Network Time Protocol (NTP)

What is Network Time Protocol (NTP)?

Network Time Protocol (NTP) is an internet protocol used to synchronize with computer clock time sources in a network. It belongs to and is one of the oldest parts of the TCP/IP suite. The term NTP applies to both the protocol and the client-server programs that run on computers.

David Mills, professor at the University of Delaware, developed NTP in 1981. It is designed to be highly fault-tolerant and scalable, while supporting time synchronization.

How does NTP work?

The following three steps are involved in the NTP time synchronization process:

  1. The NTP client initiates a time-request exchange with the NTP server.
  2. The client is then able to calculate the link delay and its local offset and adjust its local clock to match the clock at the server's computer.
  3. As a rule, six exchanges over a period of about five to 10 minutes are required to initially set the clock.

Once synchronized, the client updates the clock about once every 10 minutes, usually requiring only a single message exchange, in addition to client-server synchronization. This transaction occurs via User Datagram Protocol (UDP) on port 123. NTP also supports broadcast synchronization of peer computer clocks.

Why is NTP important and how is it used?

Accurate time for all devices on a computer network is important for many reasons; a discrepancy of even a fraction of a second can cause problems.

Some examples of how NTP is used are the following:

  • Distributed procedures depend on coordinated times to ensure proper sequences are followed.
  • Security mechanisms depend on consistent timekeeping across the network.
  • File system updates carried out across several computers depend on synchronized clock times.
  • Network acceleration and network management systems rely on the accuracy of timestamps to measure performance and troubleshoot problems.

What are NTP features?

There are thousands of NTP servers around the world. They have access to highly precise atomic clocks and Global Positioning System clocks. Specialized receivers are required to directly communicate with the NTP servers for these time services. It is not practical or cost-effective to equip every computer with one of these receivers. Instead, computers designated as primary time servers are outfitted with the receivers. They use protocols such as NTP to synchronize the clock times of networked computers.

NTP uses Coordinated Universal Time (UTC) to synchronize computer clock times with extreme precision. It offers greater accuracy on smaller networks -- down to 1 millisecond in a local area network (LAN) and within tens of milliseconds over the internet. NTP does not account for time zones. Instead, it relies on the host to perform such computations.

What are stratum levels?

Degrees of separation from the UTC source are defined as strata. The various strata include the following:

  • Stratum 0. A reference clock receives true time from a dedicated transmitter or satellite navigation system. It is categorized as stratum 0.
  • Stratum 1. A device is directly linked to the reference clock.
  • Stratum 2. A device receives its time from a stratum 1 computer.
  • Stratum 3. A device receives its time from a stratum 2 computer.

The stratum ranking continues from there. Accuracy is reduced with each additional degree of separation.

Security-wise, NTP has known vulnerabilities. The protocol can be exploited and used in denial-of-service attacks for two reasons: First, it replies to a packet with a spoofed source IP address; second, at least one of its built-in commands sends a long reply to a short request.

diagram of how NTP stratum levels work
Network Time Protocol ranking depends on degrees of separation from the Coordinated Universal Time source.

What are the advantages of NTPv4?

NTPv4 is the current version of NTP. The Internet Engineering Task Force introduced NTPv4 in Request for Comments (RFC) 5905 in 2010. It is backward-compatible with the previous version, NTPv3, which is based on RFC 1305 and dates to 1992. NTPv4 is also backward-compatible with other NTP versions.

NTPv4 has a modified protocol header that supports the IP version 6 address family. This latest version improved mitigation and discipline algorithms that enhance accuracy to tens of microseconds in support of workstations, laptops, handheld devices and LANs. NTPv4 also has a server discovery function that simplifies identifying the configuration of a server.

How is time information obtained?

Networking devices can poll host servers and listen for NTP broadcasts to get information on time.

Poll-based NTP associations

The most frequently used poll-based association modes are the client mode and the symmetric active mode. They provide a high degree of accuracy and reliability for timing.

With the client mode, network devices are assigned time-serving hosts that they poll for the correct time. It then chooses one host to synchronize with and doesn't provide any information back to the host. This approach is best for clients, such as file servers and workstations, that aren't synchronizing with other clients.

With the symmetric active mode, a device polls its host for the correct time. It also responds to polls from its hosts, which gather time-related information from networking devices. This mode works best when several servers are interconnected using various network paths.

Broadcast-based NTP associations

Broadcast-based NTP associations are somewhat less accurate and reliable than poll-based ones. They are good for localized networks with limited bandwidth, memory or central processing unit (CPU) resources.

In the broadcast-based mode, a network device listens for NTP broadcast packets that broadcast time servers transmit. The time information flows only one direction.

What is Simple Network Time Protocol?

NTP may be too complex for some systems. For them, Simple Network Time Protocol (SNTP) is available. It is NTP minus a few internal components.

SNTP synchronizes to NTP servers. It was developed for smaller, less powerful computers and needs less memory and CPU resources than NTP. It also is part of TCP/IP and uses UDP port 123. SNTP is used for applications that don't need exact time synchronization.

Learn more about how important authoritative timing networks are to data networks.

This was last updated in February 2022

Continue Reading About Network Time Protocol (NTP)

Dig Deeper on Network infrastructure

Unified Communications
Mobile Computing
Data Center