لینوکس و شبکه

لینوکس و شبکه
طبقه بندی موضوعی
آخرین مطالب
  • ۹۹/۱۱/۱۳
    java

۲ مطلب با کلمه‌ی کلیدی «NTP-server» ثبت شده است

۲۴
خرداد

نصب در کلاینت

در سمت کلایت باید سرویس NTP را نصب نمایید:
sudo apt-get install ntp
sudo yum install ntp

بعد از نصب در فایل مسیر زیر آدرس سرور را مشخص نمایید:
sudo vim /etc/ntp.conf
 
server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst
نکته: عبارت iburst را در مقابل سرور قرار بدهید تا این که شدت کوئری زدن به سرور افزایش یابد (حتی در صورتی که امکان sync شدن برقرا نیست بصورت force عمل sync صورت گیرد)

بعد از این که تنظیمات انجام  شد سرویس را ریست نمایید:
sudo /etc/init.d/ntpd restart
 

تست کارکرد سرویس

از دستور زیر برای مشاهده کارایی استفاده می‌کنیم:
$ ntpq -pn
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*198.60.22.240   .GPS.            1 u  912 1024  377    0.488   -0.016   0.098
+199.104.120.73  .GPS.            1 u   88 1024  377    0.966    0.014   1.379
-155.98.64.225   .GPS.            1 u   74 1024  377    2.782    0.296   0.158
-137.190.2.4     .GPS.            1 u 1020 1024  377    5.248    0.194   0.371
-131.188.3.221   .DCFp.           1 u  952 1024  377  147.806   -3.160   0.198
-217.34.142.19   .LFa.            1 u  885 1024  377  161.499   -8.044   5.839
-184.22.153.11   .WWVB.           1 u  167 1024  377   65.175   -8.151   0.131
+216.218.192.202 .CDMA.           1 u   66 1024  377   39.293    0.003   0.121
-64.147.116.229  .ACTS.           1 u   62 1024  377   16.606    4.206   0.216

توضیحات  موارد بالا

    remote- The remote server you wish to synchronize your clock with
    refid- The upstream stratum to the remote server. For stratum 1 servers, this will be the stratum 0 source.
    st- The stratum level, 0 through 16.
    t- The type of connection. Can be "u" for unicast or manycast, "b" for broadcast or multicast, "l" for local reference clock, "s" for symmetric peer, "A" for a manycast server, "B" for a broadcast server, or "M" for a multicast server
    when- The last time when the server was queried for the time. Default is seconds, or "m" will be displayed for minutes, "h" for hours and "d" for days.
    poll- How often the server is queried for the time, with a minimum of 16 seconds to a maximum of 36 hours. It's also displayed as a value from a power of two. Typically, it's between 64 seconds and 1024 seconds.
    reach- This is an 8-bit left shift octal value that shows the success and failure rate of communicating with the remote server. Success means the bit is set, failure means the bit is not set. 377 is the highest value.
    delay- This value is displayed in milliseconds, and shows the round trip time (RTT) of your computer communicating with the remote server.
    offset- This value is displayed in milliseconds, using root mean squares, and shows how far off your clock is from the reported time the server gave you. It can be positive or negative.
    jitter- This number is an absolute value in milliseconds, showing the root mean squared deviation of your offsets.

 

علامت‌های کناری در remote server:

  • Next to the remote server, you'll notice a single character. This character is referred to as the "tally code", and indicates whether or not NTP is or will be using that remote server in order to synchronize your clock. Here are the possible values
  • " " Discarded as not valid. Could be that you cannot communicate with the remote machine (it's not online), this time source is a ".LOCL." refid time source, it's a high stratum server, or the remote server is using this computer as an NTP server.
    "x" Discarded by the intersection algorithm.
    "." Discarded by table overflow (not used).
    "-" Discarded by the cluster algorithm.
    "+" Included in the combine algorithm. This is a good candidate if the current server we are synchronizing with is discarded for any reason.
    "#" Good remote server to be used as an alternative backup. This is only shown if you have more than 10 remote servers.
    "*" The current system peer. The computer is using this remote server as its time source to synchronize the clock
    "o" Pulse per second (PPS) peer. This is generally used with GPS time sources, although any time source delivering a PPS will do. This tally code and the previous tally code "*" will not be displayed simultaneously.
 

توضیحات ستون refid:


     IP address- The IP address of the remote peer or server.
    .ACST.- NTP manycast server.
    .ACTS.- Automated Computer Time Service clock reference from the American National Institute of Standards and Technology.
    .AUTH.- Authentication error.
    .AUTO.- Autokey sequence error.
    .BCST.- NTP broadcast server.
    .CHU.- Shortwave radio receiver from station CHU operating out of Ottawa, Ontario, Canada.
    .CRYPT.- Autokey protocol error
    .DCFx.- LF radio receiver from station DCF77 operating out of Mainflingen, Germany.
    .DENY.- Access denied by server.
    .GAL.- European Galileo satellite receiver.
    .GOES.- American Geostationary Operational Environmental Satellite receiver.
    .GPS.- American Global Positioning System receiver.
    .HBG.- LF radio receiver from station HBG operating out of Prangins, Switzerland.
    .INIT.- Peer association initialized.
    .IRIG.- Inter Range Instrumentation Group time code.
    .JJY.- LF radio receiver from station JJY operating out of Mount Otakadoya, near Fukushima, and also on Mount Hagane, located on Kyushu Island, Japan.
    .LFx.- Generic LF radio receiver.
    .LOCL.- The local clock on the host.
    .LORC.- LF radio receiver from Long Range Navigation (LORAN-C) radio beacons.
    .MCST.- NTP multicast server.
    .MSF.- National clock reference from Anthorn Radio Station near Anthorn, Cumbria.
    .NIST.- American National Institute of Standards and Technology clock reference.
    .PPS.- Pulse per second clock discipline.
    .PTB.- Physikalisch-Technische Bundesanstalt clock reference operating out of Brunswick and Berlin, Germany.
    .RATE.- NTP polling rate exceeded.
    .STEP.- NTP step time change. The offset is less than 1000 millisecends but more than 125 milliseconds.
    .TDF.- LF radio receiver from station TéléDiffusion de France operating out of Allouis, France.
    .TIME.- NTP association timeout.
    .USNO.- United States Naval Observatory clock reference.
    .WWV.- HF radio receiver from station WWV operating out of Fort Collins, Colorado, United States.
    .WWVB.- LF radio receiver from station WWVB operating out of Fort Collins, Colorado, United States.
    .WWVH.- HF radio receiver from station WWVH operating out of Kekaha, on the island of Kauai in the state of Hawaii, United States.

دستوری برای چک شدن این که سرور در چه وضعیتی قرار دارد:
sudo yum install ntp

$ ntpq -c peer -c as -c rl
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 .               10.200.108.62    2 u   20   64    1    0.537    1.660   0.000
 .               .INIT.          16 u    -   64    0    0.000    0.000   0.000


ind assid status  conf reach auth condition  last_event cnt
===========================================================
  1 15488  9024   yes   yes  none    reject   reachable  2
  2 15489  8011   yes    no  none    reject    mobilize  1
 
associd=0 status=c012 leap_alarm, sync_unspec, 1 event, freq_set,
version="ntpd 4.2.6p5@1.2349-o Fri Jul 22 17:30:51 UTC 2016 (1)",
processor="x86_64", system="Linux/3.16.0-4-amd64", leap=11, stratum=16,
precision=-23, rootdelay=0.000, rootdisp=0.300, refid=INIT,
reftime=00000000.00000000  Mon, Jan  1 1900  3:25:44.000,
clock=dd970af2.38da6724  Sun, Oct 22 2017 15:47:54.222, peer=0, tc=3,
mintc=3, offset=0.000, frequency=5.387, sys_jitter=0.000,
clk_jitter=0.000, clk_wander=0.000
در دستور بالا عبارت last_event اهمیت دارد که آبا سرور در دسترس قرار دارد یا خیر و این که در ستون reach عبارت yes هست یا no (yes یعنی از سرور مورد نظر در حال گرفتن دیتا است)
تست دیگری که در سمت کلاینت اطلاعات مفیدی به کاربر میدهد
$ ntpq
ntpq> as
ind assid status  conf reach auth condition  last_event cnt
===========================================================
  1 45592  9444   yes   yes  none candidate   reachable  4
  2 45593  962a   yes   yes  none  sys.peer    sys_peer  2
  3 45594  9414   yes   yes  none candidate   reachable  1

ntpq> exit
$
لینک های مفید:

