At the end of June this year, several high profiles websites suffered disruption and went down due the inclusion of an additional second to the international time system. The websites, including the social news and networking sites Reddit, Foursquare and Linkedin, were disrupted for several hours thanks to the inclusion of a Leap Second to Coordinated Universal Time (UTC), the world’s global timescale. (more…)
Archive for the ‘NTP FAQ’ Category
Accurate time is essential in the modern world of internet banking, online auctions and global finance. Any computer network that is involved in global communication needs to have an accurate source of the global timescale UTC (Coordinated Universal Time) to be able to talk to other networks.
Receiving UTC is simple enough. It is available from multiple sources but some are more reliable than others:
Internet Time Sources
The internet is awash with time sources. These vary in reliability and accuracy but some trusted organisations like NIST (National Institute of Standards and Time) and Microsoft. However, there are disadvantages with internet time sources:
Reliability – The demand for internet sources of UTC often means it can be difficult to access them
Accuracy – most internet time servers are stratum 2 devices which means they rely on a source of time themselves. Often errors can occur and many sources of time can be very inaccurate.
Security – Perhaps the biggest issue with internet time sources is the risk they pose to security. To receive a time stamp from across the internet the firewall needs to have an opening to allow the signals to pass through; this can lead to malicious users taking advantage.
Radio Referenced Time Servers.
A secure method of receiving UTC time stamps is available by using a NTP time server that can receive radio signals from labs like NIST and NPL (National Physical Laboratory. Many countries have these broadcasted time signals which are highly accurate, reliable and secure.
GPS Time servers
Another source for dedicated time servers is GPS. The big advantage of a GPS NTP time server is that the time source is available everywhere on the planet with a clear view of the sky. GPS time servers are also highly accurate, reliable and just as secure as radio referenced time servers.
Keeping the clock on a PC system synchronised is important for many systems, networks and users that need time accuracy for applications and transactions. Nearly everything on a modern computer system is time reliant so when synchronisation fails all sorts of issues can arise from data getting lost and debugging becoming near impossible.
There are several methods of synchronising a computer system’s clock but the majority of them rely on the time synchronisation protocol NTP (Network Time Protocol).
By far the most common method is to make use of the myriad of online NTP time servers that relay the UTC time (Coordinated Universal Time). However, there are many common issues in using internet based time servers – here are some of them:
Can’t access the Internet time server
A common occurrence with Internet time sources is the inability to access them. This can be caused by several reasons:
• Too much traffic trying to access the server
• Website is down
• Your connection is down
The time from the time server is innacuurate
Most online sources of time are what are known as stratum 2 time servers. This means they get their time from another time server (stratum 1) that it connected to an atomic clock (stratum 0). If there is an error with the stratum 1 device the stratum 2 device will be wrong (and every device that is trying to get the time from it).
The time server is leading to security problems with the firewall
Another common problem caused by the fact that all online time servers need access through your firewall. Unfortunately this gives the opportunity for malicious users to make use of this back door into your system.
Eliminating Time Server Issues
Internet time sources are neither guaranteed to be accurate, reliable or secure so for any serious time synchronisation requirements an external source of time should be used. NTP time servers that plug into a network and receive the time from GPS or radio sources are a much more secure and reliable alternative. These NTP servers are also highly secure as they do not operate across the Internet.
Network Time Protocol (NTP) is a TCP/IP protocol developed when the internet was in its infancy. It was developed by David Mills of the University of Delaware who was trying to synchronise computers across a network with a degree of precision.
NTP is a UNIX based protocol but it has been ported to operate just as effectively on PCs and a version has been included with operating systems since Windows 2000 (including Windows 7, Vista and XP).
NTP, and the daemon (application) that controls it, is not just a method of passing the time around. Any system running the NTP daemon can act as a client by querying the reference time from other servers or it can make its own time available for other devices to use which in effect turns it into a time server itself. It can also act as a peer by collaborating with other peers to find the most stable and accurate time source to use.
One of the most flexible aspects of NTP is its hierarchical nature. NTP divides devices into strata, each stratum level is defined by its proximity to the reference clock (atomic clock). The atomic clock itself is a stratum 0 device, the closest device to it (often a dedicated NTP time server) is a stratum 1 device whilst other devices that connect to that become stratum 2. NTP can maintain accuracy to within 16 stratum levels.
Any network that needs to be synchronised, has to first identify and locate a time source for NTP to distribute. Internet sources of time are available but thee are often taken from stratum 2 devices that operate through the firewall. The only way NTP can peer the time is if the TCP/IP port is left open to allow the traffic through. This could lead to security issues as malicious users can take advantage of this firewall hole.
Dedicated NTP time servers find a source of time via GPS or radio signals and so don’t leave a network vulnerable to attack. By attaching a NTP time server to a router and entire network of hundreds and even thousands of devices can be synchronised thanks to NTP’s hierarchical structure.
Time synchronization is essential in modern computer networking especially with the amount of time sensitive transactions conducted over the internet these days. Without adequate synchronization computer systems will:
- Be vulnerable to malicious attacks
- Susceptible to data loss
- Unable to conduct time sensitive transactions
- Difficult to debug
Fortunately ensuring a computer network is accurately synchronized is relatively straight forward. There different methods of synchronizing a network to the global timescale UTC (Coordinated Universal Time) but occasionally some common issues do arise.
My dedicated time server is unable to receive a signal
Dedicated NTP time servers receive the time from either long wave transmissions or GPS networks. If using a GPS NTP server then a GPS antenna needs to be situated on a roof to obtain a clear view of the sky. However, a NTP radio receiver does not need a roof mounted aerial although the signal can be vulnerable to interference and the correct angle toward the transmitter should be attained.
I am using a public time server across the Internet but my devices are not synchronised.
As public time servers can be used by anyone they can receive high levels of traffic. This can cause problems with bandwidth and mean that your time requests can’t get through. Public NTP servers can also fall victim to DDoS attacks and some high profile incidents of NTP vandalism have occurred.
Internet time servers are also stratum 2 devices, in other words they themselves have to connect to a time server to receive the correct time and because of this some online time references are wildly inaccurate.
*NB – internet time servers are also incapable of being authenticated to allow NTP to establish if the time source is coming from where it claims to be, combined with the problem of ensuring the firewall is open to receive the time requests, can mean that internet time servers present a clear risk to security.
The time on my computer seems to be off by a second to standard UTC time
You need to check if a recent leap second has been added to UTC. Leap seconds are added once or twice a year to ensure UTC and the Earth’s rotation match. Some time servers experience difficulties in making the leap second adjustment.