NTP Servers

OIT-CSI hosts stratum 2 time servers that campus can use to syncronize computer clocks. This is critical for proper network operations and authentication.

NC State Time Service Migration (NTP)

The NCSU time service is being upgraded and moved behind a hardware firewall on new non-public networks with new aliases. Configuration changes will be required to use the new service.

Many of the clients currently using our NTP service are connecting directly to our LVS software load balancer. Others are connecting directly to individual servers which may prevent proper failover. Some are using the server names, which is not recommended.

Off campus access to NTP services

If you need off campus access to NTP services, use servers from the NTP Pool Project at http://www.pool.ntp.org.

For North American hosts, the reccomended values are :

server 0.north-america.pool.ntp.org
server 1.north-america.pool.ntp.org
server 2.north-america.pool.ntp.org
server 3.north-america.pool.ntp.org

Changing your NTP configuration

Changes are based current NTP client configuration

NTP configuration DNS available? New settings
Multiple NTP servers Y time-4.ncsu.edu, time-5.ncsu.edu, time-6.ncsu.edu
Multiple NTP servers N 152.1.15.27, 152.1.15.28, 152.1.15.140
Single NTP server Y time.ncsu.edu (request access from Comtech)
Single NTP server N 152.1.21.171 (request access from Comtech)

Current NC State time service

These new servers replace the old NTP server names (time-1, time-2, time-3) and the old VIP (time.ncsu.edu)

The old “time.ncsu.edu” also served a web page with time information. This functionality has not been carried over to the new vip. If you need the old time web page, it is temporarily available at time.ncsu.edu

The use of DNS aliases will allow future upgrades without disruption or user involvement. For those services that can’t take advantage of DNS, the new IP addresses are listed in the table above.

See current time servers (Linux)

To see the time servers that are in use in Linux , ssh into a host and run :

$ /usr/sbin/ntpq -p

remote refid st t when poll reach delay offset disp
========================================================================↓
+time100.unity.n itd-timesource. 2 u 589 1024 377 0.73 1.783 15.29
*time101.unity.n itd-timesource. 2 u 1045 1024 377 0.81 0.761 19.12
+time200.unity.n itd-timesource. 2 u 1019 1024 377 1.02 0.214 15.41

For Windows systems NOT in Wolftech AD, the time will need to be manually changed. They can be updated at any time.

ntp.conf on RHEL hosts for new time servers

For older hosts that are not using Puppet for configuration, the ntp.conf file should look like this :

# ntp.conf - based on Puppet config - 9/22/2017
# Enable next tinker options:
# panic - keep ntpd from panicking in the event of a large clock skew
# when a VM guest is suspended and resumed;
# stepout - allow ntpd change offset faster
tinker panic 0

disable monitor

# Permit time synchronization with our time source, but do not
# permit the source to query or modify the service on this system.
restrict default ignore
restrict -6 default ignore
restrict 127.0.0.1
restrict -6 ::1
restrict 152.1.15.27 nomodify notrap nopeer noquery   # time100.unity.ncsu.edu
restrict 152.1.15.28 nomodify notrap nopeer noquery   # time101.unity.ncsu.edu
restrict 152.1.15.140 nomodify notrap nopeer noquery  # time200.unity.ncsu.edu

# Set up servers for ntpd with next options:
# server - IP address or DNS name of upstream NTP server
# iburst - allow send sync packages faster if upstream unavailable
# prefer - select preferrable server
# minpoll - set minimal update frequency
# maxpoll - set maximal update frequency
server time100.unity.ncsu.edu iburst
server time101.unity.ncsu.edu iburst
server time200.unity.ncsu.edu iburst
Tags: ntp
Edit me