LINK


  • behrooz mohamadi nsasab
۲۴
خرداد

sudo vim /etc/ntp.conf

# /etc/ntp.conf, configuration for ntpd; see ntp.conf(5) for help
driftfile /var/lib/ntp/ntp.drift
# Enable this if you want statistics to be logged.
#statsdir /var/log/ntpstats/
statistics loopstats peerstats clockstats
filegen loopstats file loopstats type day enable
filegen peerstats file peerstats type day enable
filegen clockstats file clockstats type day enable
# You do need to talk to an NTP server or two (or three).
#server ntp.your-provider.example
# pool.ntp.org maps to about 1000 low-stratum NTP servers.  Your server will
# pick a different set every time it starts up.  Please consider joining the
# pool: <http://www.pool.ntp.org/join.html>
server 0.debian.pool.ntp.org iburst
server 1.debian.pool.ntp.org iburst
server 2.debian.pool.ntp.org iburst
server 3.debian.pool.ntp.org iburst
# Access control configuration; see /usr/share/doc/ntp-doc/html/accopt.html for
# details.  The web page <http://support.ntp.org/bin/view/Support/AccessRestrictions>
# might also be helpful.
#
# Note that "restrict" applies to both servers and clients, so a configuration
# that might be intended to block requests from certain clients could also end
# up blocking replies from your own upstream servers.
# By default, exchange time with everybody, but don't allow configuration.
##restrict -4 default kod notrap nomodify nopeer noquery
##restrict -6 default kod notrap nomodify nopeer noquery
# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1
#restrict 192.168.0.0 mask 255.255.252.0
# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
# If you want to provide time to your local subnet, change the next line.
# (Again, the address is an example only.)
#broadcast 192.168.123.255
# If you want to listen to time broadcasts on your local subnet, de-comment the
# next lines.  Please do this only if you trust everybody on the network!
#disable auth
#broadcastclient


کانفیگ‌های موحود همانند server که در فایل ntp.conf اعمال میشوند
server address [key key | autokey] [burst] [iburst] [version version] [prefer] [minpoll minpoll] [maxpoll maxpoll]
peer address [key key | autokey] [version version] [prefer] [minpoll minpoll] [maxpoll maxpoll]
broadcast address [key key | autokey] [version version] [minpoll minpoll] [ttl ttl]
manycastclient address [key key | autokey] [version version] [minpoll minpoll [maxpoll maxpoll] [ttl ttl]

server:
For type s and r addresses, this command mobilizes a persistent client mode association with the specified remote server or local radio clock. In this mode the local clock can synchronized to the remote server, but the remote server can never be synchronized to the local clock. This command should NOT be used for type b or m addresses.

peer:

For type s addresses (only), this command mobilizes a persistent symmetric-active mode association with the specified remote peer. In this mode the local clock can be synchronized to the remote peer or the remote peer can be synchronized to the local clock. This is useful in a network of servers where, depending on various failure scenarios, either the local or remote peer may be the better source of time. This command should NOT be used for type b, m or r addresses.

broadcast:
For type b and m addresses (only), this command mobilizes a persistent broadcast mode association. Multiple commands can be used to specify multiple local broadcast interfaces (subnets) and/or multiple multicast groups. Note that local broadcast messages go only to the interface associated with the subnet specified, but multicast messages go to all interfaces.In broadcast mode the local server sends periodic broadcast messages to a client population at the address specified, which is usually the broadcast address on (one of) the local network(s) or a multicast address assigned to NTP. The IANA has assigned the multicast group address 224.0.1.1 exclusively to NTP, but other nonconflicting addresses can be used to contain the messages within administrative boundaries. Ordinarily, this specification applies only to the local server operating as a sender; for operation as a broadcast client, see the broadcastclient or multicastclient commands below.
    
manycastclient:
For type m addresses (only), this command mobilizes a manycast client mode association for the multicast address specified. In this case a specific address must be supplied which matches the address used on the manycastserver command for the designated manycast servers. The NTP multicast address 224.0.1.1 assigned by the IANA should NOT be used, unless specific means are taken to avoid spraying large areas of the Internet with these messages and causing a possibly massive implosion of replies at the sender.The manycast command specifies that the local server is to operate in client mode with the remote servers that are discovered as the result of broadcast/multicast messages. The client broadcasts a request message to the group address associated with the specified address and specifically enabled servers respond to these messages. The client selects the servers providing the best time and continues as with the server command. The remaining servers are discarded as if never heard.

Options

autokey
All packets sent to and received from the server or peer are to include authentication fields encrypted using the autokey scheme described in the Authentication Options page.

burst
when the server is reachable and at each poll interval, send a burst of eight packets instead of the usual one packet. The spacing between the first and the second packets is about 16s to allow a modem call to complete, while the spacing between the remaining packets is about 2s. This is designed to improve timekeeping quality with the server command and s addresses.

iburst
When the server is unreachable and at each poll interval, send a burst of eight packets instead of the usual one. As long as the server is unreachable, the spacing between packets is about 16s to allow a modem call to complete. Once the server is reachable, the spacing between packets is about 2s. This is designed to speed the initial synchronization acquisition with the server command and s addresses and when ntpd is started with the -q option.

key key
All packets sent to and received from the server or peer are to include authentication fields encrypted using the specified key identifier with values from 1 to 65534, inclusive. The default is to include no encryption field.

minpoll minpoll
These options specify the minimum and maximum poll intervals for NTP messages, in seconds to the power of two. The maximum poll interval defaults to 10 (1,024 s), but can be increased by the maxpoll option to an upper limit of 17 (36.4 h). The minimum   poll interval defaults to 6 (64 s), but can be decreased by the minpoll option to a lower limit of 4 (16 s).

prefer
Marks the server as preferred. All other things being equal, this host will be chosen for synchronization among a set of correctly operating hosts. See the Mitigation Rules and the prefer Keyword page for further information.

ttl ttl
This option is used only with broadcast server and manycast client modes. It specifies the time-to-live ttl to use on broadcast server and multicast server and the maximum ttl for the expanding ring search with manycast client packets. Selection of the proper value, which defaults to 127, is something of a black art and should be coordinated with the network administrator.

version version
Specifies the version number to be used for outgoing NTP packets. Versions 1-4 are the choices, with version 4 the default.

 

اعمال محدودیت

تنظبمات موجود در سرور NTP را بصورت پیش فرض تغییر ندهید تا این که به هر سرور در هرکجا بتواند سرویس بدهد. اما اگر گاهی لازم شد تا به یک دامنه ای نخواهید سرویس بدهید از عبارت restricted برای محدود شدن آن آی پی استفاده نمایید.

# Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap

    ignore — All packets will be ignored, including ntpq and ntpdc queries.
    kod — a “Kiss-o'-death” packet is to be sent to reduce unwanted queries.
    limited — do not respond to time service requests if the packet violates the rate limit default values or those specified by the discard command. ntpq and ntpdc queries are not affected. For more information on the discard command and the default values, see Section 22.16.2, “Configure Rate Limiting Access to an NTP Service”.
    lowpriotrap — traps set by matching hosts to be low priority.
    nomodify — prevents any changes to the configuration.
    noquery — prevents ntpq and ntpdc queries, but not time queries, from being answered.
    nopeer — prevents a peer association being formed.
    noserve — deny all packets except ntpq and ntpdc queries.
    notrap — prevents ntpdc control message protocol traps.
    notrust — deny packets that are not cryptographically authenticated.
    ntpport — modify the match algorithm to only apply the restriction if the source port is the standard NTP UDP port 123.
    version — deny packets that do not match the current NTP version.


  • behrooz mohamadi nsasab