Mastering NTP: Configure Accurate Time Sync on Linux Servers

What Is NTP?

Network Time Protocol (NTP) operates over UDP port 123 and synchronizes computer clocks with external time sources such as atomic clocks, GPS, or Internet time servers, achieving sub‑millisecond accuracy on LANs and tens of milliseconds over the Internet. Authentication mechanisms protect against malicious attacks.

NTP Server Hierarchy

Accurate time originates from UTC. Servers are organized into strata: Stratum‑1 connects directly to an external UTC source, Stratum‑2 obtains time from Stratum‑1, Stratum‑3 from Stratum‑2, and so on, with a maximum of 15 strata. This ladder‑like architecture forms the logical backbone of time distribution.

Synchronization Modes

NTP can exchange time using three modes:

Broadcast/Multicast : Servers periodically broadcast time to the local network; simple to configure but less precise.

Symmetric : A server both receives time from and provides time to remote peers, suitable for redundant setups.

Client/Server : A server receives time from higher‑level servers and serves it to downstream clients without sharing its time outward.

All modes use UDP and a filtering algorithm that combines data from multiple sources to compute a reliable reference.

Installing NTP on Linux

Most Linux distributions ship the NTP package; if not present, install it with:

yum install ntp

Key Configuration Directives

Edit /etc/ntp.conf and add the following example directives (adjust IP ranges as needed):

# Allow 172.16.*.* to use this server
restrict 172.16.0.0 mask 255.255.0.0 nomodify

# Allow anyone to sync (read‑only)
restrict default nomodify notrap

# Block all other IPs from updating time
restrict 0.0.0.0 mask 0.0.0.0 nomodify notrap noquery notrust

# Upstream public time server (example)
server 210.72.145.44

# Local reference clock (prefer)
server 127.127.1.0 prefer

# Set local stratum (must be <=16)
fudge 127.127.1.0 stratum 8

Starting the NTP Service

# Enable NTP at boot
chkconfig ntpd on
# Start the daemon
service ntpd start

Verifying Operation

Check synchronization status with: ntpq -p The output shows each peer’s reachability, delay, offset, and jitter. A reach value of 0 indicates the server is unreachable, while a non‑zero value (e.g., 17) means the server is responding.

Synchronizing the Hardware Clock

To keep the hardware clock in sync, edit /etc/sysconfig/ntpd and set:

SYNC_HWCLOCK=yes

Client Configuration

On a client machine, perform an immediate sync and schedule periodic updates:

# One‑time sync to the NTP server
ntpdate 172.16.16.1
# Add a cron job to run every minute
*/1 * * * * ntpdate 172.16.16.1

After the server starts, it may take 5–10 minutes to achieve full synchronization; during this window, manual ntpdate attempts may report “no server suitable for synchronization found”.