NTP (Network Time Protocol) provides accurate and syncronised time
across the Internet. This introductory article will try to show you how to use NTP to
control and synchronize your system clock.
NTP is organised in a hierarchical client-server model. In the top of
this hierarchy there are a small number of machines known as reference clocks.
A reference clock is known as stratum 0 and is typically
a cesium clock or a Global Positioning System (GPS) that receives time from
satellites. Attached to these machines there are the so-called stratum 1
servers (that is, stratum 0 clients), which are the top level time servers available
to the Internet, that is, they are the best NTP servers available.
Note: in the NTP lingo measure for synchronization distance is termed as
stratum: the number of steps that a system lies from a primary time source.
Following this hierarchy, the next level in the structure are the stratum 2
servers which in turn are the clients for stratum 1 servers. The lowest level
of the hierarchy is made up by stratum 16 servers. Generally speaking, every
server syncronized with a stratum n server is termed as being at stratum
n+1 level. So, there are a few stratum 1 servers which are referenced by stratum
2 servers, wich in turn are refenced by stratum 3 servers, which are referenced by
stratum 4 and so on.
NTP servers operating in the same stratum may be associated with others in a peer to
peer basis, so they may decide who has the higher quality of time and then can
synchronise to the most accurate.
In addition to the client-server model and the peer to peer model, a server may
broadcast time to a broadcast or multicast IP addresses and clients may be configured
to synchronise to these broadcast time signals.
So, at this point we know that NTP clients can operate with NTP servers in three
in a client-server basis
in a peer to peer mode
sending the time using broadcast/multicast
How does it work
Whenever ntpd starts it checks its configuration file (/etc/ntp.conf) to determine syncronization sources,
authentication options, monitoring options, access control and other operating
options. It also checks the frequency file (/etc/ntp/drift) that contains the latest estimate of clock
frequency error. If specified, it will also look for a file containing the
authentication keys (/etc/ntp/keys).
Note that the path and/or name of these configuration files may vary in your
system. Check the -c command line option.
Once the NTP daemon is up and running, it will operate by exchanging packets (time
and sanity check exchanges) with its configured servers at poll intervals and its
behaviour will depend on the delay between the local time and its reference servers.
Basically, the process starts when the NTP client sends a packet containing its
timestamp to a server. When the server receives such a packet, it will in turn store
its own timestamp and a transmit timestamp into the packet and send it back to the
client. When the client receives the packet it will log its receipt time in order to
estimate the travelling time of the packet.
The packet exchange takes place until a NTP server is accepted as a synchronization
source, which take about five minutes. The NTP daemon tries to adjust the clock in
small steps and will continue until the client gets the accurate time. If the delay
between both the server and client is big enough the daemon will terminate and you
will need to adjust the time manually and start the daemon again.
Sample ntp.conf configuration file
#multicastclient # listen on default 220.127.116.11
# by default ignore all ntp packets
restrict 0.0.0.0 mask 0.0.0.0 ignore
# allow localhost
restrict 127.0.0.1 mask 255.255.255.255
# accept packets from...
restrict 192.168.100.125 mask 255.255.255.255
restrict 192.168.100.126 mask 255.255.255.255
restrict 192.168.100.127 mask 255.255.255.255
Take a look at references below to understand the configuration options.
NTP stands for Network Time Protocol, and it is an Internet
protocol used to synchronize the clocks of computers to some time reference. NTP is
an Internet standard protocol originally developed by Professor David L. Mills at
the University of Delaware.
SNTP (Simple Network Time Protocol) is basically also NTP, but
lacks some internal algorithms that are not needed for all types of servers.
Time usually just advances. If you have communicating programs
running on different computers, time still should even advance if you switch from one
computer to another. Obviously if one system is ahead of the others, the others are
behind that particular one. From the perspective of an external observer, switching
between these systems would cause time to jump forward and back, a non-desirable
As a consequence, isolated networks may run their own wrong time,
but as soon as you connect to the Internet, effects will be visible. Just imagine some
EMail message arrived five minutes before it was sent, and there even was a reply two
minutes before the message was sent.
NTP needs some reference clock that defines the true time to
operate. All clocks are set towards that true time. (It will not just make all
systems agree on some time, but will make them agree upon the true time as defined
by some standard.)
NTP uses UTC as reference time
NTP is a fault-tolerant protocol that will automatically select
the best of several available time sources to synchronize to. Multiple candidates
can be combined to minimize the accumulated error. Temporarily or permanently
insane time sources will be detected and avoided.
