Difference between revisions of "NTP Server"

From Earlham CS Department
Jump to navigation Jump to search
(The Configuration File)
(The Configuration File)
Line 17: Line 17:
  
 
==The Configuration File ==
 
==The Configuration File ==
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
+
# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
  
#This is a backup from an intermediate stage of modification.
+
#This is a backup from an intermediate stage of modification.
driftfile /var/lib/ntp/ntp.drift
+
driftfile /var/lib/ntp/ntp.drift
  
  
# Enable this if you want statistics to be logged.
+
# Enable this if you want statistics to be logged.
statsdir /var/log/ntpstats/
+
statsdir /var/log/ntpstats/
  
statistics loopstats peerstats clockstats
+
statistics loopstats peerstats clockstats  
filegen loopstats file loopstats type day enable
+
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
+
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
+
filegen clockstats file clockstats type day enable
  
# You do need to talk to an NTP server or two (or three).
+
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
+
#server ntp.your-provider.example
# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
+
# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
+
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
+
# pool: <http://www.pool.ntp.org/join.html>
#the following four were defaults
+
#the following four were defaults
 +
 +
server 216.171.120.36  maxpoll 4 minpoll 4 #chicago NIST
 +
server 127.127.20.0 mode 0 prefer # the gps is a server
 +
fudge 127.127.20.0 flag1 1 flag2 0 flag3 1 time2 0.600
 +
 +
#server 127.127.1.0        #local clock, just in case gps is down
 +
#fudge 127.127.1.0 stratum 10
 +
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
 +
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
 +
# might also be helpful.
 +
#
 +
# Note that "restrict" applies to both servers and clients, so a configuration
 +
# that might be intended to block requests from certain clients could also end
 +
# up blocking replies from your own upstream servers.
 +
  
server 216.171.120.36  maxpoll 4 minpoll 4 #chicago NIST
+
  #Allows all users on the Earlham network, characterized by IPv4 address
server 127.127.20.0 mode 0 prefer # the gps is a server
+
#starting with 159.28, to synchronize.
fudge 127.127.20.0 flag1 1 flag2 0 flag3 1 time2 0.600
+
restrict default kod nomodify notrap
 
+
restrict 159.28.0.0 mask 255.255.0.0 nomodify notrap
#server 127.127.1.0        #local clock, just in case gps is down
+
#fudge 127.127.1.0 stratum 10
+
# Local users may interrogate the ntp server more closely.
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
+
restrict 127.0.0.1
# details. The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
+
restrict ::1
# might also be helpful.
+
#
+
# Clients from this (example!) subnet have unlimited access, but only if
# Note that "restrict" applies to both servers and clients, so a configuration
+
# cryptographically authenticated.
# that might be intended to block requests from certain clients could also end
+
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# up blocking replies from your own upstream servers.
+
 
+
 
+
# If you want to provide time to your local subnet, change the next line.
#Allows all users on the Earlham network, characterized by IPv4 address
+
# (Again, the address is an example only.)
#starting with 159.28, to synchronize.
+
#broadcast 159.28.230.6
restrict default kod nomodify notrap
+
restrict 159.28.0.0 mask 255.255.0.0 nomodify notrap
+
# If you want to listen to time broadcasts on your local subnet, de-comment the
 
+
# next lines.  Please do this only if you trust everybody on the network!
# Local users may interrogate the ntp server more closely.
+
#disable auth
restrict 127.0.0.1
+
#broadcastclient
restrict ::1
 
 
 
# Clients from this (example!) subnet have unlimited access, but only if
 
# cryptographically authenticated.
 
#restrict 192.168.123.0 mask 255.255.255.0 notrust
 
 
 
 
 
# If you want to provide time to your local subnet, change the next line.
 
# (Again, the address is an example only.)
 
#broadcast 159.28.230.6
 
 
 
# If you want to listen to time broadcasts on your local subnet, de-comment the
 
# next lines.  Please do this only if you trust everybody on the network!
 
#disable auth
 
#broadcastclient
 

Revision as of 16:06, 22 January 2014

proto.cs.earlham.edu is an ntp timeserver for Earlham's network. The time value it outputs come from some weighted average of two inputs. The first input is a NIST server located in Chicago. The second input is a GPS device on the fourth floor of dennis (in a box connected to the 4th floor lab's closet).

Setup Procedure (Serverside)

Plug the GPS device into proto via USB. Make a symbolic link from the presence of the USB device on proto to /dev/gps0. Use the configuration file in the footer of this page or edit your configuration file to contain many of its ideas. Restart the ntp daemon.

Setup Procedure (Clientside)

Insert this line into your ntp.conf: "server 159.28.230.6"

Testing and Debugging

Type 'ntpdc' into your shell. That should give you an interpreter to which you will give the command 'peers'. If there is the value "=proto.cs.earlham.edu" in the first column of the output, then you are getting your time from proto.

Explanation of Choices

Since it is easy to configure one's time to a NIST timeserver and NIST uses highly accurate atomic clocks, you might wonder why we bother with the GPS. The locality of the GPS elimintates network latency and network jitter as sources of error. While, for Earlham, the GPS signal may be more accurate, it is also less reliable. Somebody might accidentally unplug the GPS and HIP might not notice for a few hours/days, whereas the NIST server's importance means that attentive, skillful people would notice problems sooner. Considering this worst case scenario, and the fact that the different between 3:17:30 and 3:17:20 100% of the time is less important to most people than the difference between 4:17:30 and 3:17:30 0.28 percent of the time, it is best to mix the inputs

The Configuration File

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
#This is a backup from an intermediate stage of modification.
driftfile /var/lib/ntp/ntp.drift


# Enable this if you want statistics to be logged.
statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats 
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
#the following four were defaults

server 216.171.120.36  maxpoll 4 minpoll 4 #chicago NIST
server 127.127.20.0 mode 0 prefer # the gps is a server
fudge 127.127.20.0 flag1 1 flag2 0 flag3 1 time2 0.600

#server 127.127.1.0         #local clock, just in case gps is down
#fudge 127.127.1.0 stratum 10
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.

#Allows all users on the Earlham network, characterized by IPv4 address
#starting with 159.28, to synchronize.
restrict default kod nomodify notrap
restrict 159.28.0.0 mask 255.255.0.0 nomodify notrap

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust


# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 159.28.230.6

# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient