draft-ietf-ntp-ntpv4-proto-05.txt   draft-ietf-ntp-ntpv4-proto-06.txt 
NTP WG J. Burbank, Ed. NTP WG J. Burbank, Ed.
Internet-Draft W. Kasch, Ed. Internet-Draft W. Kasch, Ed.
Obsoletes: RFC 4330, RFC 1305 JHU/APL Obsoletes: RFC 4330, RFC 1305 JHU/APL
(if approved) J. Martin, Ed. (if approved) J. Martin, Ed.
Intended status: Standards Track Daedelus Intended status: Standards Track Daedelus
Expires: September 24, 2007 D. Mills Expires: November 25, 2007 D. Mills
U. Delaware U. Delaware
March 23, 2007 May 24, 2007
Network Time Protocol Version 4 Protocol And Algorithms Specification Network Time Protocol Version 4 Protocol And Algorithms Specification
draft-ietf-ntp-ntpv4-proto-05 draft-ietf-ntp-ntpv4-proto-06
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 38 skipping to change at page 1, line 38
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on September 24, 2007. This Internet-Draft will expire on November 25, 2007.
Copyright Notice Copyright Notice
Copyright (C) The IETF Trust (2007). Copyright (C) The IETF Trust (2007).
Abstract Abstract
The Network Time Protocol (NTP) is widely used to synchronize The Network Time Protocol (NTP) is widely used to synchronize
computer clocks in the Internet. This document describes NTP Version computer clocks in the Internet. This document describes NTP Version
4 (NTPv4), which is backwards compatible with NTP Version 3 (NTPv3) 4 (NTPv4), which is backwards compatible with NTP Version 3 (NTPv3)
skipping to change at page 2, line 23 skipping to change at page 2, line 23
Table of Contents Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 4
1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 5 1.1. Requirements Notation . . . . . . . . . . . . . . . . . . 5
2. Modes of Operation . . . . . . . . . . . . . . . . . . . . . 5 2. Modes of Operation . . . . . . . . . . . . . . . . . . . . . 5
3. Protocol Modes . . . . . . . . . . . . . . . . . . . . . . . 6 3. Protocol Modes . . . . . . . . . . . . . . . . . . . . . . . 6
3.1. Simple Network Time Protocol (SNTP) . . . . . . . . . . . 7 3.1. Simple Network Time Protocol (SNTP) . . . . . . . . . . . 7
3.2. Dynamic Server Discovery . . . . . . . . . . . . . . . . 8 3.2. Dynamic Server Discovery . . . . . . . . . . . . . . . . 8
4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 9 4. Definitions . . . . . . . . . . . . . . . . . . . . . . . . . 9
5. Implementation Model . . . . . . . . . . . . . . . . . . . . 11 5. Implementation Model . . . . . . . . . . . . . . . . . . . . 10
6. Data Types . . . . . . . . . . . . . . . . . . . . . . . . . 13 6. Data Types . . . . . . . . . . . . . . . . . . . . . . . . . 13
7. Data Structures . . . . . . . . . . . . . . . . . . . . . . . 17 7. Data Structures . . . . . . . . . . . . . . . . . . . . . . . 17
7.1. Structure Conventions . . . . . . . . . . . . . . . . . . 17 7.1. Structure Conventions . . . . . . . . . . . . . . . . . . 17
7.2. Global Parameters . . . . . . . . . . . . . . . . . . . . 17 7.2. Global Parameters . . . . . . . . . . . . . . . . . . . . 17
7.3. Packet Header Variables . . . . . . . . . . . . . . . . . 18 7.3. Packet Header Variables . . . . . . . . . . . . . . . . . 18
7.4. The Kiss-o'-Death Packet . . . . . . . . . . . . . . . . 24 7.4. The Kiss-o'-Death Packet . . . . . . . . . . . . . . . . 24
7.5. NTP Extension Field Format . . . . . . . . . . . . . . . 25 7.5. NTP Extension Field Format . . . . . . . . . . . . . . . 25
8. On Wire Protocol . . . . . . . . . . . . . . . . . . . . . . 27 8. On Wire Protocol . . . . . . . . . . . . . . . . . . . . . . 27
9. Peer Process . . . . . . . . . . . . . . . . . . . . . . . . 31 9. Peer Process . . . . . . . . . . . . . . . . . . . . . . . . 31
9.1. Peer Process Variables . . . . . . . . . . . . . . . . . 31 9.1. Peer Process Variables . . . . . . . . . . . . . . . . . 31
9.2. Peer Process Operations . . . . . . . . . . . . . . . . . 34 9.2. Peer Process Operations . . . . . . . . . . . . . . . . . 34
10. Clock Filter Algorithm . . . . . . . . . . . . . . . . . . . 38 10. Clock Filter Algorithm . . . . . . . . . . . . . . . . . . . 38
11. System Process . . . . . . . . . . . . . . . . . . . . . . . 40 11. System Process . . . . . . . . . . . . . . . . . . . . . . . 40
11.1. System Process Variables . . . . . . . . . . . . . . . . 40 11.1. System Process Variables . . . . . . . . . . . . . . . . 40
11.2. System Process Operations . . . . . . . . . . . . . . . . 42 11.2. System Process Operations . . . . . . . . . . . . . . . . 41
11.2.1. Selection Algorithm . . . . . . . . . . . . . . . . 44 11.2.1. Selection Algorithm . . . . . . . . . . . . . . . . 44
11.2.2. Cluster Algorithm . . . . . . . . . . . . . . . . . 45 11.2.2. Cluster Algorithm . . . . . . . . . . . . . . . . . 45
11.2.3. Combine Algorithm . . . . . . . . . . . . . . . . . 46 11.2.3. Combine Algorithm . . . . . . . . . . . . . . . . . 46
11.3. Clock Discipline Algorithm . . . . . . . . . . . . . . . 48 11.3. Clock Discipline Algorithm . . . . . . . . . . . . . . . 48
12. Clock Adjust Process . . . . . . . . . . . . . . . . . . . . 52 12. Clock Adjust Process . . . . . . . . . . . . . . . . . . . . 52
13. Poll Process . . . . . . . . . . . . . . . . . . . . . . . . 52 13. Poll Process . . . . . . . . . . . . . . . . . . . . . . . . 52
13.1. Poll Process Variables . . . . . . . . . . . . . . . . . 52 13.1. Poll Process Variables . . . . . . . . . . . . . . . . . 52
13.2. Poll Process Operations . . . . . . . . . . . . . . . . . 53 13.2. Poll Process Operations . . . . . . . . . . . . . . . . . 53
14. Security Considerations . . . . . . . . . . . . . . . . . . . 55 14. Security Considerations . . . . . . . . . . . . . . . . . . . 55
15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 56 15. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 56
skipping to change at page 4, line 8 skipping to change at page 4, line 8
A.5.4. access() . . . . . . . . . . . . . . . . . . . . . . 85 A.5.4. access() . . . . . . . . . . . . . . . . . . . . . . 85
A.5.5. System Process . . . . . . . . . . . . . . . . . . . 85 A.5.5. System Process . . . . . . . . . . . . . . . . . . . 85
A.5.6. Clock Adjust Process . . . . . . . . . . . . . . . . 99 A.5.6. Clock Adjust Process . . . . . . . . . . . . . . . . 99
A.5.7. Poll Process . . . . . . . . . . . . . . . . . . . . 100 A.5.7. Poll Process . . . . . . . . . . . . . . . . . . . . 100
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 107 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 107
Intellectual Property and Copyright Statements . . . . . . . . . 108 Intellectual Property and Copyright Statements . . . . . . . . . 108
1. Introduction 1. Introduction
This document defines the Network Time Protocol Version 4 (NTPv4), This document defines the Network Time Protocol Version 4 (NTPv4),
which is widely used to synchronize the system clocks among a set of which is widely used to synchronize system clocks among a set of
distributed time servers and clients. It describes the core distributed time servers and clients. It describes the core
architecture, protocol, state machines, data structures and architecture, protocol, state machines, data structures and
algorithms. NTPv4 introduces new functionality to NTPv3, as algorithms. NTPv4 introduces new functionality to NTPv3, as
described in [1], and functionality expanded from SNTPv4 as described described in [1], and functionality expanded from SNTPv4 as described
in [2] (SNTPv4 is a subset of NTPv4). This document obsoletes [1], in [2] (SNTPv4 is a subset of NTPv4). This document obsoletes [1],
and [2]. While certain minor changes have been made in some protocol and [2]. While certain minor changes have been made in some protocol
header fields, these do not affect the interoperability between NTPv4 header fields, these do not affect the interoperability between NTPv4
and previous versions of NTP and SNTP. and previous versions of NTP and SNTP.
