NTP service

1. About

The Network Time Protocol (NTP) is used for clock synchronization between computers. It can synchronize all participating computers over the network to within a few milliseconds of Coordinated Universal Time (UTC) using accurate time servers.

2. Systems

2.1 Frontend


2.2 Backend

Always use the frontend DNS record

Never use the backend nodes directly:

  • backend may change without notice at any time (e.g. IP addresses, DNS records, configuration, etc.)
  • backend has no legacy support or grace periods, changes are implemented instantly
  • backend can be rebootet without notice at any time
  • backend access will soon be restricted

node1.ntp.bfh.info 2a07:6b40::41
node2.ntp.bfh.info 2a07:6b40::42
node3.ntp.bfh.info 2a07:6b40::43
node4.ntp.bfh.info 2a07:6b40::44

3. Features

3.1 Protocols

  • NTPv4 (UDP) on port 123 (frontend and backends)

  • NTS with NTS-KE (TCP) on port 4460 (frontend and backends)

3.2 ACLs

  • queries are accepted from 2a07:6b40::/29, and only, everything else is denied

3.3 Time sources

  • using vendor zone from pool.ntp.org as time source

3.4 Details

  • hardware timestamping on network cards for better accuracy of synchronization

  • leap smearing for leap seconds (on 30th of June and 31th of December)

4. Backlog

4.1 Legacy

  • n/a

4.2 Features

  • 2023: creating proxy.ntp.bfh.info

  • 2023: load balancing proxy.ntp.bfh.info

  • 2023: enabling rate limiting

  • 2023: restricting backend subnet access to frontend and management only

  • 2023: anycasting ntp.bfh.info

  • ????: adding additional alternative time sources for resilience

  • ????: benchmarking

4.3 Known issues

  • downstream: chrony operation needs special handling for TLS certificates (see #1013882)