Introduction to NTP


NTP (Network Time Protocol) provides accurate and syncronised time across the Internet. This introductory article will try to show you how to use NTP to control and synchronize your system clock.

First approach

NTP is organised in a hierarchical client-server model. In the top of this hierarchy there are a small number of machines known as reference clocks. A reference clock is known as stratum 0 and is typically a cesium clock or a Global Positioning System (GPS) that receives time from satellites. Attached to these machines there are the so-called stratum 1 servers (that is, stratum 0 clients), which are the top level time servers available to the Internet, that is, they are the best NTP servers available.

Note: in the NTP lingo measure for synchronization distance is termed as stratum: the number of steps that a system lies from a primary time source.

Following this hierarchy, the next level in the structure are the stratum 2 servers which in turn are the clients for stratum 1 servers. The lowest level of the hierarchy is made up by stratum 16 servers. Generally speaking, every server syncronized with a stratum n server is termed as being at stratum n+1 level. So, there are a few stratum 1 servers which are referenced by stratum 2 servers, wich in turn are refenced by stratum 3 servers, which are referenced by stratum 4 and so on.

NTP servers operating in the same stratum may be associated with others in a peer to peer basis, so they may decide who has the higher quality of time and then can synchronise to the most accurate.

In addition to the client-server model and the peer to peer model, a server may broadcast time to a broadcast or multicast IP addresses and clients may be configured to synchronise to these broadcast time signals.

So, at this point we know that NTP clients can operate with NTP servers in three ways:

  • in a client-server basis
  • in a peer to peer mode
  • sending the time using broadcast/multicast

How does it work

Whenever ntpd starts it checks its configuration file (/etc/ntp.conf) to determine syncronization sources, authentication options, monitoring options, access control and other operating options. It also checks the frequency file (/etc/ntp/drift) that contains the latest estimate of clock frequency error. If specified, it will also look for a file containing the authentication keys (/etc/ntp/keys).

Note that the path and/or name of these configuration files may vary in your system. Check the -c command line option.

Once the NTP daemon is up and running, it will operate by exchanging packets (time and sanity check exchanges) with its configured servers at poll intervals and its behaviour will depend on the delay between the local time and its reference servers. Basically, the process starts when the NTP client sends a packet containing its timestamp to a server. When the server receives such a packet, it will in turn store its own timestamp and a transmit timestamp into the packet and send it back to the client. When the client receives the packet it will log its receipt time in order to estimate the travelling time of the packet.

The packet exchange takes place until a NTP server is accepted as a synchronization source, which take about five minutes. The NTP daemon tries to adjust the clock in small steps and will continue until the client gets the accurate time. If the delay between both the server and client is big enough the daemon will terminate and you will need to adjust the time manually and start the daemon again.

Sample ntp.conf configuration file

     server swisstime.ee.ethz.ch


     driftfile /etc/ntp/drift
     #multicastclient  # listen on default
     #broadcastdelay  0.008

     authenticate no

     #keys           /etc/ntp/keys
     #trustedkey     65535
     #requestkey     65535
     #controlkey     65535

     # by default ignore all ntp packets
     restrict mask ignore

     # allow localhost
     restrict mask

     # accept packets from...
     restrict mask
     restrict mask
     restrict mask

Take a look at references below to understand the configuration options.


NTP Basics

  • NTP stands for Network Time Protocol, and it is an Internet protocol used to synchronize the clocks of computers to some time reference. NTP is an Internet standard protocol originally developed by Professor David L. Mills at the University of Delaware.

  • SNTP (Simple Network Time Protocol) is basically also NTP, but lacks some internal algorithms that are not needed for all types of servers.

Time should be synchronized

Time usually just advances. If you have communicating programs running on different computers, time still should even advance if you switch from one computer to another. Obviously if one system is ahead of the others, the others are behind that particular one. From the perspective of an external observer, switching between these systems would cause time to jump forward and back, a non-desirable effect.

As a consequence, isolated networks may run their own wrong time, but as soon as you connect to the Internet, effects will be visible. Just imagine some EMail message arrived five minutes before it was sent, and there even was a reply two minutes before the message was sent.

Basic features of NTP

  • NTP needs some reference clock that defines the true time to operate. All clocks are set towards that true time. (It will not just make all systems agree on some time, but will make them agree upon the true time as defined by some standard.)

  • NTP uses UTC as reference time

  • NTP is a fault-tolerant protocol that will automatically select the best of several available time sources to synchronize to. Multiple candidates can be combined to minimize the accumulated error. Temporarily or permanently insane time sources will be detected and avoided.

  • NTP is highly scalable: A synchronization network may consist of several reference clocks. Each node of such a network can exchange time information either bidirectional or unidirectional. Propagating time from one node to another forms a hierarchical graph with reference clocks at the top.