The NTP subnet model includes a number of widely accessible primary The NTP subnet model includes a number of widely accessible primary
time servers synchronized by wire or radio to national standards. time servers synchronized by wire or radio to national standards.
The purpose of the NTP protocol is to convey timekeeping information The purpose of the NTP protocol is to convey timekeeping information
from these primary servers to secondary time servers and clients via from these primary servers to secondary time servers and clients via
both private networks and the public Internet. Crafted algorithms both private networks and the public Internet. Crafted algorithms
mitigate errors that may result from network disruptions, server mitigate errors that may result from network disruptions, server
failures and possible hostile action. Servers and clients are failures and possible hostile actions. Servers and clients are
configured such that values flow from the primary servers at the root configured such that values flow towards clients from the primary
via branching secondary servers toward clients. servers at the root via branching secondary servers.
The NTPv4 design overcomes significant shortcomings in the NTPv3 The NTPv4 design overcomes significant shortcomings in the NTPv3
design, corrects certain bugs and incorporates new features. In design, corrects certain bugs and incorporates new features. In
particular, expanded NTP timestamp definitions encourage the use of particular, expanded NTP timestamp definitions encourage the use of
floating double data types throughout the implementation. The time the floating double data type throughout the implementation. As a
resolution is better than one nanosecond and frequency resolution result, the time resolution is better than one nanosecond and
better than one nanosecond per second. Additional improvements frequency resolution is less than one nanosecond per second.
include a new clock discipline algorithm which is more responsive to Additional improvements include a new clock discipline algorithm
system clock hardware frequency fluctuations. Typical primary which is more responsive to system clock hardware frequency
servers using modern machines are precise within a few tens of fluctuations. Typical primary servers using modern machines are
microseconds. Typical secondary servers and clients on fast LANs are precise within a few tens of microseconds. Typical secondary servers
within a few hundred microseconds with poll intervals up to 1024 and clients on fast LANs are within a few hundred microseconds with
seconds, which was the maximum with NTPv3. With NTPv4, servers and poll intervals up to 1024 seconds, which was the maximum with NTPv3.
clients are within a few tens of milliseconds with poll intervals up With NTPv4, servers and clients are precise within a few tens of
to 36 hours. milliseconds with poll intervals up to 36 hours.
The main body of this document describes the core protocol and data The main body of this document describes the core protocol and data
structures necessary to interoperate between conforming structures necessary to interoperate between conforming
implementations. Appendix A contains additional detail in the form implementations. Appendix A contains additional detail in the form
of a skeleton program including data structures and code segments for of a skeleton program, including data structures and code segments
the core algorithms and in addition the mitigation algorithms used to for the core algorithms as well as the mitigation algorithms used to
enhance reliability and accuracy. While the skeleton and other enhance reliability and accuracy. While the skeleton program and
descriptions in this document apply to a particular implementation, other descriptions in this document apply to a particular
they are not intended as the only way the required functions can be implementation, they are not intended as the only way the required
implemented. While the NTPv3 symmetric key authentication scheme functions can be implemented. While the NTPv3 symmetric key
described in this document carries over from NTPv3, the Autokey authentication scheme described in this document has been carried
public key authentication scheme new to NTPv4 is described in [3]. over from NTPv3, the Autokey public key authentication scheme new to
NTPv4 is described in [3].
The NTP protocol includes the modes of operation described in The NTP protocol includes modes of operation described in Section 2
Section 2 using the data types described in Section 6 and the data using data types described in Section 6 and data structures described
structures in Section 7. The implementation model described in in Section 7. The implementation model described in Section 5 is
Section 5 is based on a multiple-process, threaded architecture, based on a threaded, multi-process architecture, although other
although other architectures could be used as well. The on-wire architectures could be used as well. The on-wire protocol described
protocol described in Section 8 is based on a returnable-time design in Section 8 is based on a returnable-time design which depends only
which depends only on measured clock offsets, but does not require on measured clock offsets, but does not require reliable message
reliable message delivery. The synchronization subnet is a self- delivery. The synchronization subnet is a self-organizing,
organizing, hierarchical, master-slave network with synchronization hierarchical, master-slave network with synchronization paths
paths determined by a shortest-path spanning tree and defined metric. determined by a shortest-path spanning tree and defined metric.
While multiple masters (primary servers) may exist, there is no While multiple masters (primary servers) may exist, there is no
requirement for an election protocol. requirement for an election protocol.
This document includes material from [4], which contains flow charts This document includes material from [4], which contains flow charts
and equations unsuitable for RFC format. There is much additional and equations unsuited for RFC format. There is much additional
information in [5], including an extensive technical analysis and information in [5], including an extensive technical analysis and
performance assessment of the protocol and algorithms in this performance assessment of the protocol and algorithms in this
document. The reference implementation itself is available at document. The reference implementation is available at www.ntp.org.
www.ntp.org.
The remainder of this document contains numerous variables and The remainder of this document contains numerous variables and
mathematical expressions. Some variables take the form of Greek mathematical expressions. Some variables take the form of Greek
characters, which are spelled out by their full case-sensitive name. characters, which are spelled out by their full case-sensitive name.
For example DELTA refers to the uppercase Greek character, while For example DELTA refers to the uppercase Greek character, while
delta refers to the lowercase character. Furthermore, subscripts are delta refers to the lowercase character. Furthermore, subscripts are
denoted with '_', for example theta_i refers to the lowercase Greek denoted with '_', for example theta_i refers to the lowercase Greek
character theta with subscript i, or phonetically theta sub i. character theta with subscript i, or phonetically theta sub i.
1.1. Requirements Notation 1.1. Requirements Notation
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in [6]. document are to be interpreted as described in [6].
2. Modes of Operation 2. Modes of Operation
An NTP implementation operates as a primary server, secondary server An NTP implementation operates as a primary server, secondary server
or client. A primary server is synchronized directly to a reference or client. A primary server is synchronized directly to a reference
clock, such as a GPS receiver or telephone modem service. A client clock, such as a GPS receiver or telephone modem service. A client
is synchronized to one or more upstream servers, but does not provide synchronizes to one or more upstream servers, but does not provide
synchronization to dependent clients. A secondary server has one or synchronization to dependent clients. A secondary server has one or
more upstream servers and one or more downstream servers or clients. more upstream servers and one or more downstream servers or clients.