NTP is highly scalable: A synchronization network may consist of
several reference clocks. Each node of such a network can exchange time information
either bidirectional or unidirectional. Propagating time from one node to another
forms a hierarchical graph with reference clocks at the top.
Having available several time sources, NTP can select the best
candidates to build its estimate of the current time. The protocol is highly
accurate, using a resolution of less than a nanosecond (about 2^-32 seconds). (The
popular protocol used by rdate and defined in [RFC 868] only uses a resolution of
Even when a network connection is temporarily unavailable, NTP
can use measurements from the past to estimate current time and error.
UTC (Universal Time Coordinated, Temps Universel Coordonné)
is an official standard for the current time. UTC evolved from the former GMT
(Greenwich Mean Time) that once was used to set the clocks on ships before they left
for a long journey. Later GMT had been adopted as the world's standard time. One of the
reasons that GMT had been replaced as official standard time was the fact that it was
based on the mean solar time. Newer methods of time measurement showed that the mean
solar time varied a lot by itself.The following list will explain the main components
Universal means that the time can be used everywhere in
the world, meaning that it is independent from time zones (i.e. it's not local
time). To convert UTC to local time, one would have to add or subtract the local
Coordinated means that several institutions contribute
their estimate of the current time, and UTC is built by combining these
NTP on Unix and Windows 2000
In this example we show, how to synchronize your Linux, Solaris and
Windows 2000 Server (Primary Domain Controller) with the Public NTP Time Server:
Location: Integrated Systems Laboratory, Swiss Fed. Inst. of Technology,
CH 8092 Zurich, Switzerland
Geographic Coordinates: 47:23N, 8:32E
Synchronization: NTP primary (DCF77 clock), Sun-4/SunOS 4.1.4
Service Area: Switzerland/Europe
Access Policy: open access
Contact: Christoph Wicki (firstname.lastname@example.org)
Configuration on Unix
The NTP client program ntpdate sets the system clock once. As
real clocks drift, you need periodic corrections. Basically you can run ntpdate in a
cron job hourly or daily, but your machine won't be an NTP server then.
Crontab entry to update the system clock once a day
0 2 * * * /usr/sbin/ntpdate -s -b -p 8 -u 18.104.22.168
Force the time to be stepped using the settimeofday() system call,
rather than slewed (default) using the adjtime() system call. This option should be
used when called from a startup file at boot time.
Specify the number of samples to be acquired from each server as
the integer samples, with values from 1 to 8 inclusive. The default is 4.
Divert logging output from the standard output (default) to the
system syslog facility. This is designed primarily for convenience of cron
Direct ntpdate to use an unprivileged port or outgoing packets.
This is most useful when behind a firewall that blocks incoming traffic to privileged
ports, and you want to synchronise with hosts beyond the firewall. Note that the -d
option always uses unprivileged ports.
First of all you have to download the NTP sources from www.ntp.org. On RedHat Linux 7.0 / 7.1 the NTP
server ntpd is already included in the distribution.
The NTP server ntpd will learn and remember the clock drift
and it will correct it autonomously, even if there is no reachable server. Therefore
large clock steps can be avoided while the machine is synchronized to some reference
clock. In addition ntpd will maintain error estimates and statistics, and
finally it can offer NTP service for other machines.
# Adjust time to make life easy for
if [ -f /etc/ntp/step-tickers ]; then
$"Synchronizing with time server: "
/usr/sbin/ntpdate -s -b -p 8 -u \
-e 's/#.*//' /etc/ntp/step-tickers`
# Start daemons.
echo -n $"Starting $prog: "
[ $RETVAL -eq 0 ] && touch
server 127.127.1.0 # local
server 22.214.171.124 # swisstime.ethz.ch (stratum 1)
multicastclient # listen on default
# /etc/rc.d/init.d/ntpd start
One of the quickest commands to verify that ntpd is still up
and running as desired is ntpq -p. That command will show all peers used and
configured together with their corner performance data.
# ntpq -p
refid st t when poll reach delay offset jitter
LOCAL(0) LOCAL(0) 3
l 9 64 377 0.000
*swisstime.ethz. .DCFa. 1 u 17 64
377 25.088 -10.040 1.071
To obtain a current list peers of the server, along with a summary
of each peer's state. Summary information includes the address of the remote peer, the
reference ID (0.0.0.0 if this is unknown), the stratum of the remote peer, the type of
the peer (local, unicast, multicast or broadcast), when the last packet was received,
the polling interval, in seconds, the reachability register, in octal, and the current
estimated delay, offset and dispersion of the peer, all in milliseconds.
