# Network Time Protocol (NTP) The Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. Designed by [[David Mills]] at the University of Delaware, NTP has been in use since 1985, making it one of the oldest Internet protocols still in active use. It is defined in RFC 5905 (NTPv4), which superseded earlier versions dating back to RFC 958 (1985). NTP operates on UDP port 123 and is capable of synchronizing clocks to within a few milliseconds over the public Internet, and sub-millisecond accuracy on local area networks. The protocol uses a hierarchical system of time sources organized into strata. Stratum 0 devices are high-precision timekeeping devices such as atomic clocks, GPS receivers, or radio clocks. Stratum 1 servers are directly connected to stratum 0 devices and serve as the primary time servers. Each subsequent stratum synchronizes with the stratum above it, with stratum 16 representing an unsynchronized device. NTP uses intersection, clustering, and combining algorithms to select the best time sources and mitigate the effects of variable network latency. ## How NTP Works 1. The NTP client sends a request packet with a timestamp to an NTP server 2. The server adds its own timestamps (receive and transmit) and returns the packet 3. The client records the arrival time and calculates the round-trip delay and clock offset 4. The client adjusts its clock gradually (slewing) or immediately (stepping) depending on the offset magnitude ## Key Concepts | Concept | Description | |---------|-------------| | **Stratum** | Hierarchical level indicating distance from reference clock (0-15) | | **Slewing** | Gradually adjusting the clock rate to correct small offsets | | **Stepping** | Immediately setting the clock for large offsets | | **Drift** | The rate at which a clock gains or loses time | | **Jitter** | Variation in latency between NTP packets | | **Poll interval** | Time between successive NTP queries (64s to 1024s typically) | ## Common Implementations - **[[Chrony]]**: Modern, lightweight implementation preferred on most Linux distributions. Handles intermittent connectivity and virtualized environments well - **[[ntpd]]**: The reference implementation by [[David Mills]]. Still widely used but being replaced by Chrony on many distributions - **systemd-timesyncd**: Minimal SNTP client built into [[systemd]], suitable for simple synchronization needs - **OpenNTPD**: Developed by the OpenBSD project, focused on security and simplicity ## Security NTP has historically been vulnerable to amplification attacks (used in DDoS) and spoofing. Network Time Security (NTS), defined in RFC 8915, adds cryptographic authentication to NTP to address these concerns. NTS uses TLS for key exchange and provides packet authentication without requiring symmetric key distribution. ## References - https://en.wikipedia.org/wiki/Network_Time_Protocol - https://www.ietf.org/rfc/rfc5905.txt - https://www.ntp.org/ - https://datatracker.ietf.org/doc/html/rfc8915 ## Related - [[Chrony]] - [[ntpd]] - [[David Mills]] - [[systemd]] - [[Domain Name System (DNS)]]