All servers and clients claiming full NTPv4 compliance must implement All servers and clients who are fully NTPv4 compliance MUST implement
the entire suite of algorithms described in this document. In order the entire suite of algorithms described in this document. In order
to maintain stability in large NTP subnets, secondary servers must be to maintain stability in large NTP subnets, secondary servers MUST be
fully NTPv4 compliant. fully NTPv4 compliant.
3. Protocol Modes 3. Protocol Modes
There are three NTP protocol variants, symmetric, client/server and There are three NTP protocol variants, symmetric, client/server and
broadcast. Each is associated with an association mode as shown in broadcast. Each is associated with an association mode as shown in
Figure 1. Persistent associations are mobilized upon startup and are Figure 1. In addition, persistent associations are mobilized upon
never demobilized. Ephemeral associations are mobilized upon arrival startup and are never demobilized. Ephemeral associations are
of a packet and are demobilized upon error or timeout. mobilized upon the arrival of a packet and are demobilized upon error
or timeout.
+-------------------+--------------+-------------+ +-------------------+--------------+-------------+
| Association Mode | Assoc. Mode | Packet Mode | | Association Mode | Assoc. Mode | Packet Mode |
+-------------------+--------------+-------------+ +-------------------+--------------+-------------+
| Symmetric Active | 1 | 1 or 2 | | Symmetric Active | 1 | 1 or 2 |
| Symmetric Passive | 2 | 1 | | Symmetric Passive | 2 | 1 |
| Client | 3 | 4 | | Client | 3 | 4 |
| Server | 4 | 3 | | Server | 4 | 3 |
| Broadcast Server | 5 | 5 | | Broadcast Server | 5 | 5 |
| Broadcast Client | 6 | N/A | | Broadcast Client | 6 | N/A |
+-------------------+--------------+-------------+ +-------------------+--------------+-------------+
Figure 1: Association and Packet Modes Figure 1: Association and Packet Modes
In the client/server variant a persistent client association sends In the client/server variant a persistent client sends client (mode
client (mode 3) packets to a server, which returns server (mode 4) 3) packets to a server, which returns server (mode 4) packets.
packets. Servers provide synchronization to one or more clients, but Servers provide synchronization to one or more clients, but do not
do not accept synchronization from them. A server can also be a accept synchronization from them. A server can also be a reference
reference clock driver which obtains time directly from a standard clock driver which obtains time directly from a standard source such
source such as a GPS receiver or telephone modem service. We say as a GPS receiver or telephone modem service. In this varient,
that clients pull synchronization from servers. clients pull synchronization from servers.
In the symmetric variant a peer operates as both a server and client In the symmetric variant a peer operates as both a server and client
using either a symmetric active or symmetric passive association. A using either a symmetric active or symmetric passive association. A
persistent symmetric active association sends symmetric active (mode persistent symmetric active association sends symmetric active (mode
1) packets to a symmetric active peer association. Alternatively, an 1) packets to a symmetric active peer association. Alternatively, an
ephemeral symmetric passive association can be mobilized upon arrival ephemeral symmetric passive association can be mobilized upon arrival
of a symmetric active packet matching no association. That of a symmetric active packet with matching no association. That
association sends symmetric passive (mode 2) packets and persists association sends symmetric passive (mode 2) packets and persists
until error or timeout. Peers both push and pull synchronization to until error or timeout. Peers both push and pull synchronization to
and from each other. For the purposes of this document, a peer and from each other. For the purposes of this document, a peer
operates like a client, so a reference to client implies peer as operates like a client, so references to client imply peer as well.
well.
In the broadcast variant a persistent broadcast server association In the broadcast variant a persistent broadcast server association
sends periodic broadcast server (mode 5) packets which can be sends periodic broadcast server (mode 5) packets which can be
received by multiple clients. Upon reception of a broadcast server received by multiple clients. Upon reception of a broadcast server
packet matching no association, an ephemeral broadcast client (mode packet without a matching association, an ephemeral broadcast client
6) association is mobilized and persists until error or timeout. It (mode 6) association is mobilized and persists until error or
is useful to provide an initial volley where the client operating in timeout. It is useful to provide an initial volley where the client
client mode exchanges several packets with the server in order to operating in client mode exchanges several packets with the server,
calibrate the propagation delay and to run the Autokey security so as to calibrate the propagation delay and to run the Autokey
protocol, after which the client reverts to broadcast client mode. security protocol, after which the client reverts to broadcast client
We say that broadcast servers push synchronization to willing mode. A broadcast server pushes synchronization to clients and other
consumers. servers.
Following conventions established by the telephone industry, the Following loosely the conventions established by the telephone
level of each server in the hierarchy is defined by a number called industry, the level of each server in the hierarchy is defined by a
the stratum, with the primary servers assigned stratum one and the stratum number. Primary servers are assigned stratum one; secondary
secondary servers at each level assigned one greater than the servers at each lower level are assigned stratum numbers one greater
preceding level. As the stratum increases from one, the accuracies than the preceding level. As the stratum number increases, its
achievable degrade somewhat depending on the particular network path accuracy degrades depending on the particular network path and system
and system clock stability. It is useful to assume that mean errors, clock stability. Mean errors, measured by synchronization distances,
and thus a metric called the synchronization distance, increase increase approximately in proportion to stratum numbers and measured
approximately in proportion to the stratum and measured round trip roundtrip delay.
delay. It is important to note that NTP stratum is only loosely
modeled after the telecommunications stratum, which is defined by
international agreement.
Drawing from the experience of the telecommunications industry, which As a standard practice, timing network topology should be organized
learned such lessons at considerable cost, the subnet topology should to avoid timing loops and minimize the synchronization distance. In
be organized to produce the lowest synchronization distances, but NTP the subnet topology is determined using a variant of the Bellman-
must never be allowed to form a loop. In NTP the subnet topology is Ford distributed routing algorithm, which computes the shortest-
determined using a variant of the Bellman-Ford distributed routing distance spanning tree rooted on the primary servers. As a result of
algorithm, which computes the shortest-distance spanning tree rooted this design, the algorithm automatically reorganizes the subnet, so
on the primary servers. As a result of this design, the algorithm as to produce the most accurate and reliable time, even when there
automatically reorganizes the subnet to produce the most accurate and are failures in the timing network.
reliable time, even when one or more primary or secondary servers or
the network paths fail.
3.1. Simple Network Time Protocol (SNTP) 3.1. Simple Network Time Protocol (SNTP)
Primary servers and clients complying with a subset of NTP, called Primary servers and clients complying with a subset of NTP, called
the Simple Network Time Protocol (SNTPv4) [2], do not need to the Simple Network Time Protocol (SNTPv4) [2], do not need to
implement the mitigation algorithms described in Section 9 and implement the mitigation algorithms described in Section 9 and
following sections. SNTP is intended for primary servers equipped following sections. SNTP is intended for primary servers equipped
with a single reference clock, as well as for clients with a single with a single reference clock, as well as for clients with a single
upstream server and no dependent clients. The fully developed NTPv4 upstream server and no dependent clients. The fully developed NTPv4
implementation is intended for secondary servers with multiple implementation is intended for secondary servers with multiple
upstream servers and multiple downstream servers or clients. Other upstream servers and multiple downstream servers or clients. Other
than these considerations, NTP and SNTP servers and clients are than these considerations, NTP and SNTP servers and clients are
completely interoperable and can be mixed and matched in NTP subnets. completely interoperable and can be mixed and matched in NTP subnets.
An SNTP primary server implementing the on-wire protocol described in An SNTP primary server implementing the on-wire protocol described in
Section 8 has no upstream servers except a single reference clock. Section 8 has no upstream servers except a single reference clock.
In principle, it is indistinguishable from an NTP primary server In principle, it is indistinguishable from an NTP primary server that
which has the mitigation algorithms, presumably to mitigate between has the mitigation algorithms and therefore capable of mitigating
multiple reference clocks. between multiple reference clocks.
Upon receiving a client request, an SNTP primary server constructs Upon receiving a client request, an SNTP primary server constructs
and sends the reply packet as described in Figure 2 of Section 9.2. and sends the reply packet as described in Figure 2 of Section 9.2.
Note that the dispersion field in the packet header must be updated Note that the dispersion field in the packet header must be updated
as described in Section 4. as described in Section 5.
+-----------------------------------+ +-----------------------------------+
| Packet Variable <-- Variable | | Packet Variable <-- Variable |
+-----------------------------------+ +-----------------------------------+
| x.leap <-- s.leap | | x.leap <-- s.leap |
| x.version <-- r.version | | x.version <-- r.version |
| x.mode <-- 4 | | x.mode <-- 4 |
| x.stratum <-- s.stratum | | x.stratum <-- s.stratum |
| x.poll <-- r.poll | | x.poll <-- r.poll |
| x.precision <-- s.precision | | x.precision <-- s.precision |
skipping to change at page 8, line 36 skipping to change at page 8, line 32
| x.rec <-- r.dst | | x.rec <-- r.dst |
| x.xmt <-- clock | | x.xmt <-- clock |
| x.keyid <-- r.keyid | | x.keyid <-- r.keyid |
| x.digest <-- md5 digest | | x.digest <-- md5 digest |
+-----------------------------------+ +-----------------------------------+
Figure 2: fast_xmit Packet Header Figure 2: fast_xmit Packet Header
A SNTP client implementing the on-wire protocol has a single server A SNTP client implementing the on-wire protocol has a single server
and no dependent clients. It can operate with any subset of the NTP and no dependent clients. It can operate with any subset of the NTP
on-wire protocol, the simplest using only the transmit timestamp of on-wire protocol, the simplest approach using only the transmit
the server packet and ignoring all other fields. However, the timestamp of the server packet and ignoring all other fields.
additional complexity to implement the full on-wire protocol is However, the additional complexity to implement the full on-wire
minimal and is encouraged. protocol is minimal so that a full implementation is encouraged.
3.2. Dynamic Server Discovery 3.2. Dynamic Server Discovery
There are two special associations, manycast client and manycast There are two special associations, manycast client and manycast
server, which provide a dynamic server discovery function. There are server, which provide a dynamic server discovery function. There are
two types of manycast client associations, persistent and ephemeral. two types of manycast client associations, persistent and ephemeral.
The persistent manycast client sends client (mode 3) packets to a The persistent manycast client sends client (mode 3) packets to a
designated IPv4 or IPv6 broadcast or multicast group address. designated IPv4 or IPv6 broadcast or multicast group address.
Designated manycast servers in range of the time-to-live (TTL) field Designated manycast servers within range of the time-to-live (TTL)
in the packet listen for packets with that address. If suitable for field in the packet header listen for packets with that address. If
synchronization, the server returns an ordinary server (mode 4) a server is suitable for synchronization, it returns an ordinary
packet, but using its unicast address rather than its broadcast server (mode 4) packet using the client's unicast address. Upon
address. Upon receipt an ephemeral client (mode 3) association is receiving this packet, the client mobilizes an ephemeral client (mode
mobilized using the addresses and other data in the persistent 3) association. The ephemeral client association persists until
manycast client association and server packet header. The ephemeral error or timeout.
client association persists until error or timeout.
The manycast client continues to send packets until a specified A manycast client continues sending packets to search for a minimum
minimum number of client associations have been mobilized. If fewer number of associations. It starts with a TTL equal to one and
than this number have been found, the client sends packets starting continuously adding one to it until the minimum number of
with a TTL of one and increasing by one for each subsequent packet associations is made or when the TTL reaches a maximum value. If the
until reaching a designated maximum. Upon reaching the maximum, TTL reaches its maximum value and yet not enough associations are
packets are not sent until after a designated timeout, after which mobilized, the client stops transmission for a time-out period to
the cycle repeats. If at least the minimum number of associations clear all associations, and then repeats the search cycle. If a
have been found, the client sends one packet at each timeout. minimum number of associations has been mobilized, then the client
starts transmitting one packet per time-out period to maintain the
associations.
It is the intent that ephemeral associations compete with other The ephemeral associations compete among themselves. As new
associations and newly discovered associations. As each crop of ephemeral associations are mobilized, the client runs the mitigation
ephemeral associations are mobilized, the mitigation algorithms algorithms described in Section 10 and Section 11.2 for the best
described in Section 10 and Section 11.2 sift the best candidates candidates out of the population, the remaining ephemeral
from the population and the remaining ephemeral associations time out associations are timed out and demobilized. In this way the
and are demobilized. In this way the population includes only the population includes only the best and freshest candidates to
best and freshest candidates to discipline the system clock. The discipline the system clock. The reference implementation includes
reference implementation includes intricate means to do this, but intricate means to do this, but these are beyond the scope of this
these are beyond the scope of this document. document.
4. Definitions 4. Definitions
A number of terms used throughout this document have a precise A number of technical terms are defined in this section. A timescale
technical definition. A timescale is a frame of reference where time is a frame of reference where time is expressed as the value of a
is expressed as the value of a monotonic-increasing binary counter monotonically increasing binary counter with an indefinite number of
with an indefinite number of bits. It counts in seconds and fraction bits. It counts in seconds and fractions of a second, when a decimal
with the decimal point somewhere in the middle. The Coordinated point is employed. The Coordinated Universal Time (UTC) timescale
Universal Time (UTC) timescale represents mean solar time as represents mean solar time as disseminated by national standards
disseminated by national standards laboratories. The system time is laboratories. The system time is represented by the system clock
represented by the system clock maintained by the hardware and maintained by the hardware and operating system. The goal of the NTP
operating system. The goal of the NTP algorithms is to minimize both algorithms is to minimize both the time difference and frequency
the time difference and frequency difference between UTC and the difference between UTC and the system clock. When these differences
system clock. When these differences have been reduced below nominal have been reduced below nominal tolerances, the system clock is said
tolerances, the system clock is said to be synchronized to UTC. to be synchronized to UTC.
The date of an event is the UTC time at which it takes place. Dates The date of an event is the UTC time at which the event takes place.
are ephemeral values which always increase in step with reality and Dates are ephemeral values designated with upper case T. Running time
are designated with upper case T in this document. It is convenient is another timescale that is coincident to the synchronization
to define another timescale coincident with the running time of the function of the NTP program.
NTP program that provides the synchronization function. This is
convenient in order to determine intervals for the various repetitive
functions like poll events. Running time is designated with lower
case t.
A timestamp T(t) represents either the UTC date or time offset from A timestamp T(t) represents either the UTC date or time offset from
UTC at running time t. Which meaning is intended should be clear UTC at running time t. Which meaning is intended should be clear
from the context. Let T(t) be the time offset, R(t) the frequency from the context. Let T(t) be the time offset, R(t) the frequency
offset, D(t) the ageing rate (first derivative of R(t) with respect offset, D(t) the aging rate (first derivative of R(t) with respect to
to t). Then, if T(t_0) is the UTC time offset determined at t = t_0, t). Then, if T(t_0) is the UTC time offset determined at t = t_0,
the UTC time offset after some interval is the UTC time offset at time t is
T(t) = T(t_0) + R(t_0)(t-t_0) + 1/2 * D(t_0)(t-t_0)^2 + e,
T(t+t_0) = T(t_0) + R(t_0)(t+t_0) + 1/2 * D(t_0)(t+t_0)^2 + e,
where e is a stochastic error term discussed later in this document. where e is a stochastic error term discussed later in this document.
While the D(t) term is important when characterizing precision While the D(t) term is important when characterizing precision
oscillators, it is ordinarily neglected for computer oscillators. In oscillators, it is ordinarily neglected for computer oscillators. In
this document all time values are in seconds (s) and all frequency this document all time values are in seconds (s) and all frequency
values are in seconds-per-second (s/s). It is sometimes convenient values are in seconds-per-second (s/s). It is sometimes convenient
to express frequency offsets in parts-per-million (PPM), where 1 PPM to express frequency offsets in parts-per-million (PPM), where 1 PPM
is equal to 10^(-6) seconds. is equal to 10^(-6) seconds/second.
It is important in computer timekeeping applications to assess the It is important in computer timekeeping applications to assess the
performance of the timekeeping function. The NTP performance model performance of the timekeeping function. The NTP performance model
includes four statistics which are updated each time a client makes a includes four statistics which are updated each time a client makes a
measurement with a server. The offset (theta) represents the measurement with a server. The offset (theta) represents the
maximum-likelihood time offset of the server clock relative to the maximum-likelihood time offset of the server clock relative to the
system clock. The delay (delta) represents the round trip delay system clock. The delay (delta) represents the round trip delay
between the client and server. The dispersion (epsilon) represents between the client and server. The dispersion (epsilon) represents
the maximum error inherent in the measurement. It increases at a the maximum error inherent in the measurement. It increases at a
rate equal to the maximum disciplined system clock frequency rate equal to the maximum disciplined system clock frequency
skipping to change at page 11, line 7 skipping to change at page 10, line 45
each stratum level from the reference clock to produce the rootdelay each stratum level from the reference clock to produce the rootdelay
(DELTA) and root dispersion (EPSILON) statistics. The (DELTA) and root dispersion (EPSILON) statistics. The
synchronization distance (LAMBDA) equal to EPSILON + DELTA / 2 synchronization distance (LAMBDA) equal to EPSILON + DELTA / 2
represents the maximum error due all causes. The detailed represents the maximum error due all causes. The detailed
formulations of these statistics are given in Section 11.2. They are formulations of these statistics are given in Section 11.2. They are
available to the dependent applications in order to assess the available to the dependent applications in order to assess the
performance of the synchronization function. performance of the synchronization function.
5. Implementation Model 5. Implementation Model
Figure 3 shows the architecture of a typical, multiple-thread Figure 3 shows the architecture of a typical, multi-threaded
implementation. It includes two processes dedicated to each server, implementation. It includes two processes dedicated to each server,
a peer process to receive messages from the server or reference clock a peer process to receive messages from the server or reference clock
and a poll process to transmit messages to the server or reference and a poll process to transmit messages to the server or reference
clock. clock.
..................................................................... .....................................................................
. Remote . Peer/Poll . System . Clock . . Remote . Peer/Poll . System . Clock .
. Servers . Processes . Process .Discipline. . Servers . Processes . Process .Discipline.
. . . . Process . . . . . Process .
.+--------+. +-----------+. +------------+ . . .+--------+. +-----------+. +------------+ . .
skipping to change at page 11, line 46 skipping to change at page 11, line 38
....................^.........................................|...... ....................^.........................................|......
| . V . | . V .
| . +-----+ . | . +-----+ .
+--------------------------------------| VFO | . +--------------------------------------| VFO | .
. +-----+ . . +-----+ .
. Clock . . Clock .
. Adjust . . Adjust .
. Process . . Process .
............ ............
Figure 3: Implementatin Model Figure 3: Implementation Model
These processes operate on a common data structure, called an These processes operate on a common data structure, called an
association, which contains the statistics described above along with association, which contains the statistics described above along with
various other data described in Section 9. A client sends packets to various other data described in Section 9. A client sends packets to
one or more servers and processes the replies as received. The one or more servers and then processes returned packets when they are
server interchanges addresses and ports, overwrites certain fields in received. The server interchanges source and destination addresses
the packet and returns it immediately (client/server mode) or at some and ports, overwrites certain fields in the packet and returns it
time later (symmetric modes). As each NTP message is received, the immediately (in the client/server mode) or at some time later (in the
offset theta between the peer clock and the system clock is computed symmetric modes). As each NTP message is received, the offset theta
along with the associated statistics delta, epsilon and psi. between the peer clock and the system clock is computed along with
the associated statistics delta, epsilon and psi.
The system process includes the selection, cluster and combine The system process includes the selection, cluster and combine
algorithms which mitigate among the various servers and reference algorithms that mitigate among the various servers and reference
clocks to determine the most accurate and reliable candidates to clocks to determine the most accurate and reliable candidates to
synchronize the system clock. The selection algorithm uses Byzantine synchronize the system clock. The selection algorithm uses Byzantine
principles to discard the falsetickers from the incident population, principles to discard the presumably incorrect candidates called
leaving only truechimers. A truechimer is a clock that maintains "falsetickers" from the incident population, leaving only good
timekeeping accuracy to a previously published (and trusted) candidates called "truechimers". A truechimer is a clock that
maintains timekeeping accuracy to a previously published and trusted
standard, while a falseticker is a clock that shows misleading or standard, while a falseticker is a clock that shows misleading or
inconsistent time. The cluster algorithm uses statistical principles inconsistent time. The cluster algorithm uses statistical principles
to sift the most accurate truechimers leaving the survivors as to find the most accurate set of truechimers. The combine algorithm
result. The combine algorithm develops the final clock offset as a computes the final clock offset by statistically averaging the
statistical average of the survivors. surviving truechimers.
The clock discipline process, which is actually part of the system The clock discipline process is a system process that controls the
process, includes engineered algorithms to control the time and time and frequency of the system clock, here represented as a
frequency of the system clock, here represented as a variable variable frequency oscillator (VFO). Timestamps struck from the VFO
frequency oscillator (VFO). Timestamps struck from the VFO close the close the feedback loop which maintains the system clock time.
feedback loop which maintains the system clock time. Associated with Associated with the clock discipline process is the clock adjust
the clock discipline process is the clock adjust process, which runs process, which runs once each second to inject a computed time offset
once each second to inject a computed time offset and maintain and maintain constant frequency. The RMS average of past time offset
constant frequency. The RMS average of past time offset differences differences represents the nominal error or system clock jitter. The
represents the nominal error or system clock jitter. The RMS average RMS average of past frequency offset differences represents the
of past frequency offset differences represents the oscillator oscillator frequency stability or frequency wander. These terms are
frequency stability or frequency wander. These terms are given given precise interpretation in Section 11.2.
precise interpretation in Section 11.2.