# ntpq -c pee swisstime.ethz.ch
refid st t when poll reach delay offset jitter
*GENERIC(0) .DCFa. 0 l
14 16 377 0.000 0.126 0.170
LOCAL(0) LOCAL(0) 6 l
13 64 377 0.000 0.000 10.010
sns2-tss2.unige lantime 2 u 323 1024 377
11.000 0.014 1.770
+nz11.rz.uni-kar .DCF. 1 u 40 64
376 353.290 18.088 17.120
xjane.planNET.de .DCFa. 1 u 80 256 377
125.050 -38.018 0.210
+sombrero.cs.tu- .GPS. 1 u 49 64
377 36.070 1.159 0.790
Be sure that there is an entry for the the swisstime.ethz.ch server,
and that there is an entry for your local net. The "st" (stratum) column for the ITD
time servers should be "1" or "2", indicating that the time server are stratum-1/2
servers, e.g. they obtain their time from stratum-1 servers, which are directly
connected to external time reference sources. If the stratum for any server is "16"
then this server is not synchronizing successfully.
local st poll reach delay offset
127.0.0.1 3 64 377 0.00000 0.000000
=cosmos.hsz.akad 126.96.36.199 16
64 0 0.00000 0.000000 0.00000
*swisstime.ethz. 192.168.138.29 1 128 377 0.02658 -0.001197
Configuration on Windows 2000 Workstation
Windows 2000 (Win2K) uses a time service, known as Windows Time
Synchronization Service (Win32Time), to ensure that all Win2K computers on your network
use a common time. The W32Time Service is a fully compliant implementation of the
Simple Network Time Protocol (SNTP) as detailed in IETF RFC 1769. SNTP uses UDP port
123 by default. If you want to synchronize your time server with an SNTP server on the
Internet, make sure that port is available.
net time /setsntp:swisstime.ethz.ch
net start W32Time
You can also set the start option of the Windows Time
Synchronization Service (W32Time) to Automatic, so the service will start when
The registry values are located in the following registry
AvoidTimeSyncOnWan : REG_DWORD (optional)
Prevents the computer from synchronizing with a computer that is in another
0 = the site of the time source is ignored [default]
1 = the computer does not synchronize with a time source that is in a different
GetDcBackoffMaxTimes : REG_DWORD (optional)
The maximum number of times to double the backoff interval when successive
attempts to find a domain controller do not succeed. An event is logged every time
a wait of the maximum length occurs.
0 = the wait between successive attempts is always the minimum and no event is
7 = [default]
GetDcBackoffMinutes : REG_DWORD (optional)
The initial number of minutes to wait before looking for a domain controller if
the last attempt did not succeed. 15 = [default]
LocalNTP : REG_DWORD
Used to start the SNTP server.
0 = do not start the SNTP server unless this computer is a domain
1 = always start the SNTP server
NtpServer : REG_SZ (swisstime.ethz.ch)
NtpServer : REG_SZ (optional) Used to manually configure the time source. Set this
to the DNS name or IP address of the NTP server to synchronize from. You can modify
this from the command line by using the net time command. Value is blank by
Period : REG_DWORD or REG_SZ
Used to control how often the time service synchronizes. If a string value is
specified, it must be one of special ones listed below.
0 = once a day
65535, "BiDaily" = once every 2 days
65534, "Tridaily" = once every 3 days
65533, "Weekly" = once every week (7 days)
65532, "SpecialSkew" = once every 45 minutes
until 3 good synchronizations occur, then once every 8 hours (3 per day)
65531, "DailySpecialSkew" = once every 45 minutes until 1 good synchronization
occurs, then once every day
freq = freq times per day
ReliableTimeSource : REG_DWORD (optional)
Used to indicate that this computer has reliable time.
0 = do not mark this computer as having reliable time [default]
1 = mark this computer as having reliable time (this is only useful on a domain
Type : REG_SZ
Used to control how a computer synchronizes.
Nt5DS = synchronize to domain hierarchy [default]
NTP = synchronize to manually configured
NoSync = do not synchronize time
The Nt5DS setting may not use a manual configured source.
The Adj and msSkewPerDay values are used to preserve information
about the computer's clock between restarts. Do not manually edit these values.
For further information about NTP in
For further information about NTP see