RNP - Rede Nacional de Ensino e Pesquisa

português | español


 

 

About RNP | Partnership | Contact

 

Services | Backbone operation | Technologies | R&D | Networks | Qualification | Events

 

RNP > Technologies > NTP > NTP at RNP > NTP hierarchy

NTP 
 

1. Abstract
2. Motivation
3. Background
4. Model for RNP's backbone
5. Place hosting NTP statum 1 server
6. NTP Version and operational system to be considered
7. Monitoring
8. Expected Results

1. Abstract

This document shows CAIS's (Security Incident Response Team) proposal to implement NTP's (Network Time Protocol) hierarchy in RNP's backbone.

In items 2 and 3 we provide the background and motivation justifying the project as a whole, showing the importance of implanting an NTP hierarchy which allows the synchronization of the computers and network equipment connected to RNP's backbone.

In item 4 the model that will be used to implant such a hierarchy is presented in details. We list aspects that should be considered in the process of choosing the servers with which to synchronize and propose a policy of access to NTP servers based on the level (stratum) on which these servers will operate.

In item 5 we discuss some pre-requisites to be considered when choosing the place to host the NTP stratum 1 server.

Some complementary details, such as the operational system and NTP version to be used to implement the servers of NTP hierarchy, are mentioned in item 6.

In item 7 we show a proposal of monitoring of NTP hierarchy.

Finally, item 8 presents the results expected after the implantation of NTP hierarchy.

2. Motivation

NTP - Network Time Protocol - servers allow their clients to synchronize their computer clocks as well as other kinds of network equipment using a standard reference of time accepted worldwide, known as UTC (Universal Time Coordinated).

In the broad Internet, time synchronization is crucial to millions of computers exchanging information: people sharing databases, processing several kinds of transactions (such as: e-commerce, personal banking), etc. It is exactly in this environment of open information sharing that the need for a common time reference, which can be precise and reliable, becomes essential.

Suppose, for example, that it is the deadline to send the Income Tax declaration, the clock of the machine hosting Federal Reserve's website is one minute fast and the time limit to perform this operation expires at 8:00 p.m. Any declaration sent after 7:59 p.m. will be rejected, causing damage to the contributor. Delays of up to one or two minutes are rather common when an NTP scheme is not used.

From the point of view of network administration, using NTP is clearly an advantage since it permits automatic synchronization of all the equipment that is hooked up. In other words, the administrator does not have to go from machine to machine setting the local clock.

In terms of security, clock synchronization of the several computers connected to the Internet is vital. Many times it has not been possible to determine certain events occurring in different nets due to the clock synchronization of their computers, which makes the logs register times which are inconsistent among themselves.

In general, it has been noticed that the more complex the distributed applications implemented by means of the Internet, the more significant the quality of time synchronization in the Internet.

3. Background

In Brazil, the use of NTP servers for synchronization is still very incipient. A recent study of NTP servers in the Internet Internet, rmade by Nelson Minar, shows that both NTP stratum 1 and stratum 2 servers are hardly used in the country.

Up to now, no public NTP stratum 1 server has been available in the country, therefore making RNP's initiative the first of this kind. What is known is that, in the sphere of the Steering Committee, a similar initiative is being discussed, the one to implant an NTP stratum 1 server on the atomic clock of the National Observatory.

Regarding stratum 2 servers, Minar's report also indicates that in addition to the fact that there are very few of them, in most cases there is no organized hierarchy nor a defined access policy associated to them. On the other hand, although there are no access restrictions to them, these servers are not usually made known to the public.

Dave Mills, one of the most active contributors to the development of NTP protocol and current maintainer of NTP's homepage, includes in this website the official lists of stratum 1 and stratum 2 public servers spread worldwide. At present, there is no Brazilian NTP server catalogued there.

In terms of RNP, in 1998, CAIS - RNP's Security Incident Response Team - permitted the implantation of stratum 2 and 3 NTP servers in the networks of RNP's Units and PoPs. The Units, the PoPs with 2Mb access and CAIS were part of the first group (stratum 2); the remaining PoPs belonged to the second group (stratum 3).

The current project of implantation of an NTP hierarchy is much more daring. RNP's NTP stratum 1 server is expected to serve as a time reference not only to the PoPs' internal networks and RNP's Support Units, but also to the public in general, obviously based on a defined hierarchy and access policy.

4. Model for RNP's backbone

NTP implements a model of synchronization hierarchically distributed. On top, there are the stratum 1 time servers, computers connected directly to high precision devices known as "reference clocks" (or stratum 0 servers). Typically, these devices can be atomic clocks, GPS (Global Positioning Systems) receivers or radio receivers. Any NTP server having as a time reference a stratum 1 server becomes a stratum 2; any NTP server having as a time reference a stratum 2 server becomes a stratum 3, and so on.

RNP's NTP stratum 1 server in particular will use GPS technology, which gets the time directly from a group of satellites.

