What is the Time Service?
- Time Service는 네트워크 내에 있는 모든 Computer의 날짜와 시간을 동기화
- Time Service는 NTP를 이용하여, 네트워크에서 Computer 시간 동기화
- Computer 시간의 정확도 수준을 Stratum 으로 분류
- The NTP Stratum model is a representation of the hierarchy of time servers in an NTP network, where the Stratum level (0-15) indicates the device's distance to the reference clock.
- 네트워크 내에서 가장 정확도가 높은 시간 원본이 가장 작은 Stratum Level 부여
- 가장 정확한 시간 원본을 Reference Clock 이라고 부름
- Reference Clock에서 시간을 받아가는 NTP Server는 Reference Clock보다 Stratum Level이 “1” 증가
- NTP Server에서 시간을 받아가는 NTP Server 또는 NTP Client도 마찬가지로 Stratum Level이 “1” 증가
- Primary servers are assigned stratum one; secondary servers at each lower level are assigned stratum numbers one greater than the preceding level. (https://datatracker.ietf.org/doc/html/rfc5905)
- 즉, Stratum Level은 Computer가 가장 정확한 시간 원본에 얼마나 가까이 있는지를 나타내는 척도로 사용됨
How Time Service Works
1. NTP는 시간 동기화가 필요한 Client와 Server의 Time Sample을 포함한 Time Stamp를 Packet에 담아 시간 동기화에 사용
2. 일반적으로 네트워크 내에 신뢰할 만한 시간 원본 서버를 구축하고 해당 서버는 외부 NTP 서버 또는 Hardware Device를 통해서 시간 동기화 되도록 구성
NTP Server, Client 관계는 다음과 같이 구성
Windows NTP Client
- Active Directory를 이용하여 Domain을 구축한 경우
- 외부 NTP Server <-> AD(PDC Role) : NTP Server <-> 여러 AD(PDC가 아닌), 여러 AD Member Server(자동 설정) : NTP Client
- 외부 NTP Server <-> AD(PDC Role) : NTP Server <-> 여러 Workgroup Server(수동 설정) : NTP Client
- Active Directory를 이용하여 Domain을 구축하지 않은 경우
- 외부 NTP Server <-> 여러 NTP Server(수동 설정) <-> 여러 NTP Client(수동 설정)
Linux NTP Client
- Active Directory를 이용하여 Domain을 구축한 경우
- 외부 NTP Server <-> AD(PDC Role) <-> 여러 NTP Client(수동 설정)
- Active Directory를 이용하여 Domain을 구축하지 않은 경우
- 외부 NTP Server <-> 여러 NTP Server(수동 설정) <-> 여러 NTP Client(수동 설정)
How to configure NTP Server on Windows
How to configure an authoritative time server in Windows Server
https://docs.microsoft.com/en-us/troubleshoot/windows-server/identity/configure-authoritative-time-server
※ AD가 구축된 경우 PDC 역할을 하는 AD 서버에서 설정 필요
- 시작 > 실행 > Regedit
- HEKY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters Key 하위에서
- Type 값을 NTP로 수정(기존에 NTP였다면 그대로 유지)
- HEKY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config Key 하위에서
- AnnounceFlags 값을 0x5로 설정
- HEKY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer Key 하위에서
- Enabled 값을 0x1로 설정
- HEKY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Parameters Key 하위에서
- NtpServer 값에 Upstream Server를 입력
- 예를 들어, time.windows.com, 0x8 또는 다른 외부 NTP Server 입력
※ 0x8은 NtpServer에서 동기화 요청을 time.windows.com에 보낼 때, client mode를 사용한다는 의미
시작 > 실행 > cmd(관리자 권한)
- Time Service 재시작 : net stop w32time && net start w32time
How to configure NTP Client on Windows
Configure a Manual Time Source for a Selected Client Computer
시작 > 실행 > cmd(관리자 권한)
C:\>w32tm /config /manualpeerlist:192.168.1.10,0x8 /syncfromflags:manual /update
※ 0x8은 NtpClient 에서 동기화 요청을 192.168.1.10에 보낼 때, client mode를 사용한다는 의미
How to enable Time Service Debug Log on Windows
Turn on debug logging in the Windows Time Service
시작 > 실행 > cmd(관리자 권한)
C:\>w32tm /debug /enable /file:C:\Windows\temp\w32time.log /size:10000000 /entries:0-300
How NTP Server on Windows communicates with NTP Client on Windows
Network Packets between NTP Server(192.168.1.10) and NTP Client(192.168.1.20)
35 06:18:13.210347 192.168.1.20 192.168.1.10 NTP 90 NTP Version 3, client
36 06:18:13.211014 192.168.1.10 192.168.1.20 NTP 90 NTP Version 3, server
