This paper mainly introduces the NTP server in detail from the following aspects: THE COMMUNICATION protocol of NTP, the hierarchy concept of NTP server, the installation and configuration of NTP server, the installation and configuration of Client, the startup and observation of NTP server.


Review of previous article:
A preliminary Firewalld

The clock recorded inside the computer is recorded in the BIOS(CMOS), but if the CMOS battery above the computer is out of power, or some special factors cause the BIOS data to be cleared, the computer time will not be accurate. In real life, we can adjust our watch through TV stations, radio stations, telephones, so in the network, we need the NTP server to keep the correct time information of our host at any time.

How many time zones are there in the world? What time zone is GMT in?

There are 24 Time zones in the world, because it is 360 degrees around the earth, which is divided into 24 Time zones, of course a Time zone is 15 degrees, and because Greenwich Mean Time (GMT) is the standard Time, although Beijing Time is the standard Time later, But Linux does not reflect this change, so Beijing time is not visible when defining time zones by default in Linux. Because China is east of Greenwich, Local time in Beijing is 8 hours ahead of GMT +8.

1.NTP communication protocol

Network Time Protocol, how to synchronize Time between server and client?

1) First, of course, the host starts the daemon

2) After that, the client checks the time message with the NTP server

3) Then the NTP Server sends the current standard time to the Client

4) After receiving the time from the Server, the Client adjusts its own time to achieve network time calibration

The NTP daemon is connected to Port 123 (using UDP packets), so when we use the Time Server to synchronize Time updates, we need to use the NTPDate provided by the NTP software to connect to Port 123.

2,Hierarchical concepts of NTP servers

Because the NTP server uses stratum to process time synchronization, it uses a common server/client master-slave structure. Network society provides some major and secondary time servers, which belong to the first and second order time servers (stratum-1, stratum-2).

Tips: In fact, the hierarchical concept of NTP is very similar to DNS. If you set up an NTP host, the main host that the NTP requires to synchronize is stratum 1, then your NTP is stratum 2. For example, If our NTP requires time synchronization from Taiwan’s tock.stdtime.gov.tw, our host will be stratum 3. If other NTP hosts require time synchronization from us, This console would have stratum-4! That’s it! How many classes can there be at most? Up to 15 classes.

3,Install and configure the NTP server

3.1 Checking whether the NTP service Component is installed in the System

rpm -qa | grep "ntp"                Check whether the NTP component is installed. The following two components are installedNtpdate - 4.2.6 p5-1. El6. Centos. X86_64 NTP - 4.2.6 p5-1. El6. Centos. X86_64Copy the code

3.2 yum install

Yum -y install ntp1.3 NTPCopy the code

3.3 Configuration Files

The configuration file

/etc/ntp.confCopy the code

The default content of the configuration file

egrep -v "^ $| #" ntp.conf        Rule out default comments and blank lines
driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap nopeer noquery     # reject all operations on the default clientRestrict-6 Default kod nomodify notrap nopeer noQuery RESTRICT 127.0.0.1Allow all operations on the local address
restrict -6 ::1
server 0.centos.pool.ntp.org iburst     # Default upper-layer time server
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keysCopy the code

Modify the configuration

cat /etc/ntp.conf
driftfile /var/lib/ntp/drift
restrict default kod nomodify notrap nopeer noquery     # reject all operations on the default clientRestrict-6 Default kod nomodify notrap nopeer noQuery RESTRICT 127.0.0.1Allow all operations on this machineRestrict 192.168.1.0 Mask 255.255.255.0 nomodifyAllow all clients on the LAN to connect to this serverRestrict-6 ::1 Synchronizes time. But refused to let them change the time on the server#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp1.aliyun.com          Synchronize the time of the public networkServer 127.127.1.0If you cannot connect to the public network, use your own time as the standard time.Fudge 127.127.1.0 stratum 10# Set stratum
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keysCopy the code

3.4 RESTRICT Security parameters

Ignore: disables all NTP online services. Nomodify: The client cannot change the time parameters of the NTP server, but the client can perform network time correction on the NTP server. Notrust: The source of the client is regarded as an untrusted subnet unless the client is authenticated. Time query on the client is not provided

4,
Install and configure the Client

The client installation is the same as that on the server.

4.1 Configuration File

driftfile /var/lib/ntp/drift restrict default kod nomodify notrap nopeer noquery restrict -6 default kod nomodify notrap Nopeer noquery RESTRICT 127.0.0.1 RESTRICt-6 ::1#server 0.centos.pool.ntp.org iBurst #<== comment the default upper-layer time server
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntpserver        #<== add your own time server
includefile /etc/ntp/crypto/pw
keys /etc/ntp/keysCopy the code

5,Server startup

Run the following command to start the NTP service on the server:

/etc/init.d/ntpd startCopy the code

Add start start:

chkconfig ntpd onCopy the code

6,NTP startup and observation

6.1 Viewing the Boot Port



This indicates that the NTP server has started, but it takes some time to connect to the upper-layer NTP server. Usually, the connection between the NTP server and the upper-layer NTP server is successful within 15 minutes after the NTP server is started. How to ensure that our NTP server has a smooth update of its own time? You can use the following instructions to check it out (please wait for a few minutes and then check it out with the following instructions) :

6.2 Checking the Upper-Layer NTP Server Connection



This command can list whether our NTP server is online with the upper layer. As you can see from the above output, the time has been corrected by about 258 * 10^(-3) seconds, and will actively update the time every 512 seconds!

6.3 List the current status of our NTP and related upper-layer NTP



Meanings of each parameter:

In fact, this output tells us that the time is really good! Because the difference is within 0.001 seconds, can be consistent with our general use. In addition, you can also check your BIOS time and Linux system time difference, is /var/lib/nt/drift this file content, can understand our Linux system time and BIOS hardware clock in the end how long difference? The units are 10 to the minus 6 seconds.

7,Pay attention to

In order for your NTP Server/Client to actually work, pay attention to the above actions:

  • In the above ntpstat and NTPQ -p output, your NTP server really needs to be able to connect to the upper-layer NTP server! Otherwise your client will not be able to synchronize updates to your NTP server! Important important!

  • The time of your NTP server must not differ much from that of the upper layer.

  • Is the server firewall on UDP port 123? Pay special attention to it!


This article was first published on the public account “Mi Operation and Maintenance”. Click to view the original article.