THE ADMIN's LAB : LINUX(49)- NETWORK TIME PROTOCOL (NTP) -3

LINUX(49)- NETWORK TIME PROTOCOL (NTP) -3

Now time to consider the commands, output values and configuration file in detail.

Log / Security / troubleshooting

How to know the service ntpd is running or not?

How to check NTP server is alive and responding to ntp queries?

How to check the NTP status?

Understanding output of “ntpq -p”

Important config files related to NTP,

How to check the current ntp configuration status?

What if you wanted your local machine to server as NTP server?

How to use Local Clock as Backup?

How to enable NTP logging?

What is driftfile and drift value?

how to verify ntp process is running or not?

How to update ntp time manually?

How to check the sync and time accuracy?

how to check ntp port 123 is working or not?

How to know the service ntpd is running or not?

[root@rhel7-server ~]# systemctl status ntpd [RHEL 7]

[root@rhel6-server2 ~]# service ntpd status [RHEL 6]

If service is stopped then start,

[root@rhel7-server ~]# systemctl start ntpd [RHEL 7]

[root@rhel6-server2 ~]# service ntpd start [RHEL 6]

How to check NTP server is alive and responding to ntp queries?

# ntpdate -q <ntp server>

[root@rhel7-server ~]# ntpdate -q 192.168.135.133

server 192.168.135.133, stratum 3, offset -0.013654, delay 0.02646

11 Jan 15:56:00 ntpdate[47596]: adjust time server 192.168.135.133 offset -0.013654 sec

-q to query only, it does not adjust/sync time with ntp server.

How to check the NTP status?

[root@rhel6-server2 ~]# ntpq -p

remote refid st t when poll reach delay offset jitter

==============================================================================

+45.86.70.11 194.80.204.184 2 u 196 128 266 318.621 23.715 64.722

+173.249.41.242 17.253.54.123 2 u 51 128 377 203.394 31.973 86.815

+a.ams.pobot.net 17.253.34.125 2 u 205 128 266 193.956 18.797 79.490

*static.15.192.2 194.58.200.20 2 u 57 128 377 179.253 -9.812 35.935

Understanding output of “ntpq -p”

* synchronization server (current time source)

+ server ready for update (which we can synchronize with)

— server not recommended for synchronization

x server unavailable

REMOTE: Indicates the remote NTP server(s) with exact time (here we see the server list from /etc/ntp.conf)

REFID: Is the remote server's current source for time Or shows the server DNS name Or top-level server of remote server

ST: Indicates remote servers current stratum level

T: peer type (u- unicast, m- multicast, l = local, - = don't know)

WHEN: Time of last synchronization in seconds

POLL: Time took by NTP daemon to sync with remote server in seconds

REACH: Indicates the peer reachability by the NTP process, reported as an octal value. After eight successful synchronization attempts, value will be 377. A value of 0 means that the last eight attempts were unsuccessful (means no time sync from the remote server).

an 8-bit left-rotating register. Any 1 bit means that a "time packet" was received. The right most bit indicate the status of the last connection with the NTP server. It is Octal number. For example 377 translates to 11111111. Each 1 means a successful connection to the NTP server. If you just start a NTP service, and it connects successfully with its server, this number will change as follows (assuming connectivity is good):

00000001 = 001

00000011 = 003

00000111 = 007

00001111 = 017

00011111 = 037

00111111 = 077

01111111 = 177

11111111 = 377

DELAY: Response delay of NTP packets (from host to remote and back) in milliseconds from remote server used to choose best nearest server.

OFFSET: Time difference (in ms) between host and remote server; a positive value means that our clock is fast, negative means it’s slow

JITTER: NTP jitter is a measurement of the variance in latency on the network. If the latency on the network is constant, there is no jitter.

Network latency is the time delay between when data is sent on a network to when it is received. The jitter associated with a timing reference indicates the magnitude of variance, or dispersion, of the signal. Different timing references have different amounts of jitter. The more accurate a timing reference, the lower the jitter value. Jitter is usually measure in milliseconds.

Important config files related to NTP,

/etc/ntp.conf – Default configuration file

/var/lib/ntp/drift – Default drift file

/etc/ntp/keys – Default key file

/etc/sysconfig/ntpd – The file will be read by the ntpd init script on service start

How to check the current ntp configuration status?

