Network Time Protocol (NTP) Overview
As important as device monitoring is, it will provide limited results when networks have incorrect times. Correct time synchronization is essential for networks to ensure that they function properly, remain secure, and comply with regulations. Moreover, it allows for easier troubleshooting when problems arise.
Generating logs with incorrect timestamps would make troubleshooting almost impossible. An incorrect time could also cause digital certificates to expire prematurely, preventing many users from not being able to authenticate themselves to get appropriate access to the network. Because of expiring authentication keys, many routing protocol links will partially fail and generate reachability issues inside the local network.
NTP is a protocol that synchronizes the time of devices within a network. It works by exchanging time information between NTP servers and clients. The servers are typically synchronized with a reference time source, such as an atomic clock or a GPS receiver, and they provide accurate time information to the clients.
When a client wants to synchronize its clock, it sends a request to a server for the current time. The server responds, and the client adjusts its clock accordingly. The client can also check the accuracy of the server's clock and use multiple servers to increase the accuracy of its own clock.
NTP is a very clever protocol and always avoids synchronizing with an NTP source that is not synchronized itself. Simultaneously, when an NTP client synchronizes its time with an NTP server (local or on the internet), it automatically makes that device an NTP server, allowing it to distribute the time to other potential NTP clients.
NTP Stratum
NTP uses the concept of a "stratum" to describe how many hops the synchronizing device is from the configured NTP server. Only the atomic and radio clocks have a stratum of 0 because they are the originating sources of time.
The NTP stratum number ranges between 0 and 16. The highest level (stratum 16) identifies a device that does not have a synchronized time source.
The communication between stratum 1 devices and atomic and radio clocks is direct and does not rely on NTP. Any other communication between stratum 1 and 15 devices are based on NTP communication.
The reason for using the stratum number is the preference it provides, meaning the lower the stratum, the closer the NTP server is to the device, resulting in less delay and a better overall time source. You can easily find many free-of-charge public NTP servers on the internet with a pretty low stratum number.
NTP is a simple yet clever protocol that runs over UDP on the source and destination ports 123. When several NTP servers are configured, NTP always compares the reported times and never synchronizes with an NTP source whose time is significantly different from the time of the others, even if its stratum is lower.
Example NTP Configuration
The configuration for basic NTP functionality consists of only a few commands. We will use the topology in the image below as a use case for this configuration example.
Router R1 serves as an edge router for connecting to the internet, and as an NTP client, it should synchronize its time with the public NTP server on the internet. Then, R1 should be used as an NTP server for the internal switches A-SW and D-SW, which will operate as NTP clients.
To configure an NTP server on a Cisco device, you need to use the ntp server ip-address command. The following commands should be used on the network devices to synchronize the time:
Receiving the time information from the NTP server does not mean that the device has the correct time. It is based on the GMT 0 time zone, so you must define that parameter anytime you are in a different time zone. Additionally, you need to enable daylight saving time (DLS) if that is the case.
To configure daylight saving and the correct time zone, you must use the clock summer-time zone recurring and clock timezone zone-name hours-offset commands, respectively. The commands to set time zone +3 and DLS time would look like this:
Verifying NTP
After the NTP configuration is finished, you need to verify that NTP is working correctly. You can use the show clock command to verify that the local time on the device after the synchronization is correct. To verify that the device is successfully synchronized with the NTP server, you can use the show ntp associations and show ntp status commands: