Network Time Protocol

I.

Introduction:

The acronym NTP stands for Network Time Protocol which is an internet standard protocol
used to synchronize the clocks of all the systems in a network to a specific reference time. It was
developed by Professor David L. Mills at the University of Delaware.

II.

Purpose of NTP Protocol:

This protocol helps to synchronize all the computer systems in a network to a specific reference
time (coordinated universal time also called as UTC).

a. whats the need of time synchronization?

In order to have a better communication between different systems in a network, they all should
be synchronized to a time otherwise independent isolated networks may be formed resulting time
lags and leads. For example, in a university network if the systems are not synchronized with
time leading to a disturbance in applications running schedule programs like calendar events,
submission deadlines etc. Just like earlier in a banking network all the systems should be time
synchronized to avoid transaction malfunctions and accurate time stamping. Even on single

independent system some programs face trouble with unsynchronized time. Time stamps are
used everywherestarting from logging files to banking apps and airline industries.Thus for a
seamless communication and running applications simultaneously without any trouble, all the
systems in a network should be synchronized to a time.

III.

Evolution of NTP:

Network time protocol is the arguably oldest internet application which has been continuously
operating from three decades with continuous enhancements. It was developed by Professor
David L. Mills at the University of Delaware.

a. History:

NTP was first demonstrated at National Computer Conference 79 which is the first public
presentation of internet technology operating over transatlantic satellite network, but it was not
until 1981 this time synchronization technology was documented in the internet engineering note
series IEN-173. The first protocol for public use was developed from it and was referenced in
request for comments (RFC)-778. The first deployment of this technology in a local area
network was as an integral function of the Hello routing protocol documented in RFC- 891,
which survived for many years in a network prototyping and testbed operating system called the
Fuzzball which later became NTP Version 0 implemented in 1985. Considering the modest
speeds of networks and computers of the era, the nominal accuracy that could be achieved on an

Ethernet was in the low tens of milliseconds. Even on paths spanning the Atlantic, where the
jitter could reach over one second, the accuracy was generally better than 100 ms.
b. Versions of NTP:

Version 1 of the NTP specification was documented three years later in RFC-1059. It contained
the first comprehensive specification of the protocol and algorithms, including primitive versions
of the clock filter, selection and discipline algorithms. The design of these algorithms was guided
largely by a series of experiments, documented in RFC-956, in which the basic theory of the
clock filter algorithm was developed and refined. This was the first version which defined the
use of client/server and symmetric modes and, of course, the first version to make use of the
version field in the header. A transactions paper on NTP Version 1 appeared in 1991. This was
the first paper that exposed the NTP model, including the architecture, protocol and algorithms,
to the technical engineering community. While this model is generally applicable today, there
have been a continuing series of enhancements and new features introduced over years, some of
which are described in following sections.

The NTP Version 2 specification followed as RFC-1119 in 1989. A completely new

implementation slavish to the specification was built by Dennis Fergusson at U Toronto. This
was the first RFC in PostScript and as such the single most historically unpopular document in
the RFC publishing process. This document was the first to include a formal model and state
machine describing the protocol and pseudo-code defining the operations. It introduced the NTP
Control Message Protocol for use in managing NTP servers and clients, and the cryptographic
authentication scheme based on symmetric-key cryptography, both of which survive to the

present day. There was considerable discussion during 1989 about the newly announced Digital
Time Synchronization Service (DTSS), which was adopted for the Enterprise network. The
DTSS and NTP communities had much the same goals, but somewhat different strategies for
achieving them. However, the Marzullo algorithm in its original form produced excessive jitter
and seriously degraded timekeeping quality over typical Internet paths. The algorithm, now
called the intersection algorithm, was modified to avoid this problem. The resulting suite of
algorithms has survived substantially intact to the present day, although many modifications and
improvements have been made over the years.

In 1992 the NTP Version 3 specification appeared, again in PostScript and now running some
113 pages. The specification included an appendix describing a formal error analysis and an
intricate error budget including all error contributions between the primary reference source over
intervening servers to the eventual client. This provided the basis to support maximum error and
estimated error statistics, which provide a reliable characterization of timekeeping quality, as
well as a reliable metric for selecting the best from among a population of available servers. As
in the Version 2 specification, the model was described using a formal state machine and pseudo
code. This version also introduced broadcast mode and included reference clock drivers in the
state machine.

In the years since the version 3 specification, NTP has evolved in various ways adding new
features and algorithm revisions while still preserving interoperability with older versions.
Somewhere along the line, it became clear that a new version number was needed, since the state

machine and pseudo code had evolved somewhat from the version 3 specification, so it became
NTP Version 4.

IV. Working of NTP:

a. Mechanism

NTP or Network Time Protocol is a standard protocol for the transfer of time between
computers. Typically, GPS time servers use the network time protocol to synchronize large
networks of computers to the correct time. Synchronization of time is very important in large
distributed networks in order to ensure events occur in an ordered manner.

NTP is used to ensure that the time on computers is synchronized to a single accurate
reference clock. All the computers can then be provided with a synchronized time from which to
operate.In fact, not only computers can use NTP, many other networks products use it to get
accurate time, such as; routers, switches, telephone systems, CCTV systems, digital video
recorders (DVRs) and networked clocks, amongst others.

NTP operates in a hierarchical manner. At the highest level, stratum-1, a NTP time server
device obtains accurate time from a hardware time source such as GPS. It uses the accurate
time reference to synchronize its internal clock. Precise time is then passed on to stratum-2
NTP servers, who in turn use it to synchronize their internal clocks and so on down the line.
Each lower level, or stratum, sees a slight decline in accuracy. The hierarchical system allows

the load of a large number of clients to be shared between a number of lower-level stratum
devices, rather than all trying to access the higher-level device.

A NTP client synchronizes by periodically requesting time from a NTP server. The server
responds by providing an accurate time stamp. Each NTP request and response is timestamped, so that round-trip delay calculations can be performed to further improve accuracy.

V.

Architectures and Algorithms

The overall organization of the NTP architecture is shown in Figure below. It is useful in this
context to consider the implementation as both a client of upstream (lower stratum) servers
and as a server for downstream (higher stratum) clients. It includes a pair of peer/poll
processes for each reference clock or remote server used as a synchronization source. Packets
are exchanged between the client and server using the on-wire protocol.

Overall organization of the NTP architecture

The protocol is resistant to lost, replayed or spoofed packets.

The poll process sends NTP packets at intervals ranging from 8 s to 36 hr. The intervals are
managed to maximize accuracy while minimizing network load. The peer process receives NTP
packets and performs the packet sanity tests. The flash status word reports in addition the results
of various access control and security.
Packets that fail one or more of these tests are summarily discarded. Otherwise, the peer process
runs the on-wire protocol that uses four raw timestamps: the origin timestamp T1 upon departure
of the client request, the receive timestamp T2 upon arrival at the server, the transmit
timestamp T3 upon departure of the server reply, and the destination timestamp T4 upon arrival at
the client. These timestamps, which are recorded are used to calculate the clock offset and
roundtrip delay samples:
offset = [(T2 - T1) + (T3 - T4)] / 2,
delay = (T4 - T1) - (T3 - T2).

Algorithms:
Algorithms are the heart of NTP designs All the statistics for one or more peer processes are
processed by algorithms which are refined and refined in every version.
Algorithms used in NTP are:
Marzullos Algorithm

NTP is based on Marzullos algorithm which is invented by Keith Marzullo in 1984 which is
used to select an accurate time source from a number of noisy time sources.Marzullo's algorithm
is used for producing an optimal value from a set of estimates with confidence intervals where
the actual value may be outside the confidence interval for some sources. A modified version of
Marzullos algorithm called intersection algorithm is used in modern network time protocol.
Unlike Marzullos, this algorithm produces a larger interval than Marzullos interval by including
intersection points to Marzullos interval.
NTP is a hierarchical structure - each layer of which is called the stratum. At the very top are the
extremely precise atomic clocks, then we have the first layer of nodes, second layer, and so on.
To synchronize to the global time, each node will query several other nodes in both its parent
stratum as well as its own stratum and receive several interval pairs, one from each node that it
queried. So now which interval should it finally choose? Marzullo's algorithm gives one way of
choosing the interval - simply choose an interval which is a subset of the largest number of
returned intervals.

Now it is a simple algorithm to find that interval which appears in the largest number of the
returned intervals. Basically we would need to consider each possible time interval (this will not
be just the returned intervals but also could be a sub interval of some returned interval, etc.) and
for each interval we would need to count in how many of the returned intervals it is active and
return that interval which is active for the maximum number of returned intervals. Each interval
is of the form [start, end].
Method:

Step1: Represent each returned interval in the following form [start, +1], [end, -1]
Step2: You now have a list of tuples, the first element of which is a time.
Sort these tuples by the time, irrespective of whatever is the second element. So you would have
[t(i), val(i)], [t(i+1), val(i+1)], ... where val(i) = 1.
Step3: initialize two vars count = 0 and max =0
Step4: Now run through the sorted tuples and set count = count + val(i)
Compare if count > max then
set max = count
set answer = [t(i), t(i+1)]
Step5: Return answer

Clock Filter Algorithm

The clock filter algorithm processes the offset and delay samples produced by the on-wire
protocol for each peer process separately. It uses a sliding window of eight samples and picks out
the sample with the least expected error.
Figure below shows a typical wedge scatter gram plotting sample points of offset versus delay
collected over a 24-hr period. As the delay increases, the offset variation increases, so the best
samples are those at the lowest delay. There are two limb lines at slope 0.5, representing the
limits of sample variation. However, it is apparent that, if a way could be found to find the

sample of lowest delay, it would have the least offset variation and would be the best candidate
to synchronize the system clock.

A typical NTP client will regularly poll three or more servers on diverse networks. To
synchronize its clock, the client must compute their time offset and round-trip delay. Time
offset is defined by

and the round-trip delay by

,
where
T1 is the client's timestamp of the request packet transmission,
T2 is the server's timestamp of the request packet reception,
T3 is the server's timestamp of the response packet transmission and

T4 is the client's timestamp of the response packet reception.

The values for and are passed through filters and subjected to statistical analysis. Outliers are
discarded and an estimate of time offset is derived from the best three remaining candidates. The
clock frequency is then adjusted to reduce the offset gradually, creating a feedback loop.
The synchronization is correct when both the incoming and outgoing routes between the client
and the server have symmetrical nominal delay. If the routes do not have a common nominal
delay, there will be asystematic bias of half the difference between the forward and backward
travel times.
The clock filter algorithm works best when the delays are statistically identical in the reciprocal
directions between the server and client. In configurations where the delays are not reciprocal, or
where the transmission delays on the two directions are traffic dependent, this may not be the
case. In the clock filter algorithm, the offset and delay samples from the on-wire protocol are
inserted as the youngest stage of an eight-stage shift register, thus discarding the oldest stage.

Clock Cluster Algorithm

The clock cluster algorithm processes the truechimers produced by the clock select algorithm to
produce a list of survivors. These survivors are used by the mitigation algorithms to discipline
the system clock. The cluster algorithm operates in a series of rounds, where at each round the
truechimer furthest from the offset centroid is pruned from the population. The rounds are
continued until a specified termination condition is met.

First, the truechimer associations are saved on an unordered list with each candidate entry
identified with index i (i = 1, ..., n), where n is the number of candidates. Let (i), be the offset
and (i) be the root distance of the ith entry. Recall that the root distance is equal to the root
dispersion plus half the root delay. For the ith candidate on the list, a statistic called the select
jitter relative to the ith candidate is calculated as follows.

Pictorial representation clock cluster algorithm

Letdi(j) = |(j) (i)| (i),
where (i) is the peer offset of the ith entry and (j) is the peer offset of the jth entry, both
produced by the clock filter algorithm. The metric used by the cluster algorithm is the select jitter
S(i) computed as the root mean square (RMS) of the di(j) as j ranges from 1 to n. For the
purpose of notation in the example to follow, let R(i) be the peer jitter computed by the clock
filter algorithm for the ith candidate.

Clock Select Algorithm

The clock select algorithm determines from a set of sources, which are correct true chimers and
which are not falsetickers according to a set of formal correctness assertions. The principles are
based on the observation that the maximum error in determining the offset of a candidate cannot
exceed one-half the roundtrip delay to the primary reference clock at the time of measurement.
This must be increased by the maximum error that can accumulate since then.
First, a number of sanity checks is performed to sift the selectable candidate from among the
source population. The sanity checks are summarized as follows:
1. A stratum error occurs if (1) the source had never been synchronized or (2) the stratum of
the source is below the floor option or not below the ceiling. The default values for these
options are 0 and 15, respectively. Note that 15 is a valid stratum, but a server operating
at that stratum cannot synchronize clients.
2. A distance error occurs for a source if the root distance (also known add synchronization
distance) of the source is not below the distance threshold maxdist option. The default
value for this option is 1.5 s for networks including only the Earth, but this should be
increased to 2.5 s for networks including the Moon.
3. A loop error occurs if the source is synchronized to the client. This can occur if two peers
are configured with each other in symmetric modes.
4. An unreachable error occurs if the source is unreachable or if the server or peer command
for the source includes the no-select option.
The clock select algorithm works as shown in the below figure

