Introduction to network time protocol and server synchronization network time

Introduction to NTP

Network Time Protocol (English: Network Time Protocol, abbreviation: NTP) is a network protocol for clock synchronization between computer systems with variable latency in the data network through packet switching, located in the application layer of the OSI model. Since 1985, NTP is one of the oldest Internet protocols still in use. NTP was designed by David L. Mills of the University of Delaware.
NTP intends to synchronize the Coordinated Universal Time (UTC) time of all participating computers to within a few milliseconds of error. It uses a modified version of the Marzullo algorithm to select an accurate time server, and is designed to mitigate the impact of variable network delays. NTP can usually maintain an error of tens of milliseconds in the public Internet, and can achieve an accuracy of more than 1 millisecond in an ideal LAN environment. Asymmetric routing and congestion control can cause errors of 100 milliseconds (or higher).
This protocol is usually described as a master-slave architecture, but it can also be used in a peer-to-peer network where both peers can identify the other end as a potential source of time. The sending and receiving timestamps are implemented using port 123 of the User Datagram Protocol (UDP). This can also use broadcast or multicast, where the client passively listens for time updates after the initial round-trip calibration exchange. NTP provides a warning of an upcoming leap second adjustment, but does not transmit information about the local time zone or daylight saving time.
The current protocol is version 4 (NTPv4), which is a recommended standard in the RFC 5905 document. It is backward compatible with version 3 specified in RFC 1305.

The ntp component is a software implementation of the ntp protocol on the Linux platform. Some Linux operating systems have the ntp component installed by default. If ntp is not installed first, the protocol can be used to complete time synchronization.

Time synchronization method when server can access internet

DNS configured

The server can access the external network and is configured with DNS, directly

ntpdate 0.cn.pool.ntp.org 或 nptdate ntp1.aliyun.com

You can synchronize the external network time.

DNS is not configured

For security reasons, some servers are connected to the external network, but DNS is not configured. In this case, the time needs to be synchronized directly from the ip address of the time server. You can use the time server ip of Aliyun (ntp1.aliyun.com) to synchronize directly,

ntpdate 120.24.81.91  或者 清华的时间服务器ntpdate 84.16.73.33

Time synchronization method when the server cannot access the Internet

Assuming that there is a server on the LAN (IP address is IP_TIME), the time is correct, configure this server as a LAN ntp time server, and other servers execute

ntpdate IP_TIME

In this way, at least all servers are synchronized with the time of this one. Whether this one needs to be synchronized with the network time depends on the functional requirements. If you really need it, this one must be able to access the Internet, synchronize to the network time as described above, and the rest can be kept in a state where it cannot access the Internet.

for example

Assume that there are two Linux servers A and B, and both of them need to be synchronized to the network time.
A is connected to the external network. Although the DNS server is not configured, it can ping 120.24.81.91 (Alibaba Cloud Time Server). You can synchronize the time directly.
B does not open the external network, and ping 120.24.81.91 will report connect: Network is unreachable, which definitely cannot synchronize time from the external network server. Execute ntpdate 120.24.81.91, it will report no server suitable for synchronization found, or no servers can be used, exiting.

The solution is divided into three steps, the firewalls of A and B are closed, and the whole process is operated by the root account.

1. A synchronize the time from the external network,
2. Configure A as an ntp server (NTP server),
3. B synchronizes time from A.

A Synchronize network time

The server's first synchronization time is displayed as follows

[root@localhost ~]# ntpdate 120.24.81.91
10 Aug 09:46:07 ntpdate[15071]: step time server 120.24.81.91 offset 1.423469 sec

The 2-nth time is displayed as follows

[root@localhost ~]# ntpdate 120.24.81.91
10 Aug 14:16:14 ntpdate[12150]: adjust time server 120.24.81.91 offset -0.030012 sec

Every time it is executed, the error behind the offset will change, and the trend is more and more accurate.