[root@rhel7-server ~]# ntpdc -c sysinfo

system peer: 192.168.135.133

system peer mode: client

leap indicator: 00

stratum: 4

precision: -24

root distance: 0.25150 s

root dispersion: 0.17468 s

reference ID: [192.168.135.133]

reference time: e1c42d1a.61bde73f Sat, Jan 11 2020 16:46:42.381

system flags: auth ntp kernel stats

jitter: 0.000000 s

stability: 0.000 ppm

broadcastdelay: 0.000000 s

authdelay: 0.000000 s

What if you wanted your local machine to server as NTP server?

Add following to /etc/ntp.conf and restart ntpd service. (uncomment previous ntp entries if present)

server 127.127.1.0 # local clock

fudge 127.127.1.0 stratum 10

[root@rhel6-server2 ~]# ntpq -p

remote refid st t when poll reach delay offset jitter

==============================================================================

LOCAL(0) .LOCL. 10 l 2 64 1 0.000 0.000 0.000

How to use Local Clock as Backup?

This should must include to our ntp.conf file to avoid any discrepancy in case of internet disconnection. Like this,

server 0.in.pool.ntp.org

server 1.in.pool.ntp.org

server 2.in.pool.ntp.org

server 3.in.pool.ntp.org

server 127.127.1.0 # local clock

fudge 127.127.1.0 stratum 10

O/P after configuring local clock,

[root@rhel6-server2 ~]# ntpq -pn

remote refid st t when poll reach delay offset jitter

==============================================================================

+162.159.200.1 10.222.8.4 3 u 39 64 175 51.165 13.811 41.484

*38.143.223.53 17.253.16.125 2 u 39 64 175 275.011 6.579 20.736

-157.119.108.165 213.251.53.217 3 u 42 64 175 97.885 39.062 26.327

+162.159.200.123 10.222.8.4 3 u 39 64 175 83.138 29.983 3.536

127.127.1.0 .LOCL. 10 l 38 64 177 0.000 0.000 0.000

How to enable NTP logging?

Add following line to /etc/ntp.conf

logfile /var/log/ntp.log

DRIFTFILE:

The driftfile entry in /etc/ntp.conf tells ntpd the name of the file where it can find and store the clock drift, also known as frequency error, of the system clock. If the file exists at startup, it is read and the value is used to initialize ntpd's internal value of the frequency error. The file is updated once every hour by ntpd. It usually takes a day or so after the daemon is started to compute a good estimate of the clock drift. Once the initial value is computed, it will change only by relatively small amounts during the course of continued operation. Because ntpd needs a good estimate to synchronize closely to its server, there should always be a driftfile entry in /etc/ntp.conf.

Below explanation is taken from

https://www.halolinux.us/suse-enterprise-server-guide-2/using-the-ntp-drift-file.html

Thanks to Mr. William Frazier for excellent and simplest illustration….

** instead of SUSE I changed to RHEL,

No matter how secure the local clock on your computer is, it always has a small defect: either the clock is running too fast or the clock is running too slow. A clock may, for example, have a difference of two seconds every hour; this difference is referred to as the drift factor of the clock. Since NTP is designed also to synchronize time when the connection to the NTP time server is lost, it is important that the NTP process on your local computer knows what exactly the difference is. You can calculate the drift factor by comparing the local clock with the clock on the server that provides NTP time to the local machine. To calculate the right setting for the drift factor, it is important that an accurate time is used on the other server.

When NTP time synchronization has been established, a drift file is created automatically. On RHEL, this file is created in /var/lib/ntp/drift. From this file, the local NTP process calculates the exact drifting of your local clock, which allows it to compensate for that. The drift file is created automatically, so as an administrator, you don't need to worry about it. However, you can tune where the file is created by using the driftfile parameter in ntp.conf:

driftfile /var/lib/ntp/drift

Note: Remember that NTP is a daemon. Like most daemons, it reads its configuration file only when it is first started. So, after all the modifications, restart ntpd to make sure the modifications are applied to your current configuration.

how to verify ntp process is running or not?

[root@rhel6-server2 ~]# ps -ef |grep ntpd

ntp 8860 1 0 15:37 ? 00:00:00 ntpd -u ntp:ntp -p /var/run/ntpd.pid -g

root 9142 5658 0 16:15 pts/2 00:00:00 grep ntpd

[root@rhel6-server2 ~]# pgrep ntpd

8860

How to update ntp time manually?

Stop the ntp service,

[root@rhel6-server2 ~]# service ntpd stop

Shutting down ntpd: [ OK ]

Select the upstream server and update time with that,

[root@rhel6-server2 ~]# ntpdate -u 1.in.pool.ntp.org