Frame 35: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface \Device\NPF_{259D1902-11E7-46E5-9846-E7979301F234}, id 0
Ethernet II, Src: Microsof_d2:9a:01 (00:15:5d:d2:9a:01), Dst: Microsof_d2:9a:00 (00:15:5d:d2:9a:00)
Internet Protocol Version 4, Src: 192.168.1.20, Dst: 192.168.1.10
User Datagram Protocol, Src Port: 123, Dst Port: 123
Network Time Protocol (NTP Version 3, client) : https://datatracker.ietf.org/doc/html/rfc5905#section-7.3
Flags: 0x1b, Leap Indicator: no warning, Version number: NTP Version 3, Mode: client
00.. .... = Leap Indicator: no warning (0)
..01 1... = Version number: NTP Version 3 (3)
.... .011 = Mode: client (3) --> Association Mode
[Response In: 36]
Peer Clock Stratum: secondary reference (2) --> Packet Stratum
Peer Polling Interval: 17 (131072 seconds)
Peer Clock Precision: 0.000000 seconds
Root Delay: 0.001678 seconds
Root Dispersion: 16.000000 seconds
Reference ID: 192.168.1.10 --> Reference ID
Reference Timestamp: Jun 24, 2022 06:18:02.788442699 UTC
Origin Timestamp: (0)Jan 1, 1970 00:00:00.000000000 UTC
Receive Timestamp: (0)Jan 1, 1970 00:00:00.000000000 UTC
Transmit Timestamp: Jun 24, 2022 06:18:13.210443699 UTCNTP Client -> NTP Server
Frame 35: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface \Device\NPF_{259D1902-11E7-46E5-9846-E7979301F234}, id 0
Ethernet II, Src: Microsof_d2:9a:01 (00:15:5d:d2:9a:01), Dst: Microsof_d2:9a:00 (00:15:5d:d2:9a:00)
Internet Protocol Version 4, Src: 192.168.1.20, Dst: 192.168.1.10
User Datagram Protocol, Src Port: 123, Dst Port: 123
Network Time Protocol (NTP Version 3, client) : https://datatracker.ietf.org/doc/html/rfc5905#section-7.3
Flags: 0x1b, Leap Indicator: no warning, Version number: NTP Version 3, Mode: client
00.. .... = Leap Indicator: no warning (0)
..01 1... = Version number: NTP Version 3 (3)
.... .011 = Mode: client (3) --> Association Mode
[Response In: 36]
Peer Clock Stratum: secondary reference (2) --> Packet Stratum
Peer Polling Interval: 17 (131072 seconds)
Peer Clock Precision: 0.000000 seconds
Root Delay: 0.001678 seconds
Root Dispersion: 16.000000 seconds
Reference ID: 192.168.1.10 --> Reference ID
Reference Timestamp: Jun 24, 2022 06:18:02.788442699 UTC
Origin Timestamp: (0)Jan 1, 1970 00:00:00.000000000 UTC
Receive Timestamp: (0)Jan 1, 1970 00:00:00.000000000 UTC
Transmit Timestamp: Jun 24, 2022 06:18:13.210443699 UTC
Time Service Debug Log on NTP Client
From NTP Server to NTP Client
153941 06:35:30.1035119s - PeerPollingThread: WaitTimeout
153941 06:35:30.1035608s - Polling peer 192.168.1.10,0x8 (ntp.m|0x8|0.0.0.0:123->192.168.1.10:123)
153941 06:35:30.1036574s - PollIntervalChange(192.168.1.10,0x8 (ntp.m|0x8|0.0.0.0:123->192.168.1.10:123)): adjust: (++) -> 8
153941 06:35:30.1036633s - PollIntervalChange(192.168.1.10,0x8 (ntp.m|0x8|0.0.0.0:123->192.168.1.10:123)): reclamp: 8 -> 7 (min=4, max=17, sys=7)
153941 06:35:30.1037316s - PollIntervalChange(192.168.1.10,0x8 (ntp.m|0x8|0.0.0.0:123->192.168.1.10:123)): poll interval: host 7 -> peer 6 (min=4, peer=6)
153941 06:35:30.1037384s - Peer poll: Max:64.0000000s Cur:00.0000000s
153941 06:35:30.1043388s - ListeningThread -- DataAvailEvent set for socket 1 (0.0.0.0:123)
153941 06:35:30.1043582s - TSI_PhaseOffset returned:267689390768
153941 06:35:30.1043627s - HA Pkt Rcv: delay:0 DestTimeStamp:133005261301043566
153941 06:35:30.1043665s - Rx timestamp not returned and may be unsupported on the current network interface.
