NTP Server (Ubuntu)

There are not enough words to describe how important synchronization of time is.

In my previous life, 90% of the issues I ran into were caused by a lack of time synchronization. For the record, when dealing with TDMA networks or simulations, time is VERY important. With that in mind, I present to you, "How to configure an Ubuntu server as an NTP". This supports my overarching goal of building a fully capable lab environment for my studies.

This will not be a discussion of how NTP works, how many NTP servers do I need, what timezone should be used, or anything similar. Nor will I talk about getting time from a GPS.

Requirements:

• An installed Ubuntu server (VM or bare-metal) that has connectivity to the Internet and that you have root/sudo access on the command line
• A Cisco switch or router with connectivity to the aforementioned Ubuntu server (hereafter referred to as SERVER1)
• The ability and access to connect to the console of said Cisco device with required privilege level

NOTES:

• This tutorial was designed and tested with Ubuntu Server 17.04
• This tutorial does not take security into consideration. USE AT YOUR OWN RISK!
• <ESC> means to press the Escape key on your keyboard
• <CR> means to press the ENTER key on your keyboard
• // denotes that everything following the // is a comment

Part I: Doing things on SERVER1

The first thing we need to do is install ntp:

sudo apt-get update<CR> // update the cache of packages available from the repository

sudo apt-get install ntp<CR> // install the ntp package we need!

There are two lines in the configuration file that we need to modify in order to make the server available for Cisco IOS to pull time from. So, open the file for editing:

sudo vi /etc/ntp.conf<CR>

Remove 'nopeer noquery' from the two lines listed below by placing the cursor over each word and pressing 'd' then 'w'.

restrict -4 default kod notrap nomodify nopeer noquery limited

restrict -6 default kod notrap nomodify nopeer noquery limited

Close out the file (while saving).

<ESC>:wq!<CR>

As a side note, more than likely when you installed Ubuntu server, it auto detected the timezone you are in. Unless you live in a couple of key locations in Europe, I would not recommend using your local timezone. This can be a fairly contentious subject among people. For the sake of completeness, if you want to change your timezone to UTC after installation, do this:

sudo dpkg-reconfigure tzdata<CR>

• Select 'None of the above' then <CR>
• Make sure that 'UTC' is highlighted, then <CR>
• Job's done! More work? // Bonus points to people who get the reference!

That is all we have to do! By default, when you install the ntp package it will already be configured to get time servers from the Ubuntu NTP pools. However we can change this by following the instructions below.

Optional

If we want to change the NTP servers we connect to, this is how to do it. I recommend taking a look at this page in order to determine which NTP server pools you wish to utilize. This is assuming you are going to connect to an outside publicly available stratum 2 or lower server. In this example I will use the NTP Pools for the U.S. from ntp.org.

sudo vi /etc/ntp.conf

Moving the cursor over the first letter in each of the lines that start with 'pool' press 'd' then 'd'. This will delete each of those lines.

Now, move your cursor to the end of the line '# more information.'. Press 'a' then <CR>. Type in the following lines, substituing the FQDN's I have with the FQDN or IP of the server pool you wish to use. If you are not using pools, then change the first word to 'server' instead of 'pool'.

pool 0.us.pool.ntp.org iburst<CR> // the iburst word directs the NTP service to attempt to synchronize faster

pool 1.us.pool.ntp.org iburst<CR> // if you do not use iburst it will take longer to synchronize time

pool 2.us.pool.ntp.org iburst<CR>

pool 3.us.pool.ntp.org iburst<CR>

<ESC>:wq!<CR> // forcibly save the file and quit vi

sudo service restart ntp<CR> // restart the ntp service

In order to verify that the NTP service is synchronizing to an external server, there is a simple command:

ntpq -p<CR>

You may have to execute this command a couple of times before synchronization happens, however, what you are looking for is one of the entries to have an '*' in front of it. This denotes that this is our primary peer for synchronization. Eventually you may see other symbols (such as +, -, #, and some others, see this for more information). The output will look something like the image below.

Part II: Configuring the Cisco device to synchronize with Server1

This is REALLY easy.

Router>enable<CR>

Router#configure terminal<CR>

Router (config) #ntp server <IP address of SERVER1><CR>

Assuming your Cisco router/switch has connectivity to the server, you are done. In order to see the NTP associations:

Router#show ntp associations<CR>

Once again, you are looking for the '*' in front of the IP for your server. It will also list the IP that the server is syncing to! You can also see the synchronization status by:

Router#show ntp status<CR>

This should say "Clock is synchronized, stratum whatever, reference <IP of server>.

Final Notes:

This is by no means an all-inclusive guide, more of a down and dirty kind of thing. I will probably be looking at developing one for authenticated NTP at some point also. As always if you have any questions, comments, or concerns feel free to email me at: binarylattice@gmail.com.