Difference between revisions of "NTP Server"

From Earlham CS Department
Jump to navigation Jump to search
(The Configuration File)
Line 17: Line 17:
  
 
==The Configuration File ==
 
==The Configuration File ==
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
#This is a backup from an intermediate stage of modification.
+
 
driftfile /var/lib/ntp/ntp.drift
+
#This is a backup from an intermediate stage of modification.
+
driftfile /var/lib/ntp/ntp.drift
+
 
# Enable this if you want statistics to be logged.
+
 
statsdir /var/log/ntpstats/
+
# Enable this if you want statistics to be logged.
+
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
+
 
filegen loopstats file loopstats type day enable
+
statistics loopstats peerstats clockstats
filegen peerstats file peerstats type day enable
+
filegen loopstats file loopstats type day enable
filegen clockstats file clockstats type day enable
+
filegen peerstats file peerstats type day enable
+
filegen clockstats file clockstats type day enable
+
 
# You do need to talk to an NTP server or two (or three).
+
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
+
#server ntp.your-provider.example
+
# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+
# pick a different set every time it starts up.  Please consider joining the
# pick a different set every time it starts up.  Please consider joining the
+
# pool: <http://www.pool.ntp.org/join.html>
# pool: <http://www.pool.ntp.org/join.html>
+
#the following four were defaults
#the following four were defaults
+
 
+
server 216.171.120.36  maxpoll 4 minpoll 4 #chicago NIST
server 216.171.120.36  #chicago NIST
+
server 127.127.20.0 mode 0 prefer # the gps is a server
server 127.127.20.0 mode 0 prefer # the gps is a server
+
fudge 127.127.20.0 flag1 1 flag2 0 flag3 1 time2 0.600
fudge 127.127.20.0 flag1 1 flag2 0 flag3 1 time2 0.600
+
 
+
#server 127.127.1.0        #local clock, just in case gps is down
#server 127.127.1.0        #local clock, just in case gps is down
+
#fudge 127.127.1.0 stratum 10
#fudge 127.127.1.0 stratum 10
+
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+
# might also be helpful.
# might also be helpful.
+
#
#
+
# Note that "restrict" applies to both servers and clients, so a configuration
# Note that "restrict" applies to both servers and clients, so a configuration
+
# that might be intended to block requests from certain clients could also end
# that might be intended to block requests from certain clients could also end
+
# up blocking replies from your own upstream servers.
# up blocking replies from your own upstream servers.
+
 
+
 
+
#Allows all users on the Earlham network, characterized by IPv4 address
#Allows all users on the Earlham network, characterized by IPv4 address
+
#starting with 159.28, to synchronize.
#starting with 159.28, to synchronize.
+
restrict default kod nomodify notrap
restrict default kod nomodify notrap  
+
restrict 159.28.0.0 mask 255.255.0.0 nomodify notrap
restrict 159.28.0.0 mask 255.255.0.0 nomodify notrap
+
 
+
# Local users may interrogate the ntp server more closely.
# Local users may interrogate the ntp server more closely.
+
restrict 127.0.0.1
restrict 127.0.0.1
+
restrict ::1
restrict ::1
+
 
+
# Clients from this (example!) subnet have unlimited access, but only if
# Clients from this (example!) subnet have unlimited access, but only if
+
# cryptographically authenticated.
# cryptographically authenticated.
+
#restrict 192.168.123.0 mask 255.255.255.0 notrust
#restrict 192.168.123.0 mask 255.255.255.0 notrust
+
 
+
 
+
# If you want to provide time to your local subnet, change the next line.
# If you want to provide time to your local subnet, change the next line.
+
# (Again, the address is an example only.)
# (Again, the address is an example only.)
+
#broadcast 159.28.230.6
#broadcast 159.28.230.6
+
 
+
# If you want to listen to time broadcasts on your local subnet, de-comment the
# If you want to listen to time broadcasts on your local subnet, de-comment the
+
# next lines.  Please do this only if you trust everybody on the network!
# next lines.  Please do this only if you trust everybody on the network!
+
#disable auth
#disable auth
+
#broadcastclient
#broadcastclient
 

Revision as of 16:05, 22 January 2014

proto.cs.earlham.edu is an ntp timeserver for Earlham's network. The time value it outputs come from some weighted average of two inputs. The first input is a NIST server located in Chicago. The second input is a GPS device on the fourth floor of dennis (in a box connected to the 4th floor lab's closet).

Setup Procedure (Serverside)

Plug the GPS device into proto via USB. Make a symbolic link from the presence of the USB device on proto to /dev/gps0. Use the configuration file in the footer of this page or edit your configuration file to contain many of its ideas. Restart the ntp daemon.

Setup Procedure (Clientside)

Insert this line into your ntp.conf: "server 159.28.230.6"

Testing and Debugging

Type 'ntpdc' into your shell. That should give you an interpreter to which you will give the command 'peers'. If there is the value "=proto.cs.earlham.edu" in the first column of the output, then you are getting your time from proto.

Explanation of Choices

Since it is easy to configure one's time to a NIST timeserver and NIST uses highly accurate atomic clocks, you might wonder why we bother with the GPS. The locality of the GPS elimintates network latency and network jitter as sources of error. While, for Earlham, the GPS signal may be more accurate, it is also less reliable. Somebody might accidentally unplug the GPS and HIP might not notice for a few hours/days, whereas the NIST server's importance means that attentive, skillful people would notice problems sooner. Considering this worst case scenario, and the fact that the different between 3:17:30 and 3:17:20 100% of the time is less important to most people than the difference between 4:17:30 and 3:17:30 0.28 percent of the time, it is best to mix the inputs

The Configuration File

  1. /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
  1. This is a backup from an intermediate stage of modification.

driftfile /var/lib/ntp/ntp.drift


  1. Enable this if you want statistics to be logged.

statsdir /var/log/ntpstats/

statistics loopstats peerstats clockstats filegen loopstats file loopstats type day enable filegen peerstats file peerstats type day enable filegen clockstats file clockstats type day enable

  1. You do need to talk to an NTP server or two (or three).
  2. server ntp.your-provider.example
  3. pool.ntp.org maps to about 1000 low-stratum NTP servers. Your server will
  4. pick a different set every time it starts up. Please consider joining the
  5. pool: <http://www.pool.ntp.org/join.html>
  6. the following four were defaults

server 216.171.120.36 maxpoll 4 minpoll 4 #chicago NIST server 127.127.20.0 mode 0 prefer # the gps is a server fudge 127.127.20.0 flag1 1 flag2 0 flag3 1 time2 0.600

  1. server 127.127.1.0 #local clock, just in case gps is down
  2. fudge 127.127.1.0 stratum 10
  3. Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
  4. details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
  5. might also be helpful.
  6. Note that "restrict" applies to both servers and clients, so a configuration
  7. that might be intended to block requests from certain clients could also end
  8. up blocking replies from your own upstream servers.


  1. Allows all users on the Earlham network, characterized by IPv4 address
  2. starting with 159.28, to synchronize.

restrict default kod nomodify notrap restrict 159.28.0.0 mask 255.255.0.0 nomodify notrap

  1. Local users may interrogate the ntp server more closely.

restrict 127.0.0.1 restrict ::1

  1. Clients from this (example!) subnet have unlimited access, but only if
  2. cryptographically authenticated.
  3. restrict 192.168.123.0 mask 255.255.255.0 notrust


  1. If you want to provide time to your local subnet, change the next line.
  2. (Again, the address is an example only.)
  3. broadcast 159.28.230.6
  1. If you want to listen to time broadcasts on your local subnet, de-comment the
  2. next lines. Please do this only if you trust everybody on the network!
  3. disable auth
  4. broadcastclient