153941 06:35:30.1043701s - ListeningThread -- response heard from 192.168.1.10:123 <- 192.168.1.20:123
153941 06:35:30.1192940s - Tx timestamp not returned and may be unsupported on the current network interface.
153941 06:35:30.1193234s - /-- NTP Packet:
153941 06:35:30.1193262s - | LeapIndicator: 0 - no warning; VersionNumber: 3; Mode: 4 - Server; LiVnMode: 0x1C
153941 06:35:30.1193292s - | Stratum: 1 - primary reference (syncd by radio clock)
153941 06:35:30.1193312s - | Poll Interval: 7 - 128s; Precision: -23 - 119.209ns per tick
153941 06:35:30.1193384s - | RootDelay: 0x0000.0000s - unspecified; RootDispersion: 0x000A.03DEs - 10.0151s
153941 06:35:30.1193429s - | ReferenceClockIdentifier: 0x4C4F434C - source name: "LOCL"
153941 06:35:30.1193461s - | ReferenceTimestamp: 0xE65FD498B687640C - 13300524824713003400ns - 153941 06:13:44.7130034s
153941 06:35:30.1193507s - | OriginateTimestamp: 0xE65FD9B21A8362F6 - 13300526130103567300ns - 153941 06:35:30.1035673s
153941 06:35:30.1193547s - | ReceiveTimestamp: 0xE65FD9B21A99E294 - 13300526130103910600ns - 153941 06:35:30.1039106s
153941 06:35:30.1193591s - | TransmitTimestamp: 0xE65FD9B21AA009F6 - 13300526130104004500ns - 153941 06:35:30.1040045s
153941 06:35:30.1193637s - >-- Non-packet info:
153941 06:35:30.1193660s - | DestinationTimestamp: 153941 06:35:30.1193677s - 0xE65FD9B21AB71D38153941 06:35:30.1193694s - - 13300526130104356600ns153941 06:35:30.1193712s - - 153941 06:35:30.1043566s
153941 06:35:30.1193738s - | RoundtripDelay: 695400ns (0s)
153941 06:35:30.1193774s - | LocalClockOffset: -4400ns - 0:00.000004400s
153941 06:35:30.1193823s - \--Network Packets between NTP Server(192.168.1.10) and NTP Client(192.168.1.20)
35 06:18:13.210347 192.168.1.20 192.168.1.10 NTP 90 NTP Version 3, client
36 06:18:13.211014 192.168.1.10 192.168.1.20 NTP 90 NTP Version 3, server
NTP Server -> NTP Client
Frame 36: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface \Device\NPF_{259D1902-11E7-46E5-9846-E7979301F234}, id 0
Ethernet II, Src: Microsof_d2:9a:00 (00:15:5d:d2:9a:00), Dst: Microsof_d2:9a:01 (00:15:5d:d2:9a:01)
Internet Protocol Version 4, Src: 192.168.1.10, Dst: 192.168.1.20
User Datagram Protocol, Src Port: 123, Dst Port: 123
Network Time Protocol (NTP Version 3, server) : https://datatracker.ietf.org/doc/html/rfc5905#section-7.3
Flags: 0x1c, Leap Indicator: no warning, Version number: NTP Version 3, Mode: server
00.. .... = Leap Indicator: no warning (0)
..01 1... = Version number: NTP Version 3 (3)
.... .100 = Mode: server (4)
[Request In: 35]
[Delta Time: 0.000667000 seconds]
Peer Clock Stratum: primary reference (1)
Peer Polling Interval: 17 (131072 seconds)
Peer Clock Precision: 0.000000 seconds
Root Delay: 0.000000 seconds
Root Dispersion: 10.003098 seconds
Reference ID: uncalibrated local clock
Reference Timestamp: Jun 24, 2022 06:13:44.726757899 UTC
Origin Timestamp: Jun 24, 2022 06:18:13.210443699 UTC
Receive Timestamp: Jun 24, 2022 06:18:13.210753999 UTC
Transmit Timestamp: Jun 24, 2022 06:18:13.210759099 UTC
Time Service Debug Log on NTP Server
From NTP Client to NTP Server
153941 06:30:01.0924212s - ListeningThread -- DataAvailEvent set for socket 1 (0.0.0.0:123)
153941 06:30:01.0925155s - TSI_PhaseOffset returned:16154358176
153941 06:30:01.0925335s - HA Pkt Rcv: delay:0 DestTimeStamp:133005258010925091
153941 06:30:01.0925478s - Rx timestamp not returned and may be unsupported on the current network interface.
153941 06:30:01.0925616s - ListeningThread -- response heard from 192.168.1.20:123 <- 192.168.1.10:123
153941 06:30:01.0925915s - /-- NTP Packet:
153941 06:30:01.0926225s - | LeapIndicator: 0 - no warning; VersionNumber: 3; Mode: 3 - Client; LiVnMode: 0x1B
153941 06:30:01.0926330s - | Stratum: 2 - secondary reference (syncd by (S)NTP)
153941 06:30:01.0926397s - | Poll Interval: 7 - 128s; Precision: -23 - 119.209ns per tick
153941 06:30:01.0926572s - | RootDelay: 0x0000.0023s - 0.000534058s; RootDispersion: 0x000A.050Fs - 10.0198s
153941 06:30:01.0926769s - | ReferenceClockIdentifier: 0xC0A8010A - source IP: 192.168.1.10
153941 06:30:01.0926873s - | ReferenceTimestamp: 0xE65FD7E9237763E4 - 13300525673138540500ns - 153941 06:27:53.1385405s
153941 06:30:01.0926994s - | OriginateTimestamp: 0xE65FD7E916D7FAFE - 13300525673089233100ns - 153941 06:27:53.0892331s
153941 06:30:01.0927108s - | ReceiveTimestamp: 0xE65FD7E916F4DE63 - 13300525673089673900ns - 153941 06:27:53.0896739s
153941 06:30:01.0927226s - | TransmitTimestamp: 0xE65FD869176F5CAF - 13300525801091543000ns - 153941 06:30:01.0915430s
153941 06:30:01.0927355s - >-- Non-packet info:
153941 06:30:01.0927417s - | DestinationTimestamp: 153941 06:30:01.0927465s - 0xE65FD86917AEAD27153941 06:30:01.0927511s - - 13300525801092509100ns153941 06:30:01.0927562s - - 153941 06:30:01.0925091s
153941 06:30:01.0927634s - | RoundtripDelay: 1406900ns (0s)
153941 06:30:01.0927734s - | LocalClockOffset: -262600ns - 0:00.000262600s
153941 06:30:01.0927867s - \--How to configure NTP Server/Client on Linux
CentOS 기준
Windows와 달리, Linux에서 NTP Server/Client의 구분은 Upstream NTP Server를 어디를 보느냐에 따라 차이
즉, NTP Server이면서 NTP Client
- yum install ntp
- vi /etc/ntp.conf
- server 192.168.1.10 iburst # 192.168.1.10은 NTP Server 주소(나머지 기본 NTP Server는 주석 처리)
- tos maxdist 16 # NTP Server가 Windows인 경우 필요, ESXi의 경우 tos maxdist 30 이용(https://kb.vmware.com/s/article/87488)
- systemctl enable ntpd.service # ntpd 자동 시작(사전에 systemctl disable chronyd 필요)
- systemctl start ntpd.service
- ntpdate –q 192.168.1.10 # NTP Server와 시간 동기화 시도
- nptq –p # NTP Server와 동기화 상태
How to enable Time Service Debug Log on Linux
CentOS 기준
- vi /etc/ntp.conf
- logfile /var/log/ntpd.log
logconfig =all (https://www.ibm.com/docs/en/aix/7.2?topic=files-ntpconf-file)
How NTP Server on Windows communicates with NTP Client on Linux
Network Packets between NTP Server(192.168.1.10) and NTP Client(192.168.1.40)
35 06:18:13.210347 192.168.1.40 192.168.1.10 NTP 90 NTP Version 4, client
36 06:18:13.211014 192.168.1.10 192.168.1.20 NTP 90 NTP Version 3, server
NTP Client -> NTP Server
Frame 7: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface \Device\NPF_{C3017C33-46BF-41EF-90A0-BB5A7AFB8C3E}, id 0
Ethernet II, Src: Microsof_d2:9a:03 (00:15:5d:d2:9a:03), Dst: Microsof_d2:9a:00 (00:15:5d:d2:9a:00)
Internet Protocol Version 4, Src: 192.168.1.40, Dst: 192.168.1.10
User Datagram Protocol, Src Port: 123, Dst Port: 123
Network Time Protocol (NTP Version 4, client)
Flags: 0x23, Leap Indicator: no warning, Version number: NTP Version 4, Mode: client
00.. .... = Leap Indicator: no warning (0)
