Typical NTP Configuration Considerations | Symmetricom S100 specification

SyncServer S100

The message digest is computed using preferred Message Digest 5 (MD5). An alternative is the Digital Encryption Standard, Cipher Block Chaining (DES-CBC).

The Message Authentication Code (MAC) is made up of a key identifier, then the message digest. Keys are held in a key cache; the cache is initialized from a private file.

Authentication: NTP v4 Autokey

NTP v4 uses public-key cryptography, meaning all keys are random, and private keys are never revealed. A certificate scheme binds the public key to the server identification. Symmetric-key cryptography uses fixed private keys that must be distributed in advance. The Diffie-Hellman model defines the key agreement, and is required for private random keys.

Public Domain NTP Package

For clients not using the public domain NTP package, the NTP packet is enlarged by 8 bytes to handle the entire cryptochecksum, which is 16 bytes (128 bits) in size as generated by the MD5. Since this field is the last in the packet, it should not present any difficulty.

How NTP Defines the Authentication Process

If authentication is enabled, and a valid authentication key identifier and cryptochecksum is received, then the NTP packet is filled in and a new cryptochecksum is computed and added to the packet. The packet is then sent back to the client.

More information

For more about NTP authentication, see both the NTP help available from the S100 web interface and from:

http://www.ntp.org.

Typical NTP Configuration Considerations

This section provides additional information on using NTP and network configuration. The examples provided for explanatory purposes only.

94	S100 User Guide – Rev. D – June 2005

Image 102

Symmetricom S100 manual Typical NTP Configuration Considerations, Authentication NTP v4 Autokey, Public Domain NTP Package