A client sends messages to each server with a poll interval of 2^tau A client sends messages to each server with a poll interval of 2^tau
seconds, as determined by the poll exponent tau. In NTPv4, tau seconds, as determined by the poll exponent tau. In NTPv4, tau
ranges from 4 (16 s) through 17 (36 h). The value of tau is ranges from 4 (16 s) through 17 (36 h). The value of tau is
determined by the clock discipline algorithm to match the loop time determined by the clock discipline algorithm to match the loop time
constant T_c = 2^tau. In client/server mode the server responds constant T_c = 2^tau. In client/server mode the server responds
immediately; however, in symmetric modes each of two peers manages immediately; however, in symmetric modes each of two peers manages
tau as a function of current system offset and system jitter, so may tau as a function of current system offset and system jitter, so may
not agree with the same value. It is important that the dynamic not agree with the same value. It is important that the dynamic
behavior of the clock discipline algorithm be carefully controlled in behavior of the clock discipline algorithm be carefully controlled in
skipping to change at page 18, line 52 skipping to change at page 18, line 52
The most important state variables from an external point of view are The most important state variables from an external point of view are
the packet header variables described in Figure 8 and below. The NTP the packet header variables described in Figure 8 and below. The NTP
packet header consists of an integral number of 32-bit (4 octet) packet header consists of an integral number of 32-bit (4 octet)
words in network byte order. The packet format consists of three words in network byte order. The packet format consists of three
components, the header itself, one or more optional extension fields components, the header itself, one or more optional extension fields
and an optional message authentication code (MAC). The header and an optional message authentication code (MAC). The header
component is identical to the NTPv3 header and previous versions. component is identical to the NTPv3 header and previous versions.
The optional extension fields are used by the Autokey public key The optional extension fields are used by the Autokey public key
cryptographic algorithms described in [3]. The optional MAC is used cryptographic algorithms described in [3]. The optional MAC is used
by both Autokey and the symmetric key cryptographic algorithm by both Autokey and the symmetric key cryptographic algorithm
described in report. described in this report.
+-----------+------------+-----------------------+ +-----------+------------+-----------------------+
| Name | Formula | Description | | Name | Formula | Description |
+-----------+------------+-----------------------+ +-----------+------------+-----------------------+
| leap | leap | leap indicator (LI) | | leap | leap | leap indicator (LI) |
| version | version | version number (VN) | | version | version | version number (VN) |
| mode | mode | mode | | mode | mode | mode |
| stratum | stratum | stratum | | stratum | stratum | stratum |
| poll | poll | poll exponent | | poll | poll | poll exponent |
| precision | rho | precision exponent | | precision | rho | precision exponent |
skipping to change at page 26, line 33 skipping to change at page 26, line 33
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
. . . .
. Signature . . Signature .
. . . .
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| Padding (as needed) | | Padding (as needed) |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Figure 15: Extension Field Format Figure 15: Extension Field Format
All extension fields are zero-padded to a word (4 octets) boundary All extension fields are zero-padded to a word (4 octets) boundary.
and the last is padded to a 64-bit (8 octet) boundary. The Field The Field Type field is specific to the defined function and is not
Type field is specific to the defined function and is not elaborated elaborated here. While the minimum field length containing required
here. While the minimum field length containing required fields is 4 fields is 4 words (16 octets), a maximum field length remains to be
words (16 octets), a maximum field length remains to be established. established.
The Length field is a 16-bit integer which indicates the length of The Length field is a 16-bit integer which indicates the length of
the entire extension field in octets, including the Padding field. the entire extension field in octets, including the Padding field.
The 32-bit Association ID field is set by clients to the value The 32-bit Association ID field is set by clients to the value
previously received from the server or 0 otherwise. The server sets previously received from the server or 0 otherwise. The server sets
the Association ID field when sending a response as a handle for the Association ID field when sending a response as a handle for
subsequent exchanges. subsequent exchanges.
The Timestamp and Filestamp 32-bit fields carry the seconds field of The Timestamp and Filestamp 32-bit fields carry the seconds field of
an NTP timestamp. The Timestamp field establishes the signature an NTP timestamp. The Timestamp field establishes the signature
epoch of the data in the extension field, while the filestamp epoch of the data in the extension field, while the filestamp
establishes the generation epoch of the file that ultimately produced establishes the generation epoch of the file that ultimately produced
the data. the data.
The 32-bit Value Length field indicates the length of the Value field The 32-bit Value Length field indicates the length of the Value field
in octets. The minimum length of this field is 0, in which case the in octets. The minimum length of this field is 0, in which case the
Value field itself is omitted. Value field itself is omitted.
The 32-bit Signature Length field indicates the length of the The 32-bit Signature Length field indicates the length of the
Signature field in octets. The minimum length of this field is 0. Signature field in octets. The minimum length of this field is 0, in
In which case the Signature field itself is omitted. which case the Signature field itself is omitted.
If both the Value Length and Signature Length fields are 0, both of If both the Value Length and Signature Length fields are 0, both of
these words can be omitted, in which case the extension field has these words can be omitted, in which case the extension field has
length 4 words. length 4 words.
The presence of the MAC and extension fields in the packet is The presence of the MAC and extension fields in the packet is
determined from the length of the remaining area after the header to determined from the length of the remaining area after the header to
the end of the packet. The parser initializes a pointer just after the end of the packet. The parser initializes a pointer just after
the header. If the Length field is not a multiple of 4, a format the header. If the Length field is not a multiple of 4, a format
error has occurred and the packet is discarded. The following cases error has occurred and the packet is discarded. The following cases
skipping to change at page 30, line 27 skipping to change at page 30, line 27
performed in order to protect against duplicate or bogus packets. A performed in order to protect against duplicate or bogus packets. A
packet is a duplicate if the transmit timestamp T3 in the packet packet is a duplicate if the transmit timestamp T3 in the packet
matches the xmt state variable. A packet is bogus if the origin matches the xmt state variable. A packet is bogus if the origin
timestamp T1 in the packet does not match the org state variable. In timestamp T1 in the packet does not match the org state variable. In
either of these cases the state variables are updated, then the either of these cases the state variables are updated, then the
packet is discarded. packet is discarded.
The four most recent timestamps, T1 through T4, are used to compute The four most recent timestamps, T1 through T4, are used to compute
the offset of B relative to A the offset of B relative to A
theta = T(B) - T(A) = 1/2 * [(T2-T1) + (T4-T3)] theta = T(B) - T(A) = 1/2 * [(T2-T1) + (T3-T4)]
and the round trip delay and the round trip delay
delta = T(ABA) = (T4-T1) - (T3-T2). delta = T(ABA) = (T4-T1) - (T3-T2).
Note that the quantities within parentheses are computed from 64-bit Note that the quantities within parentheses are computed from 64-bit
unsigned timestamps and result in signed values with 63 significant unsigned timestamps and result in signed values with 63 significant
bits plus sign. These values can represent dates from 68 years in bits plus sign. These values can represent dates from 68 years in
the past to 68 years in the future. However, the offset and delay the past to 68 years in the future. However, the offset and delay
are computed as sums and differences of these values, which contain are computed as sums and differences of these values, which contain
skipping to change at page 31, line 21 skipping to change at page 31, line 21
The discussion above assumes the most general case where two The discussion above assumes the most general case where two
symmetric peers independently measure the offsets and delays between symmetric peers independently measure the offsets and delays between
them. In the case of a stateless server, the protocol can be them. In the case of a stateless server, the protocol can be
simplified. A stateless server copies T3 and T4 from the client simplified. A stateless server copies T3 and T4 from the client
packet to T1 and T2 of the server packet and tacks on the transmit packet to T1 and T2 of the server packet and tacks on the transmit
timestamp T3 before sending it to the client. Additional details for timestamp T3 before sending it to the client. Additional details for
filling in the remaining protocol fields are given in a Section 9 and filling in the remaining protocol fields are given in a Section 9 and
following sections and in the appendix. following sections and in the appendix.
Note that the on-wire protocol as described resists replay of a
server response packet. However, it does not resist replay of the
client request packet, which would result in a server reply packet
with new values of T2 and T3 and result in incorrect offset and
delay. This vulnerability can be avoided by setting the xmt state
variable to zero after computing the offset and delay.