..10 0... = Version number: NTP Version 4 (4)
.... .011 = Mode: client (3)
[Response In: 8]
Peer Clock Stratum: secondary reference (2)
Peer Polling Interval: 7 (128 seconds)
Peer Clock Precision: 4294967296.000000 seconds
Root Delay: 0.000397 seconds
Root Dispersion: 10.670334 seconds
Reference ID: 192.168.1.10
Reference Timestamp: Jun 25, 2022 14:46:40.798631811 UTC
Origin Timestamp: Jun 25, 2022 14:57:46.675526199 UTC
Receive Timestamp: Jun 25, 2022 14:57:46.676010689 UTC
Transmit Timestamp: Feb 13, 2097 18:08:02.493514790 UTC
NTP Server -> NTP Client
Frame 8: 90 bytes on wire (720 bits), 90 bytes captured (720 bits) on interface \Device\NPF_{C3017C33-46BF-41EF-90A0-BB5A7AFB8C3E}, id 0
Ethernet II, Src: Microsof_d2:9a:00 (00:15:5d:d2:9a:00), Dst: Microsof_d2:9a:03 (00:15:5d:d2:9a:03)
Internet Protocol Version 4, Src: 192.168.1.10, Dst: 192.168.1.40
User Datagram Protocol, Src Port: 123, Dst Port: 123
Network Time Protocol (NTP Version 3, server)
Flags: 0x1c, Leap Indicator: no warning, Version number: NTP Version 3, Mode: server
00.. .... = Leap Indicator: no warning (0)
..01 1... = Version number: NTP Version 3 (3)
.... .100 = Mode: server (4)
[Request In: 7]
[Delta Time: 0.000141000 seconds]
Peer Clock Stratum: primary reference (1)
Peer Polling Interval: 7 (128 seconds)
Peer Clock Precision: 0.000000 seconds
Root Delay: 0.000000 seconds
Root Dispersion: 10.664688 seconds
Reference ID: uncalibrated local clock
Reference Timestamp: Jun 24, 2022 23:02:52.315241599 UTC
Origin Timestamp: Feb 13, 2097 18:08:02.493514790 UTC
Receive Timestamp: Jun 25, 2022 15:00:01.581237999 UTC
Transmit Timestamp: Jun 25, 2022 15:00:01.581243099 UTCHow to approach NTP cases
- NTP Server와 NTP Client 전체 구성에 대해서 확인
- AD 구성이 되어 있는지? AD 구성이 있는 경우, PDC 역할의 AD 서버가 무엇인지?
- 사용하고 있는 NTP Server가 몇 대 인지?
- NTP Server의 OS가 무엇인지?
- NTP Client가 어떤 NTP Server를 바라보는지?
- NTP Client와 NTP Server가 동일 Broadcast Domain 내에 있는지? 다르다면, 구간 내에 Firewall 확인
- NTP Client가 정상적으로 NTP Server와 동기화 중인지 확인
- Linux가 NTP Client인 경우, ntpq –pn 결과에서 정상적인 경우 NTP Server앞에 * 가 표시
- Windows가 NTP Client인 경우, w32tm /query /status /verbose 결과에서 정상적인 경우 Last Sync Error가 0
- NTP Client에서 조회한 결과에서 Stratum Level과 Reference ID 확인
- Stratum Level이 너무 낮거나(0, 1), 너무 큰 경우(16)는 없는지
- Reference ID에 사전에 확인한 NTP Server가 명시되어 있는지
- NTP Client와 NTP Server간 Firewall 존재 시, UDP 123 포트에 대한 Allow 정책(양방향) 확인
- 분석에 필요한 자료 수집
- NTP Server와 NTP Client 간에 Network Packet 수집
- NTP Client 쪽 Time Service Debug Log 수집
References
Network Time Protocol Version 4: Protocol and Algorithms Specification
https://datatracker.ietf.org/doc/html/rfc5905
How to configure an authoritative time server in Windows Server
Configure a Manual Time Source for a Selected Client Computer
Turn on debug logging in the Windows Time Service
Chapter 19. Configuring NTP Using ntpd
'Networking' 카테고리의 다른 글
| [Socket Programming #1] Server/Client based on TCP (0) | 2023.05.18 |
|---|---|
| TCP 3-way handshake fails due to missing routing entry (0) | 2023.05.08 |
| Driver/Firmware Check - Network Adapter (0) | 2023.03.18 |
| VMKernel Network Threads (0) | 2023.02.23 |
| Address Resolution Protocol(ARP) (0) | 2022.08.11 |