  • Having available several time sources, NTP can select the best candidates to build its estimate of the current time. The protocol is highly accurate, using a resolution of less than a nanosecond (about 2^-32 seconds). (The popular protocol used by rdate and defined in [RFC 868] only uses a resolution of one second).

  • Even when a network connection is temporarily unavailable, NTP can use measurements from the past to estimate current time and error.

UTC (Universal Time Coordinated)

UTC (Universal Time Coordinated, Temps Universel Coordonné) is an official standard for the current time. UTC evolved from the former GMT (Greenwich Mean Time) that once was used to set the clocks on ships before they left for a long journey. Later GMT had been adopted as the world's standard time. One of the reasons that GMT had been replaced as official standard time was the fact that it was based on the mean solar time. Newer methods of time measurement showed that the mean solar time varied a lot by itself.The following list will explain the main components of UTC:

  • Universal means that the time can be used everywhere in the world, meaning that it is independent from time zones (i.e. it's not local time). To convert UTC to local time, one would have to add or subtract the local time zone.

  • Coordinated means that several institutions contribute their estimate of the current time, and UTC is built by combining these estimates.

NTP on Unix and Windows 2000

In this example we show, how to synchronize your Linux, Solaris and Windows 2000 Server (Primary Domain Controller) with the Public NTP Time Server: swisstime.ethz.ch

Public NTP Server in Switzerland

swisstime.ethz.ch (
Location: Integrated Systems Laboratory, Swiss Fed. Inst. of Technology,
CH 8092 Zurich, Switzerland
Geographic Coordinates: 47:23N, 8:32E
Synchronization: NTP primary (DCF77 clock), Sun-4/SunOS 4.1.4
Service Area: Switzerland/Europe
Access Policy: open access
Contact: Christoph Wicki (time@iis.ee.ethz.ch)

Configuration on Unix

Unix Workstation as NTP Client

The NTP client program ntpdate sets the system clock once. As real clocks drift, you need periodic corrections. Basically you can run ntpdate in a cron job hourly or daily, but your machine won't be an NTP server then.

Crontab entry to update the system clock once a day

0 2 * * * /usr/sbin/ntpdate -s -b -p 8 -u

  • -b 

Force the time to be stepped using the settimeofday() system call, rather than slewed (default) using the adjtime() system call. This option should be used when called from a startup file at boot time.

  • -p samples

Specify the number of samples to be acquired from each server as the integer samples, with values from 1 to 8 inclusive. The default is 4.

  • -s

Divert logging output from the standard output (default) to the system syslog facility. This is designed primarily for convenience of cron scripts.

  • -u

Direct ntpdate to use an unprivileged port or outgoing packets. This is most useful when behind a firewall that blocks incoming traffic to privileged ports, and you want to synchronise with hosts beyond the firewall. Note that the -d option always uses unprivileged ports.

Unix Workstation as NTP Server

First of all you have to download the NTP sources from www.ntp.org. On RedHat Linux 7.0 / 7.1 the NTP server ntpd is already included in the distribution.

The NTP server ntpd will learn and remember the clock drift and it will correct it autonomously, even if there is no reachable server. Therefore large clock steps can be avoided while the machine is synchronized to some reference clock. In addition ntpd will maintain error estimates and statistics, and finally it can offer NTP service for other machines.

  • Look at the Startup Script in /etc/rc.d/init.d/ntpd

start() {
        # Adjust time to make life easy for ntpd
        if [ -f /etc/ntp/step-tickers ]; then
             echo -n $"Synchronizing with time server: "
             /usr/sbin/ntpdate -s -b -p 8 -u \
             `/bin/sed -e 's/#.*//' /etc/ntp/step-tickers`
        # Start daemons.
        echo -n $"Starting $prog: "
        daemon ntpd
        [ $RETVAL -eq 0 ] && touch /var/lock/subsys/ntpd
        return $RETVAL

  • Insert swisstime.ethz.ch or more NTP Servers to /etc/ntp/step-tickers

  • Edit the configuration file /etc/ntp.conf

server  # local clock
server # swisstime.ethz.ch (stratum 1)
driftfile /etc/ntp/drift
multicastclient     # listen on default
broadcastdelay 0.008

  • Start NTP Server and check /var/log/messages

# /etc/rc.d/init.d/ntpd start


One of the quickest commands to verify that ntpd is still up and running as desired is ntpq -p. That command will show all peers used and configured together with their corner performance data.

# ntpq -p

     remote      refid    st t when poll reach   delay  offset jitter
 LOCAL(0)        LOCAL(0) 3 l    9   64  377    0.000   0.000   0.000
*swisstime.ethz. .DCFa.   1 u   17   64  377   25.088 -10.040   1.071

To obtain a current list peers of the server, along with a summary of each peer's state. Summary information includes the address of the remote peer, the reference ID ( if this is unknown), the stratum of the remote peer, the type of the peer (local, unicast, multicast or broadcast), when the last packet was received, the polling interval, in seconds, the reachability register, in octal, and the current estimated delay, offset and dispersion of the peer, all in milliseconds.

