One of the new topics that has (up to this point) not been covered on Cisco’s CCNA level exams has been the Network Time Protocol (NTP). Time synchronization is used within a network for two main purposes: to maintain very high accuracy synchronization between Time Division Multiplexing (TDM) nodes and to maintain clock time between devices to ensure well organized error reporting and simplifying troubleshooting.
In a TDM network, nodes rely on the accuracy of the time sources between each other to ensure that traffic is sent and received within expected time intervals; this part of clock synchronization is not within the scope of this article and will not be covered further. NTP is used when maintaining clock time between network nodes; this is very useful information when attempting to troubleshoot problems without a network. Without this synchronization of clock time, tracking the errors reported from one device to another can’t be easily correlated to ensure the root problem encountered can be found.
NTP Clock Hierarchy
The common terminology that is used to reference the accuracy of clocks is called the Stratum hierarchy. The easiest way to think of this structure is to think of a tree structure; at the top of the tree is the most accurate clock and at the bottom is the least accurate. The most accurate clock available is referred to as a Reference clock or a Stratum 0 clock source. This level of clock accuracy is not available over a network and is only located in a few world locations as this type of source is extremely expensive. A Stratum 1 clock source is the most accurate network source available, and is usually directly connected to a Stratum 0 clock. Each time a network clock signal traverses down another branch of the tree, it loses a single Stratum of clock accuracy. So, if a computer within a network obtains its clock from a Stratum 1 source, its clock would be considered a Stratum 2 time source and so on up to a maximum of a Stratum 15 (Stratum 16 is equivalent to no external clock at all). On a typical network, no network device should be using a source that is lower than a Stratum 3 source.
Figure 1 shows a visual representation of the Stratum hierarchy.
Figure 1 Stratum hierarchy example
As mentioned in the introduction, NTP is a protocol used on networks to maintain clock time. Most modern PCs are pre-configured to use common trusted Internet clocks to synchronize clock time without many people even knowing. NTP uses IP (or IPv6) to synchronize the clocks of a network (specifically UDP port 123), and is probably one of the most underused protocols on many small- to medium-sized networks. The implementation of NTP is very simple on LAN-based networks and is not overly complex to configure on WAN networks; often the problem is familiarity. With Cisco adding NTP to the CCNA exams, knowledge of NTP should become a requisite skill for all new network engineers.
There are two different main ways to configure NTP: poll-based and broadcast-based. On poll-based NTP implementations, devices are specifically configured with the addresses of the time sources that they will use as their clock source; these addresses are then polled on regular intervals to ensure accurate (or at least synchronous) time. When using a broadcast-based NTP implementation, the NTP servers send out broadcasts of the NTP clock; listening NTP clients are then able to use this information to synchronize their clocks.
Poll-based NTP implementations are also split into two additional modes of operation: client (only) mode and symmetric active mode. When in NTP client mode, a device is tasked with requesting and receiving time from an NTP server; the NTP server will ignore any time related information sent from the client. When in NTP symmetric active mode, a device is tasked with both requesting time from an NTP server and responding to time requests from configured peers; in this scenario, the configured peers work together to obtain the best time should a known authoritative source go unreachable.
One issue that needs to be addressed early for those learning NTP is that the security of the NTP system is vital. If a rouge clock source was able to penetrate into a network, it enables attackers the ability to alter vital systems clocks and thus make correlating illegal activity almost impossible (just imagine attempting to match up surveillance time codes or server activity logs).
Cisco offers a number of different methods of securing NTP including NTP access groups (in combination with configured access lists) and NTP authentication. Every publicly accessible NTP deployment should at very least be isolated with access-lists to ensure rouge internal or external clocks can’t be inserted into the NTP time hierarchy.
It is almost impossible to find any large-scale enterprise that does not use NTP within their infrastructure (and if you can you really have to wonder about their network management). Where clock synchronization seems to be implemented less is in small- and medium-sized networks where the network management either is not familiar with how NTP works or does not see their network as big enough to require its use. In either case, it very important for any network engineer/administrator to implement NTP to ensure accurate clocks, not only to greatly improve the effectiveness and speed of troubleshooting, but to also ensure that if any security incident does happen to the network, it can be accurately tracked and investigated.
The next article in this series will cover the configuration of NTP, and it will show that this configuration is not overly complex and can be done without requiring any additional funding with only the functionality that is built into all Cisco routers (and most of their other devices). I hope that in reading this article, you will be motivated to look into the possibilities that exist with NTP and how easy it really is to configure it within a Cisco (as well as most other vendors) networks.