Configure A as NTP server

To configure A as an NTP server, first modify the configuration file /etc/ntp.conf. How to modify and look down.
After the modification is completed, execute the following cat command, except that 192.168.2.0 is changed to the network segment of your own LAN, the other requirements must be the same as the following. If there are more statements than the following, comment out, and add those that are not. If it happens to be the same as below, and the 192 location is also your LAN segment, then nothing needs to be changed.

#cat /etc/ntp.conf |awk '{if($0 !~ /^$/ && $0 !~ /^#/) {print $0}}'  

restrict default ignore                                //#设置默认策略为允许任何主机进行时间同步
restrict 127.0.0.1                                         //给于本机所有权限
restrict 192.168.2.0 mask 255.255.255.0 nomodify notrap     //给于局域网机的机器有同步时间的权限
server 0.127.127.1.0               //设置时间服务器为本机，可以设为120.24.81.91外网服务器
server  127.127.1.0  # local clock
fudge  127.127.1.0 stratum 10
driftfile /var/lib/ntp/drift
broadcastdelay  0.008
keys    /etc/ntp/keys

Then execute

# /etc/init.d/ntpd start 或 #service ntpd start

OK will be displayed, indicating success. The machine is already an NTP server.

If the configuration file is modified repeatedly, execute

# /etc/init.d/ntpd restart

Reload the configuration file.

B and A synchronize time

After A starts the NTP server service, it has to wait for 5 minutes before executing the synchronization time command on B. This time is used by the NTP server to synchronize the local time.
Execute on B after 5 minutes

[root@DB1 ~]# ntpdate AIP (AIP是A的内网IP地址)
10 Aug 13:35:59 ntpdate[10737]: adjust time server AIP offset 0.004937 sec

, You can synchronize the system time of A to B, which is equivalent to synchronizing the external network time.

What if A starts the NTP server and does not wait for 5 minutes, then synchronizes the time with B immediately?

Since the time of the NTP server itself has not been synchronized with the operating system, an error will be returned

no server suitable for synchronization found

You can use the ntpdate -d AIP command to view.

[root@DB1 ~]# ntpdate -d AIP
10 Aug 13:28:07 ntpdate[10719]: ntpdate [email protected] Thu Oct  5 04:11:32 EDT 2006 (1)
Looking for host 192.168.2.10 and service ntp
host found : 192.168.2.10
transmit(192.168.2.10)
receive(192.168.2.10)
省略
192.168.2.10: Server dropped: strata too high
server 192.168.2.10, port 123
stratum 16, precision -20, leap 11, trust 000
refid [192.168.2.10], delay 0.02573, dispersion 0.00000
省略  

There is a prompt of "Server dropped: strata too high" and "stratum 16".
The normal range of stratum is "0~15".
You don't need to do anything, wait a while and try to execute the command, it will become stratum 11, precision -20, leap 00, trust 000. Stratum 11 is the normal range, and the time is successfully synchronized by executing ntpdate AIP.

What should I do if server B is always consistent with server A?

B. If you need to correct the time frequently, crontab configures the ntpdate command to achieve the goal.

crontab -e  
9 7 * * * /usr/sbin/ntpdate  AIP

The operating system time synchronization to the hardware time can also set crontab as needed. The advantage of keeping the hardware time consistent with the operating system time is to avoid errors caused by hardware time overwriting the system time after restarting the server.

Can A synchronize time from the external network while acting as the NTP server of the LAN?

After testing, the ntpdate command cannot be executed when the ntpd service is running. To synchronize the network time frequently, and also as the NTP server of the LAN to synchronize time to other servers, the crontab timing tasks on A should be executed in the following order

1. ntpdate 外网时间服务器ip
2. service ntpd start
3. 间隔一段可接受的时间，间隔约长，和网络时间的误差越大。
   此时B可同步到A的时间
4. service ntpd stop
下面循环回第一步
1. ntpdate 外网时间服务器ip