Clock Select Algorithm

Wire shark NTP packet capture:
The following is the screen shot of NTP packet capture

Typical NTP packet is as shown in the below image

Mechanism of NTP packet exchange:

NTP uses User datagram protocol for packet exchange. It uses port 123. The following is the
mechanism of NTP packet exchange
Client sends the request with its timestamp
Server returns the packet with three timestamps:
1.Echo of client time stamp
2.When did server receive request
3.When did server send the response
Client estimate the offset/drift (the time difference) between client and server
Client can have many servers, but normally chooses only one NTP server to sync time
Minimize the offset/drift and skew with feedback loop
Thus client time is synched with server time.

VI.

Pros and Cons of NTP

Pros:
1. Synchronization with the internet

The time is observed accurately between the internet and your devices using a network time
protocol server. At this point all of our devices are expected to display regular time with the
internet from time to time. The time can vary outstandingly from connected device to the other
device, which is not connected to the network time protocol server.
2. Total system synchronization
When all the technology within a building or network synchronizes to the same NTP server at
this time the NTP servers can send their time information out to many different systems at the
same time.

3. Enhanced security

A NTP server in an internal to the premise, less number chances to the system hacking or system
attack. Internal NTP server can reduce the internet connection where the total system becomes
harmful to cyber-attacks and viruses.

Cons:

1.Down servers:
Sometimes an NTP networks can crash or shutting down for a certain period of time, duration
can vary depends on the situation. During this crash time, the systems may start to drift from the
correct time and fail to match other device clocks that are used by the same server.

2.Not all servers guarantee accurate time:

Most of the NTP networks are accurate and reliable even though all the servers not transmit the
accurate data because mistakes can have happened by the human or technological aspects. In
NTP servers time zone is very important because server is being used for accounting for your
time zone and also for whether your location observes DST or not. For a reliable and safe
alternative to keeping time, consider using an NTP as your everyday time source for technical
equipment.
VII.

NTP in Future:

At the beginning of the new century it is quite likely that precision timekeeping technology has
evolved about as far as it can give the realities of available computer hardware and operating
systems. Using specially modified kernels and available interface devices, While not many
computer applications would justify such heroic means, the demonstration suggests that the

single most useful option for high performance timekeeping in a modern workstation may be a
temperature compensated or stabilized oscillator.
In spite of the protocol modification, broadcast mode provides somewhat less accuracy than
client/server mode, since it does not track variations due to routing changes or network loads. In
addition, it is not easily adapted for autonomous deployment. It is likely that future deployment
of public NTP services might well involve an optional timestamping service, perhaps for-fee.
This agenda is being pursued in a partnership with NIST and Certified Time, Inc. In fact, several
NIST servers are now being equipped with timestamping services. This makes public-key
authentication a vital component of such a service,
In future development of time synchronization technology for planetary networks and deep space
missions is expected. It is expected to refine the NTP Auto key protocol and incorporate
refinements. It is expected to continue the testing and verification program with UTC leap
seconds. It is expected to have further refine the Many cast model to improve stability in
networks with large numbers of servers and clients.

VIII.

Conclusion

Thus Internet time keeping protocol which played a crucial role in the development and
successful running of internet and various internet applications is refined over years by many
volunteers and will achieve more precision in the coming future with most diverse
applications.

IX.

References:

1.
2.
3.
4.

https://www.eecis.udel.edu/~mills/exec.html
https://www.eecis.udel.edu/~mills/exec.html#disc
https://www.eecis.udel.edu/~mills/ntp.html
http://www3.cs.stonybrook.edu/~jgao/CSE590-spring11/91-ntp.pdf

5.
6.
7.
8.
9.

http://www.ntp.org/ntpfaq/NTP-s-def.htm
http://www.ntp.org/
https://www.eecis.udel.edu/~mills/ntp/html/index.html
https://en.wikipedia.org/wiki/Network_Time_Protocol
https://www.youtube.com/watch?v=vHR0OF7iVRk