Network Time Protocol (NTP) is still the best way to synchronize computer clocks for non-real-time applications. For real-time synchronization, time code and, increasingly, Precision Time Protocol (PTP), are more appropriate. Even if you are using time code or PTP, your servers usually don’t synchronize their clocks to those signals. Because of the heavy reliance on synchronization in media applications, you need to be sure to deploy NTP properly. Fortunately, most media facilities are already in a good position to reliably use NTP because of their time code infrastructures.
Background
NTP is designed to synchronize clocks of computers on packet-switched, variable-latency networks to within a millisecond of each other. The protocol was originally defined in 1985 for the slow, inconsistent links of the early Internet and makes certain assumptions based on that environment. (That is why PTP is emerging as the better protocol for nanosecond synchronization needed to time a video plant.) NTP uses UDP port 123.
NTP uses a stratified (hierarchical) approach to distributing time. The protocol defines Strata 0 through 16, with 0, 1, and 16 having precise definitions and the rest are relative to each other. Stratum 0 devices are high-precision time-keeping devices: atomic clocks, GPS, or other radio clocks. Stratum 1 devices are synchronized to Stratum 0 clocks. Stratum 2 devices synch to Stratum 1, Stratum 3 devices synch to Stratum 2, and so on up to Stratum 15. The specification assigns unsynchronized devices to Stratum 16 and you should not use them as a reference for other devices.
Who to Trust
One important concept to understand relates to how an NTP client decides which time servers to trust to be accurate. A computer can synchronize to a device in its own stratum or higher. If a higher stratum server is available, the computer will prefer that over lower strata. If you configure a device with one source of time in each strata, you can easily figure out which synchronization source to trust.
But what happens if you have two servers to in a higher stratum? Which one should the NTP client trust? Unfortunately, there is no automatic way to decide which one to trust most of the time. Without additional information, a computer can’t decide if the time from one of its sources is right and the other is wrong or if they are both right. NTP clients, like the reference NTP implementation, allow you to configure a preferred server, which allows you to decide which one to trust unless it isn’t available.
To avoid a trust issue, you should define three or more servers for an NTP client to synchronize with. (The more, the better!) You can define a preferred server in this situation, but you don’t have to. The NTP protocol can essentially “triangulate” the accuracy of the servers and make a decision based off that calculation.
For more, see Why should I have more than one clock? and section 4.2 of RFC-1305.
Best Practices in Media Facilities
At this point, you should be seeing similarities to the time code infrastructure of most video facilities. We have highly reliable time code generators that are externally synchronized, either to GPS or by modem, that feed into DAs that distribute time to end devices. Sometimes we have intermediate generators to improve the survivability of the infrastructure. This makes it easy to design reliable, accurate NTP systems in our plants, if we follow some best practices.
Stratum 1
Most modern time code generators support NTP, which gives you a head start. You can also synchronize most to GPS or at least synch by modem. Also, you probably already have more than one time code generator. However, you should not synch the bulk of your devices directly to you generators.
- Synch your primary generator to GPS.
- Synch secondary generators to GPS or by modem if cost is a factor.
- If you have two generators, configure Stratum 2 servers to prefer the primary.
- If you have three generators, configure Stratum 2 servers to prefer one.
- If only one generator is synched to GPS, make sure Stratum 2 servers prefer that generator.
Stratum 2
Your Stratum 2 servers become your synchronization pool for the rest of your devices. You can build further strata, if necessary, but in most cases it isn’t necessary.
- Configure at least 3 servers, in different parts of your network to be the NTP servers that most of your devices synch to. More is better.
- These don’t have to be dedicated servers.
- These don’t have to be high end servers.
Everything else
- Don’t use the Windows Time Service. It isn’t reliable or configurable. Use the Meinberg port of the NTP reference implementation on Windows computers. It is accurate, configurable, and observable.
- Make sure devices synch to at least three servers. Remember to configure a preferred server if you only have three Stratum 2 servers.
- Don’t synch to public NTP servers.
- Filter inbound and outbound NTP traffic at the edge of your network. Either block it completely or filter it according to BCP38 to prevent Denial of Service (DoS) attacks on your NTP infrastructure.
- Monitor your NTP infrastructure. Make sure you know if a server is not responding to NTP requests or isn’t providing accurate time anymore. You can use the
ntpq
reference program, the Meinberg NTP Time Server Monitor, and other monitoring tools, like OpenNMS and Icinga.