# ntpq -c pee swisstime.ethz.ch

     remote      refid   st t when poll reach   delay  offset jitter
*GENERIC(0)      .DCFa.   0 l   14   16  377    0.000   0.126  0.170
 LOCAL(0)        LOCAL(0) 6 l   13   64  377    0.000   0.000 10.010
 sns2-tss2.unige lantime  2 u  323 1024  377   11.000   0.014  1.770
+nz11.rz.uni-kar .DCF.    1 u   40   64  376  353.290  18.088 17.120
xjane.planNET.de .DCFa.   1 u   80  256  377  125.050 -38.018  0.210
+sombrero.cs.tu- .GPS.    1 u   49   64  377   36.070   1.159  0.790

# ntpdc

ntpdc> peers

Be sure that there is an entry for the the swisstime.ethz.ch server, and that there is an entry for your local net. The "st" (stratum) column for the ITD time servers should be "1" or "2", indicating that the time server are stratum-1/2 servers, e.g. they obtain their time from stratum-1 servers, which are directly connected to external time reference sources. If the stratum for any server is "16" then this server is not synchronizing successfully.

     remote           local     st poll reach delay   offset    disp
=LOCAL(0)       3  64 377 0.00000  0.000000 0.00095
=cosmos.hsz.akad        16  64   0 0.00000  0.000000 0.00000
*swisstime.ethz.  1 128 377 0.02658 -0.001197 0.00215

Configuration on Windows 2000 Workstation

Windows 2000 (Win2K) uses a time service, known as Windows Time Synchronization Service (Win32Time), to ensure that all Win2K computers on your network use a common time. The W32Time Service is a fully compliant implementation of the Simple Network Time Protocol (SNTP) as detailed in IETF RFC 1769. SNTP uses UDP port 123 by default. If you want to synchronize your time server with an SNTP server on the Internet, make sure that port is available.

  • Select a NTP server, using 

net time /setsntp:swisstime.ethz.ch

  • Start the W32time service with

net start W32Time

You can also set the start option of the Windows Time Synchronization Service (W32Time) to Automatic, so the service will start when Windows/2000 starts.

Set the following Registry Entries for the W32Time Service (marked in blue color)

The registry values are located in the following registry key:


  • AvoidTimeSyncOnWan : REG_DWORD (optional)
    Prevents the computer from synchronizing with a computer that is in another site.
    0 = the site of the time source is ignored [default]
    1 = the computer does not synchronize with a time source that is in a different site

  • GetDcBackoffMaxTimes : REG_DWORD (optional)
    The maximum number of times to double the backoff interval when successive attempts to find a domain controller do not succeed. An event is logged every time a wait of the maximum length occurs.
    0 = the wait between successive attempts is always the minimum and no event is logged
    7 = [default]

  • GetDcBackoffMinutes : REG_DWORD (optional)
    The initial number of minutes to wait before looking for a domain controller if the last attempt did not succeed. 15 = [default] 

  • LocalNTP : REG_DWORD
    Used to start the SNTP server.
    0 = do not start the SNTP server unless this computer is a domain controller[default]
    1 = always start the SNTP server

  • NtpServer : REG_SZ (swisstime.ethz.ch)
    NtpServer : REG_SZ (optional) Used to manually configure the time source. Set this to the DNS name or IP address of the NTP server to synchronize from. You can modify this from the command line by using the net time command. Value is blank by default

  • Period : REG_DWORD or REG_SZ
    Used to control how often the time service synchronizes. If a string value is specified, it must be one of special ones listed below.
    0 = once a day
    65535, "BiDaily" = once every 2 days
    65534, "Tridaily" = once every 3 days
    65533, "Weekly" = once every week (7 days)
    65532, "SpecialSkew" = once every 45 minutes until 3 good synchronizations occur, then once every 8 hours (3 per day) [default]
    65531, "DailySpecialSkew" = once every 45 minutes until 1 good synchronization occurs, then once every day
    freq = freq times per day

  • ReliableTimeSource : REG_DWORD (optional)
    Used to indicate that this computer has reliable time.
    0 = do not mark this computer as having reliable time [default]
    1 = mark this computer as having reliable time (this is only useful on a domain controller)

  • Type : REG_SZ
    Used to control how a computer synchronizes.
    Nt5DS = synchronize to domain hierarchy [default]
    NTP = synchronize to manually configured source
    NoSync = do not synchronize time

    The Nt5DS setting may not use a manual configured source.

The Adj and msSkewPerDay values are used to preserve information about the computer's clock between restarts. Do not manually edit these values.

More Information

For further information about NTP in Windows/2000 see


For further information about NTP see