9. Peer Process 9. Peer Process
The process descriptions to follow include a listing of the important The process descriptions to follow include a listing of the important
state variables followed by an overview of the process operations state variables followed by an overview of the process operations
implemented as routines. Frequent reference is made to the skeleton implemented as routines. Frequent reference is made to the skeleton
in the appendix. The skeleton includes C-language fragments that in the appendix. The skeleton includes C-language fragments that
describe the functions in more detail. It includes the parameters, describe the functions in more detail. It includes the parameters,
variables and declarations necessary for a conforming NTPv4 variables and declarations necessary for a conforming NTPv4
implementation. However, many additional variables and routines may implementation. However, many additional variables and routines may
be necessary in a working implementation. be necessary in a working implementation.
skipping to change at page 33, line 19 skipping to change at page 33, line 19
| disp | epsilon | dispersion | | disp | epsilon | dispersion |
| jitter | psi | jitter | | jitter | psi | jitter |
| filter | filter | clock filter | | filter | filter | clock filter |
| tp | t_p | filter time | | tp | t_p | filter time |
+--------+---------+-----------------+ +--------+---------+-----------------+
Figure 21: Peer Process Statistics Variables Figure 21: Peer Process Statistics Variables
The following configuration variables are normally initialized when The following configuration variables are normally initialized when
the association is mobilized, either from a configuration file or the association is mobilized, either from a configuration file or
upon arrival of the first packet for an unknown association. upon the arrival of the first packet for an unknown association.
srcaddr: IP address of the remote server or reference clock. This srcaddr: IP address of the remote server or reference clock. This
becomes the destination IP address in packets sent from this becomes the destination IP address in packets sent from this
association. association.
srcport: UDP port number of the server or reference clock. This srcport: UDP port number of the server or reference clock. This
becomes the destination port number in packets sent from this becomes the destination port number in packets sent from this
association. When operating in symmetric modes (1 and 2) this field association. When operating in symmetric modes (1 and 2) this field
must contain the NTP port number PORT (123) assigned by the IANA. In must contain the NTP port number PORT (123) assigned by the IANA. In
other modes it can contain any number consistent with local policy. other modes it can contain any number consistent with local policy.
skipping to change at page 33, line 44 skipping to change at page 33, line 44
dstport: UDP port number of the client, ordinarily the NTP port dstport: UDP port number of the client, ordinarily the NTP port
number PORT (123) assigned by the IANA. This becomes the source port number PORT (123) assigned by the IANA. This becomes the source port
number in packets sent from this association. number in packets sent from this association.
keyid: Symmetric key ID for the 128-bit MD5 key used to generate and keyid: Symmetric key ID for the 128-bit MD5 key used to generate and
verify the MAC. The client and server or peer can use different verify the MAC. The client and server or peer can use different
values, but they must map to the same key. values, but they must map to the same key.
The variables defined in Figure 19 are updated from the packet header The variables defined in Figure 19 are updated from the packet header
as each packet arrives. They are interpreted in the same way as the as each packet arrives. They are interpreted in the same way as the
packet variables of the same names. Note however, unlike the NTPv3 packet variables of the same names. It is convenient for later
design, the leap and stratum variables are never reset unless the processing to convert the NTP short format packet values r.rootdelay
association is reset, which happens only if the system time is and r.rootdisp to floating doubles as peer variables.
stepped. It is convenient for later processing to convert the NTP
short format packet values r.rootdelay and r.rootdisp to floating
doubles as peer variables.
The variables defined in Figure 20 include the timestamps exchanged The variables defined in Figure 20 include the timestamps exchanged
by the on-wire protocol in Section 8. The t variable is the seconds by the on-wire protocol in Section 8. The t variable is the seconds
counter c.t associated with these values. The c.t variable is counter c.t associated with these values. The c.t variable is
maintained by the clock adjust process described in Section 12. It maintained by the clock adjust process described in Section 12. It
counts the seconds since the service was started. The variables counts the seconds since the service was started. The variables
defined in Figure 21 include the statistics computed by the defined in Figure 21 include the statistics computed by the
clock_filter() routine described in Section 10. The tp variable is clock_filter() routine described in Section 10. The tp variable is
the seconds counter associated with these values. the seconds counter associated with these values.
skipping to change at page 37, line 31 skipping to change at page 37, line 31
| | not match the MAC. | | | not match the MAC. |
| 6 unsynchronized | The server is not synchronized to a | | 6 unsynchronized | The server is not synchronized to a |
| | valid source. | | | valid source. |
| 7 bad header data | One or more header fields are invalid. | | 7 bad header data | One or more header fields are invalid. |
+--------------------------+----------------------------------------+ +--------------------------+----------------------------------------+
Figure 24: Packet Error Checks Figure 24: Packet Error Checks
Processing continues in the packet() routine in Appendix A.5.1.1. It Processing continues in the packet() routine in Appendix A.5.1.1. It
copies the packet variables to the peer variables as shown in copies the packet variables to the peer variables as shown in
Figure 23 and the packet() routine in Appendix A.5.2">. The Figure 23 and the packet() routine in Appendix A.5.2". The receive()
receive() routine implements tests 1-5 in Figure 24; the packet() routine implements tests 1-5 in Figure 24; the packet() routine
routine implements tests 6-7. If errors are found the packet is implements tests 6-7. If errors are found the packet is discarded
discarded and the peer process exits. and the peer process exits.
The on-wire protocol calculates the clock offset theta and round trip The on-wire protocol calculates the clock offset theta and round trip
delay delta from the four most recent timestamps as described in delay delta from the four most recent timestamps as described in
Section 8. While it is in principle possible to do all calculations Section 8. While it is in principle possible to do all calculations
except the first-order timestamp differences in fixed-point except the first-order timestamp differences in fixed-point
arithmetic, it is much easier to convert the first-order differences arithmetic, it is much easier to convert the first-order differences
to floating doubles and do the remaining calculations in that to floating doubles and do the remaining calculations in that
arithmetic, and this will be assumed in the following description. arithmetic, and this will be assumed in the following description.
Next, the 8-bit p.reach shift register in the poll process described Next, the 8-bit p.reach shift register in the poll process described
skipping to change at page 39, line 12 skipping to change at page 39, line 12
If the three low order bits of the reach register are zero, If the three low order bits of the reach register are zero,
indicating three poll intervals have expired with no valid packets indicating three poll intervals have expired with no valid packets
received, the poll process calls the clock filter algorithm with a received, the poll process calls the clock filter algorithm with a
dummy tuple just as if the tuple had arrived from the network. If dummy tuple just as if the tuple had arrived from the network. If
this persists for eight poll intervals, the register returns to the this persists for eight poll intervals, the register returns to the
initial condition. initial condition.
In the next step the shift register stages are copied to a temporary In the next step the shift register stages are copied to a temporary
list and the list sorted by increasing delta. Let i index the stages list and the list sorted by increasing delta. Let i index the stages
starting with the lowest delta. If the first tuple epoch t_0 is not starting with the lowest delta. If the first tuple epoch t_0 is not
later than the last valid sample epoch p.t, the routine exits without later than the last valid sample epoch tp, the routine exits without
affecting the current peer variables. Otherwise, let epsilon_i be affecting the current peer variables. Otherwise, let epsilon_i be
the dispersion of the ith entry, then the dispersion of the ith entry, then
i=n-1 i=n-1
--- epsilon_i --- epsilon_i
capepsilon = \ ---------- epsilon = \ ----------
/ (i+1) / (i+1)
--- 2 --- 2
i=0 i=0
is the peer dispersion p.disp. Note the overload of epsilon, whether is the peer dispersion p.disp. Note the overload of epsilon, whether
input to the clock filter or output, the meaning should be clear from input to the clock filter or output, the meaning should be clear from
context. context.