Contents

S100 User Guide S100 User Guide Rev. D June Table of Contents Chapter Web-Based Interface TCP/IP Chapter Operations & Time-Protocols Appendix a S100 Specifications 119 Appendix C Appendix E Antenna Replacement 141 Index 143 How to Go here for the answer Introduction and OverviewChapter Conventions Used Term Definition Product Details Time StandardsGlobal Positioning System GPS Stratum Levels Time Synchronization and BusinessStratum Level Significance How the S100 Solves the Problem National Measurement InstitutesCountry Name of NMI Abbreviation Special Safety Instructions S100 Product Overview S100 TechnologyOverview Sources of Time Web-based Access Time Distribution Model How the S100 Works S100 and NTP v4’s Security Features S100 and Time DistributionS100 and Client Software S100 and the Global Positioning System SyncServer S100 Unpacking Your S100 Installation and ConfigurationGetting Up and Running For the S100-Dial-up/ACTS For the S100-GPS For the S100-Dial-up/ACTS For the S100-GPS Your CD-ROM N c S e rv e r Using the Software PuTTY Folder Details PSFTP.EXE PUTTYGEN.EXE Important Safety Instructions Installing Your S100Primary Power Connection Rack Mounting Making All Connections An Overview Setting Up the Hardware On the S100 Front Panel On the S100 Rear Panel Appendix E on Installing the GPS Antenna Choosing an Antenna LocationOutdoors Installing the GPS antenna Connecting the Rubidium OptionEstablishing a Serial Connection 4Connecting the S100 Setting Up the IP Address 5COM Port Properties 6Login and Command Line Testing Network Functionality 9IPCONFIG and Ping Screen Turning Off Your S100 Normal How to Acquire Time Logging On Administrator Log-In System Status Logged Configuration Wizard Next Step Dial-up to NISTs Automated Computer Time Service Acts Choose Your Time Source 17Configuring the S100 Time Source GPS Then click Next for the System Information dialog System Tests Dialog Test Results dialog Setup Complete dialog Dialup Settings dialog System Information dialog System Tests dialog Test Results dialog NTP 30System Information fields Click Test Now Configuring NTP IRIG-B v.120,122,123 Dialup Backup dialog 36System Testing options 37Test Results shown Using SymmTime Installing SymmTime SyncServer S100 Next Use the Web-Based Interface To Synchronize SymmTime SyncServer S100 Web-Based Interface Interface Screen Reference Administrative Interface Logging Admin Interface Base Menu 2Administrative Interface Base Menu Administrative Menu Expanded 3Interface Admin Menu, expanded Timing Configuration System Status 5Configuring New Clients and Servers NTP Relationships S100 User Guide Rev. D June NTP Time Source Test NTP Dialup NTP Restart NTP Status SyncServer S100 10Viewing the NTP Configuration File Advanced ntp.conf Advanced Keys/Certificates 11Obtaining and Generating Keys Certificates Main Settings Timing Engine Timecode Settings IRIG-A IRIG-B GPS Information GPS HealthBit Position Meaning if bit value = GPS Signal Strength 15GPS Signal Strength GPS Time GPS Position Clock Settings Other InformationEngine Time Control Settings 20Control Settings Networking Model Information S100 User Guide Rev. D June Ifconfig Output Ping Traceroute Options Administration Shutdown/Reboot Admin Users Restart Web Interface System Log Configuration Time Zone Snmp Configuration Snmp Edit Alarms 33Setting Alarm Parameters Logs NTP Log Boot Log System Log Config Log Http Log Ntpd Help HelpSyncServer Help Search Ntpd Manual Logging Off 40Log Off screen SyncServer S100 Operations & Time-Protocols Sysplex TimerHow the S100 Uses the Sysplex Timer S100 Operations and Time Protocols 41Time Information String Parameters Time Protocol RFC Daytime Protocol RFC Simple Network Time Protocol RFC Network Time Protocol RFCNTP Data Format Stratum Poll Precision Leap Indicator LIMode Version Number VN Poll Interval ModeStratum Synchronizing Distance Root Distance Version NTP Authentication Authentication NTP How NTP Defines the Authentication Process Typical NTP Configuration ConsiderationsAuthentication NTP v4 Autokey Public Domain NTP Package Other NTP Considerations Clients Basic NTP Configuration S100 User Guide Rev. D June SyncServer S100 S100 User Guide Rev. D June 43Large Net NTP Configuration 44Large Net NTP Configuration 45Small Net NTP Configuration Acts Interface Dial-up PeersSecurity Snmp Simple Network Management Protocol Acts Operation Version 106 S100 User Guide Rev. D June An authenticated and encrypted request example Parameter Command Line Flag Snmp.conf token 108 S100 User Guide Rev. D June How can we obtain NTP client software to use with the S100? Frequently Asked QuestionsQuestions What are the main differences between Sntp and NTP clients? How does the S100 handle Leap Second? How do I check versions of the software in the S100? How do I know if the satellite signal strength is good? Cable length and Type Antenna How is the interface to the S100 secured? Does the S100 support NTP v4?Can the S100 utilize a certificate from an external CA? What security functions are provided with the S100? How-to’s and Tips How to get time using dial-up How to install NTP v4 on a Unix systemHow to install your S100 How to get time using GPS Use the quick How to guide How to install your GPS antennaHow to acquire and install SymmTime How to change the root password S100 does not respond to ping command SolutionsHow to get information about NTP S100 does not respond to NTP queries Possible cause of tracking problems How to fix My S100 won’t track satellites 118 S100 User Guide Rev. D June Appendix a S100 SpecificationsS100 Data Sheet Specifications Component Specifics Description Pin Descriptions Time Glossary Appendix B BCD CdmaCdsa Certificate Extension Content FilteringCertificate Authority CA Certificate Request Dcls DESDhcp DSS DSASS/NTP DTT Html GMTGPS Http IKE IrigITU MD5 LANLdap MIB Ntms NistNOC NTP Pkcs OSIPCI PKI RSA SHA-1Mime SSL-LDAP SnmpSSL TCP/IP TMC TftpTLS TPC TSR TSATSP UDP/IP W3C UTCVPN WAN 509 v3 Certificate Extension US Assistance Center Customer AssistanceAppendix D Emea Assistance Center Emeasupport@symmetricom.com Symmetricom, Inc Westwind Blvd Santa Rosa, Ca USA Declaration of ConformityAppendix C Conforms to the Following European Union Directives FCC Antenna Replacement Appendix E 142 S100 User Guide Rev. D June Index Numerics 144 S100 User Guide Rev. D June S100 User Guide Rev. D June 145 Denial of Service DES S100 User Guide Rev. D June 147 Https Irig a 150 S100 User Guide Rev. D June S100 User Guide Rev. D June 151 152 S100 User Guide Rev. D June S100 User Guide Rev. D June 153 154 S100 User Guide Rev. D June S100 User Guide Rev. D June 155 Vault Verification Version Virus VPN W3C Wait time WAN 509 v3 Certificate Extension Coordinate Year 158 S100 User Guide Rev. D June