Category list

18.11 Other Points Relating to NTP

NTP uses as its logfile /var/adm/syslog/syslog.log . If you want to turn on monitoring traffic counts, you can do so by either using the xntpdc command monlist or adding the line enable monitor . It is a common feature that is activated by interested NTP administrators. In this way, we can monitor where requests are coming from and if necessary restrict access based on subnet address, IP address, or even relationship with another node. I will leave you to explore these on your own.

Something else that you may come across is the concept of slewing time. The configurations I have suggested here include a step-change at system boot-up with the ntpdate command. Therein, xntpd makes the necessary small adjustments as necessary. These small adjustments will, we hope, not be noticed by most applications. If, however, you have a particularly sensitive application, you can enforce xntpd to make all adjustments in a very slow fashion. This is known as slewing . When we have particularly slow WAN links, the offset encountered may be such that significant step-change will be necessary, sometimes even backward. This can cause problems to databases, particularly financial applications. If this sounds like it may apply to you, investigate the “x option to xntpd (if used, ensure that you update the line export XNTPD_ARGS= in the file /etc/rc.config.d/netdaemons ). This will force xntpd to slew times gently toward a zero offset. This means that your clocks will take significantly longer to synchronize with your timeservers. A similar behavior can be found with ntpdate and the “B option. I leave it to you to think about it.

Chapter Review

I feel that what we have covered here will stand you in good stead for setting up your NTP network. We have looked at many aspects of time, everything from the scientific definition of time (how long is a second?), all the way through to setting up NTP servers using various NTP relationships in order to try to provide a calibrated and accurate time to our system. If you want some further reading, there is a great document supplied with HP-UX that covers most of what we have talked about. The document lives in:

root@hpeos002[] #

ll /usr/share/doc/NTP_Primer.txt

-r--r--r--   1 bin        bin          50413 Apr 24  2001 /usr/share/doc/NTP_Primer.txt

root@hpeos002[] #

The only other thing to remember is to keep timeservers running for as long as possible. They will calibrate their clocks more accurately over time and be more able to serve your public well.

Test Your Knowledge

1:	The NTP software is able to reset your system clock backward in time. True or False?
2:	When selecting a time source, the NTP software will always choose the highest stratum server that is currently available. True or False?
3:	Peer servers can provide time services to each other in order for the NTP software to establish which node is providing the most reliable time. True or False?
4:	It is possible to set up an NTP server that will maliciously corrupt the system clocks of other machines on a connected network. True or False?
5:	NTP clients need not synchronize themselves with a given server, but simply accept any broadcast time messages transmitted on the network. True or False?

Answers to Test Your Knowledge


A1:	True. This is sometimes undesirable, but is possible by default.

A2:	False. Although the stratum level does indicate a good source of time, the NTP software will also use the `disp` , `reach` , and `offset` values when selecting a reliable timeserver.

A3:	True.

A4:	True. By default, clients will accept the time they receive from a timeserver. If this server is providing bogus information, it will be accepted as being truthful . Authentication is possible between NTP machines and should be considered , at least for any peer relationships established.

A5:	True. A client can be configured as a `broadcastclient` .

Flylib.com

Category list

Similar pages

18.11 Other Points Relating to NTP