network management systems in the campus network promote the need for time synchronization of network equipment and servers. If accurate time synchronization is not possible, we have to spend a lot of time to solve various problems that may arise.
All in all, time synchronization technology is very important for network management and network applications. In order to ensure the time synchronization between the devices and systems in the campus network, we need to solve three problems: one is to select a very accurate time source as much as possible; the other is to transmit the accurate time to the network device or host that needs time service. Ensure that the error in the transmission process is as small as possible; the third is to synchronize time equipment with absolute time, make full use of the equipment's respective time calibration mechanism to automatically achieve time synchronization, and try to eliminate artificial factors.
For this reason, according to the actual situation of the campus network, a campus time synchronization network is constructed according to the hierarchical structure of NTP, as shown in Figure 4. At present, the campus network network structure is divided into several areas according to the physical scope, each area has a three-layer switch as the core device, and these core devices are connected to the Internet through a core three-layer switch in the network center. We use the core equipment of the network center as the public time server on the Internet (for the international time server, see http://www.eesic.udel.edu/ntp/; for the time server on the China Education Network, see http://www.time. edu.cn/mem.htm), obtain the accurate time directly from the time server on the Internet, and then serve as the primary time server in the campus network to provide time services for the entire campus network; in other areas The core device, as the client of the core device of the network center, obtains the time from the core device of the network center; the network device of the distribution layer in the campus network acts as the client of the core layer, and obtains the time from the core device of the respective area. End users in the campus network provide time services. The configuration command to set the upper-level time server is as follows:
(config)#ntp server xxxx: where xxxx is the ip address of the upper-level time server to be kept consistent.
In order to maintain the accuracy of the time, various servers in the campus network can generally obtain the time directly from the recently connected core device according to the connection situation, and the core devices can work in a symmetrical active/passive mode, and they can interact with each other at the same time. Coordinate between to maintain time consistency. The configuration command to set the peer relationship is as follows: (config)#ntp peer xxxx where xxxx is the ip address of the time server in the peer position
The servers on campus adopt different configuration commands or software according to different operating systems: For Windows 2000, you can use the commands that come with Windows. In the command line mode, enter: net time/set sntp: xxxx where: xxxx is the time server ip address , There can be one or more, separated by spaces. You can also use free software, such as ntptime, etc. For Linux, you can use rdate or netdate to synchronize time with a time server.
The time service of the core device is very important. If it is attacked, a wide range of services will be affected. Therefore, we can set time service verification requirements and access control strategies to prevent unauthorized access and modification of core equipment to ensure the accuracy, reliability and safety of the campus network time. The NTP configuration steps for the time server and the corresponding client are as follows:
1. Enable NTP authentication:
(switch-config)#ntp authenticate
2. Configure the password for NTP authentication, use MD5 encryption, and be consistent with the ntp server
(switch -config) #ntp Key 1 MD5 authentication keyword
3, the configuration of the two sides trust Key
(switch-config) #ntp trusted - Key 1
4, configure access control policy that allows only to meet the conditions of access-list listnumber host provides time services
(switch -config)#ntp acess-group peer listnumber The
above commands must be deployed at the same time on the core device that needs authentication and the corresponding client, and the configuration commands must be consistent:
Figure 4 Campus time synchronization network
5. Summary
This article discussed the working principle and working mode of the NTP protocol. According to the needs of the campus network for time services, combined with the actual situation of the campus network, a solution to the campus time synchronization network using the NTP protocol layered mode is proposed. With the construction of campus network in the future, there will be more and more network applications that require time services. In terms of network security, the requirements for time services will become higher and higher, and research in this area needs to be in-depth.