Topology of NTP Hierarchy at RNP

Picture 4.1: Model of NTP Hierarchy in RNP's backbone


As picture 4.1 indicates, the proposal is that the NTP hierarchy in RNP's backbone be as follows:

  • NTP stratum 1 server (ntp1.rnp.br) is on top of NTP hierarchy
  • The following institutions/units believe to have good chances of a being stratum 1 server's clients:
    • Support Units (ntp.na-xx.rnp.br): NA-CP, NA-RC, NA-DF, NC-RJ and CAIS.
    • Points of Presence (ntp.pop-yy.rnp.br): All.
    • State Networks (ntp.dominio.rede.estadual)
    • Any other network, in or out of RNP's backbone, which proves to have technical capacity and convenience to act as a time base to a significant community of users.
  • All of them, in their turn, will work as NTP stratum 2 servers. 2.
  • The aforementioned NTP stratum 2 servers shall allow the creation of NTP stratum 3 servers in the client networks.

4.1. NTP Servers with which to synchronize

The proposal consists of:

  • In the case of stratum 1:
    • synchronizing with 3 stratum 1 servers abroad (to implement redundancy);
    • synchronizing with 2 "peer" stratum 1 servers in Brazil (none is known at the moment).
  • In the case of stratum 2:
    • synchronizing with RNP's stratum 1 server (ntp1.rnp.br);
    • synchronizing with another Brazilian stratum 1 server, if possible (nowadays, no NTP stratum 1 public server is known in the country);
    • synchronizing with a stratum 1 server abroad;
    • synchronizing with 2 "peer" stratum 2 Brazilian servers (ntp.pop-xx.rnp.br or belonging to other NTP hierarchies different from that of RNP).

Obviously, in the process of choosing the servers with which to synchronize, one should consider aspects such as: lower stratum level, precision and physical proximity (to avoid long delays and the generation of unnecessary traffic). Similarly, one should avoid common points of failure and the creation of loops.

4.2. Access Policy

CAIS's proposal is that:

  • The access to RNP's stratum 1 server be restricted to:
    • only NTP stratum 2 servers, connected to RNP's backbone or not;
    • Brazilian stratum 1 servers wishing to synchronize as "peers".
  • Access to NTP stratum 2 servers of RNP's Support Units be restricted to:
    • NTP stratum 2 servers (peers);
    • NTP client machines of the respective local networks.
  • Access to NTP stratum 2 servers implemented in the PoPs, State Networks and other authorized networks be restricted to:
    • NTP stratum 3 servers for synchronization
    • stratum 2 servers for redundancy purposes (peers)
    • NTP client machines of the respective local networks.

5. Place hosting NTP stratum 1

At this point, it is important to consider the following at the time of choosing:

  • The place shall have the necessary infrastructure to the GPS installation. Basically:
    • horizontal visibility as clear as possible (without obstructions) to pick up satellite signals;
    • protection against lightning;
    • it is recommendable that the GPS antenna be placed as far as possible from transmission antennas, radars, equipment of communication by means of satellites and cellular transmitters.
  • The NTP server machine shall be available 24 hours/7 days. Moreover, it shall start automatically after a failure. It is essential to have a contact (ntp-admin@rnp.br) to solve eventual technical problems that the NTP stratum 1 server, or access to it, may show. Places which have constant power failures should be avoided.
  • Good speed connection. In this sense, the points of the pentagon would be the most indicated: Brasília, Rio de Janeiro, São Paulo, Belo Horizonte, Porto Alegre.
  • Physical proximity to the clients, that is to say, minimizing the delta-hops function so as not to cause unnecessary delays.
  • Good accessibility, in the sense of availability.
  • Points of Presence holding FIX will be preferred.

6. NTP Version and Operational System to be used

6.1. Which NTP version to use

Nowadays, NTPv3 and NTPv4 versions are available. Although the first one is considered the oficial Internet standard , CAIS recommends that the NTP servers be implemented using version 4, for the following reasons:

This version incorporates new functionalities and refinements in the algorithms used in version 3, resulting in code reduction and consequently, speed improvement. Moreover, the precision as well as the authentication scheme have been improved.
Version 4 has been continuously developed and improved.
It is totally compatible with NTP clients of previous versions.
It offers more support to reference clock drivers.
6.2. Which operational system to use

There are NTPv3 and NTPv4 implementations, of public domain, which run in most Unix operational systems , among which: AIX, HP-UX, Irix, Linux, SCO Unix, OSF/1, Solaris, system V.4, FreeBSD. In the NTPv4 implementation in particular, the NTP server for Windows NT systems is included; however, the aforesaid implementation has problems related to: time resolution, support to reference clock drivers, authentication and name resolution.

Therefore, CAIS strongly recommends implementing NTP servers in Unix platforms.

7. Monitoring

By creating a program ("spider") which consults the servers of a particular NTP hierarchy, CAIS intends to monitor NTP stratum 2 and 3 servers in RNP's backbone on a regular basis so as to ensure the sanity of the service in terms of quality, reliability and strength.

8. Expected Results

From its Points of Presence, state networks and other authorized networks, RNP intends to organize a stratum 2 hierarchy to be used by the public in general. This hierarchy will distribute the amount of processing, resulting in a stabler and more reliable service to the fnal user.

After making this new service known, RNP hopes that in the next two months all its Points of Presence will have implemented their local NTP servers, allowing the subsequent creation of NTP stratum 3 servers in the client networks.



RNP News

Documents

Publications

08.26.2006

Copyright RNP

Rede Nacional de Ensino e Pesquisa

Rua Lauro Müller, 116 sala 3902

22290-906 Rio de Janeiro RJ

phone: 55 21 2102-9660

fax: 55 21 2279-3731