It's About Time – The Importance of NTP for Networks
There is no doubt that time is money, and time is of utmost importance when dealing with network devices. An incorrect time running on network devices almost always reflects negatively on the stability and overall network behavior. Many services used daily heavily depend on the correct time, and any deviation can lead to disastrous results inside enterprise networks, causing a potential decrease in a business's profits.
For instance, generating logs with incorrect timestamps would make troubleshooting almost impossible. An incorrect time could also cause digital certificates to expire prematurely, preventing many users not being able to authenticate themselves and get appropriate access to the network. Because of expiring authentication keys, many routing protocol links will partially fail and generate reachability issues inside the local network.
___________________
Can't get the hardware you need?
Here's what one recent customer had to say:
"That was the fastest delivery, once you had PO I had the equipment in my warehouse." -- Robert W.
Send PivIT a request or connect with our Team in real-time using our chat feature.
___________________
In this article, we provide an overview of the Network Time Protocol (NTP), the benefits, and walk through the configuration steps to deploy basic NTP functionality to avoid network time issues.
View some of our other configuration guides:
- What Is a GRE Tunnel and How Do You Configure One?
- Best Practices for Switch Stacking Configuration
- Your Ultimate NAT Configuration Guide for Cisco IOS – Pt. 1
NTP Overview
Applying the correct time on network devices can be accomplished in two ways, manually or automatically. The manual approach requires setting the clock on each device separately. This approach will not only lead to time gaps between the clocks of the network devices but also be time-consuming. That is why this method is heavily avoided and rarely used.
On the other side, the automatic approach synchronizes the time across network devices dynamically. NTP is a simple yet clever protocol that runs over UDP on the source and destination port 123. Its design makes it extremely efficient because no more than one packet per minute is necessary for two devices to stay synchronized within a millisecond.
Look at the image above to understand how NTP operates. The source of the correct time is an authoritative time source such as a radio, GPS clock, or an atomic clock to which a time server is attached. This NTP server then distributes the time to other NTP servers or clients configured to use that one as an NTP source.
For example, when your edge router synchronizes its time with some public NTP server on the internet, it becomes an NTP server by default, and all other internal devices use it as an NTP server.
NTP is a very clever protocol and always avoids synchronizing to an NTP source that is not synchronized itself. Also, when several NTP servers are configured, NTP always compares the reported times and never synchronizes to an NTP source whose time is significantly different from the time of the others, even if its stratum is lower.
NTP Stratum
NTP uses the concept of a stratum to describe how many hops the synchronizing device is from the configured NTP server. Only the atomic and radio clocks have a stratum of 0 because they are the real source of the time shared.
Every other NTP server has a stratum number from 1 to 15. The highest possible level is stratum 16 and identifies a device that does not have a synchronized time source.
The reason for using the stratum number is the preference, meaning the lower the stratum, the closer the NTP server is to the device, resulting in less delay and a better overall time source. You can easily find many free-of-charge public NTP servers on the internet with a pretty low stratum number.
However, suppose you want to use a top-notch time source and have additional security (authentication). In that case, you usually have to pay for those services.
NTP Modes
NTP can operate in four different modes. These modes are:
- Server: The device in server mode is responsible for providing time information to NTP clients.
- Client: This mode is responsible for synchronizing its time to the NTP server. In most cases, devices that do not need to provide time to other devices are configured as NTP clients. However, even in client mode, the device can provide time information to other devices when required.
- Peer (Symmetric): This mode is best suited for situations where a group of peers with low stratum operate as mutual backups to one another.
- Broadcast/Multicast: This is a special mode for an NTP server, where it pushes time information to many clients without needing to be configured to use a specific NTP server.
___________________
Before we continue, ask yourself a couple of questions:
Do I have the time to handle configurations?
Do I have the bandwidth to configure my devices?
If you answered "No" to these questions, let PivIT handle the NTP configuration on your network with EXTEND. Hire an engineer to take on these basic configurations and more. Click below to learn more about SmartHands.
___________________
Example NTP Configuration
The configuration for basic NTP functionality consists of only a few commands. We will use the topology in the image below as a use case for this configuration example.
Router R1 serves as an edge router for connecting to the internet, as the NTP client should synchronize its time with the public NTP server using the IP address 203.0.113.1. Then, R1 should be used as an NTP server for the internal switches A-SW and D-SW, which will operate as NTP clients.
Setup NTP
The following commands should be used on the network devices to accomplish the NTP requirement:
Receiving the time information from the NTP server does not mean that the device has the correct time. It is based on GMT 0 time zone, so you must define that parameter anytime you are in a different time zone. Additionally, you need to enable daylight saving time (DLS) if that is the case. The commands for time zone +3 and using DLS time would look like this:
Verifying NTP
After the NTP configuration is finished, you need to verify that NTP is working correctly. You can use the "show clock" command to verify the local time on the device after the synchronization. To verify that the device is successfully synchronized to the NTP server, you can use the "show ntp associations" and "show ntp status" commands:
Check out our Cisco article where we configure NTP on a Nexus 7000.
Require More Advanced NTP Features?
Now that you are familiar with NTP, you can easily implement this protocol in your network and protect against various problems that might arise from using an incorrect time on devices.
Although the above configuration is basic, advanced features can be implemented if your network environment requires it. Look out for future PivIT articles detailing these advanced features. Don't miss a single article, and subscribe to our newsletter.