The observer should note (a) if all stages contain the dummy tuple The observer should note (a) if all stages contain the dummy tuple
with dispersion MAXDISP, the computed dispersion is a little less with dispersion MAXDISP, the computed dispersion is a little less
than 16 s, (b) each time a valid tuple is shifted into the register, than 16 s, (b) each time a valid tuple is shifted into the register,
the dispersion drops by a little less than half, depending on the the dispersion drops by a little less than half, depending on the
valid tuples dispersion, (c) after the fourth valid packet the valid tuples dispersion, (c) after the fourth valid packet the
dispersion is usually a little less than 1 s, which is the assumed dispersion is usually a little less than 1 s, which is the assumed
value of the MAXDIST parameter used by the selection algorithm to value of the MAXDIST parameter used by the selection algorithm to
determine whether the peer variables are acceptable or not. determine whether the peer variables are acceptable or not.
Let the first stage offset in the sorted list be theta_0; then, for Let the first stage offset in the sorted list be theta_0; then, for
the other stages in any order, the jitter is the RMS average the other stages in any order, the jitter is the RMS average
+----- -----+ +----- -----+^1/2
| 1/2 | | n-1 |
| +----- -----+ | | --- |
| | n-1 | | 1 | \ 2 |
| | --- | | psi = -------- * | / (theta_0-theta_j) |
| 1 | \ 2 | | (n-1) | --- |
psi = | -------- * | / (theta_0-theta_j) | | | j=1 |
| (n-1) | --- | |
| | j=1 | |
| +----- -----+ |
| |
+----- -----+ +----- -----+
where n is the number of valid tuples in the filter (n > 1). In where n is the number of valid tuples in the filter (n > 1). In
order to insure consistency and avoid divide exceptions in other order to insure consistency and avoid divide exceptions in other
computations, the psi is bounded from below by the system precision computations, the psi is bounded from below by the system precision
s.rho expressed in seconds. While not in general considered a major s.rho expressed in seconds. While not in general considered a major
factor in ranking server quality, jitter is a valuable indicator of factor in ranking server quality, jitter is a valuable indicator of
fundamental timekeeping performance and network congestion state. Of fundamental timekeeping performance and network congestion state. Of
particular importance to the mitigation algorithms is the peer particular importance to the mitigation algorithms is the peer
synchronization distance, which is computed from the delay and synchronization distance, which is computed from the delay and
skipping to change at page 40, line 21 skipping to change at page 40, line 17
lambda = (delta / 2) + epsilon. lambda = (delta / 2) + epsilon.
Note that epsilon and therefore lambda increase at rate PHI. The Note that epsilon and therefore lambda increase at rate PHI. The
lambda is not a state variable, since lambda is recalculated at each lambda is not a state variable, since lambda is recalculated at each
use. It is a component of the root synchronization distance used by use. It is a component of the root synchronization distance used by
the mitigation algorithms as a metric to evaluate the quality of time the mitigation algorithms as a metric to evaluate the quality of time
available from each server. available from each server.
It is important to note that, unlike NTPv3, NTPv4 associations do not It is important to note that, unlike NTPv3, NTPv4 associations do not
show a timeout condition by setting the stratum peer variable to 16. show a timeout condition by setting the stratum to 16 and leap
In NTPv4 lambda increases with time, so eventually the indicator to 3. The association variables retain the values
synchronization distance exceeds the distance threshold MAXDIST, in determined upon arrival of the last packet. In NTPv4 lambda
which case the association is considered unfit for synchronization. increases with time, so eventually the synchronization distance
exceeds the distance threshold MAXDIST, in which case the association
is considered unfit for synchronization.
11. System Process 11. System Process
As each new sample (theta, delta, epsilon, jitter, t) is produced by As each new sample (theta, delta, epsilon, jitter, t) is produced by
the clock filter algorithm, all peer processes are scanned by the the clock filter algorithm, all peer processes are scanned by the
mitigation algorithms consisting of the selection, cluster, combine mitigation algorithms consisting of the selection, cluster, combine
and clock discipline algorithms in the system process. The selection and clock discipline algorithms in the system process. The selection
algorithm scans all associations and casts off the falsetickers, algorithm scans all associations and casts off the falsetickers,
which have demonstrably incorrect time, leaving the truechimers as which have demonstrably incorrect time, leaving the truechimers as
result. In a series of rounds the cluster algorithm discards the result. In a series of rounds the cluster algorithm discards the
skipping to change at page 41, line 18 skipping to change at page 41, line 17
+-----------+------------+------------------------+ +-----------+------------+------------------------+
| t | t | update time | | t | t | update time |
| p | p | system peer identifier | | p | p | system peer identifier |
| leap | leap | leap indicator | | leap | leap | leap indicator |
| stratum | stratum | stratum | | stratum | stratum | stratum |
| precision | rho | precision | | precision | rho | precision |
| offset | THETA | combined offset | | offset | THETA | combined offset |
| jitter | PSI | combined jitter | | jitter | PSI | combined jitter |
| rootdelay | DELTA | root delay | | rootdelay | DELTA | root delay |
| rootdisp | EPSILON | root dispersion | | rootdisp | EPSILON | root dispersion |
| v | v | survivor list |
| refid | refid | reference ID | | refid | refid | reference ID |
| reftime | reftime | reference time | | reftime | reftime | reference time |
| NMIN | 3 | minimum survivors | | NMIN | 3 | minimum survivors |
| CMIN | 1 | minimum candidates | | CMIN | 1 | minimum candidates |
+-----------+------------+------------------------+ +-----------+------------+------------------------+
Figure 27: System Process Variables Figure 27: System Process Variables
Except for the t, p, offset and jitter variables and the NMIN and Except for the t, p, offset and jitter variables and the NMIN and
CMIN constants, the variables have the same format and interpretation CMIN constants, the variables have the same format and interpretation
skipping to change at page 43, line 39 skipping to change at page 43, line 39
| | Cluster Algorithm | | | Cluster Algorithm |
| +-------------------+ | +-------------------+
| | | |
| V | V
V yes +-------------------+ V yes +-------------------+
|<------------| n < CMIN? | |<------------| n < CMIN? |
| +-------------------+ | +-------------------+
V | V |
+-----------------+ V no +-----------------+ V no
| s.p = NULL | +-------------------+ | s.p = NULL | +-------------------+
+-----------------+ | s.p = vo.p | +-----------------+ | s.p = v_0.p |
| +-------------------+ | +-------------------+
V | V |
+-----------------+ V +-----------------+ V
| return (UNSYNC) | +-------------------+ | return (UNSYNC) | +-------------------+
+-----------------+ | return (SYNC) | +-----------------+ | return (SYNC) |
+-------------------+ +-------------------+
Figure 28: clock_select() Routine Figure 28: clock_select() Routine
11.2.1. Selection Algorithm 11.2.1. Selection Algorithm
skipping to change at page 45, line 27 skipping to change at page 45, line 27
less than CMIN, there are insufficient candidates to discipline the less than CMIN, there are insufficient candidates to discipline the
system clock. CMIN defines the minimum number of servers consistent system clock. CMIN defines the minimum number of servers consistent
with the correctness requirements. Suspicious operators would set with the correctness requirements. Suspicious operators would set
CMIN to insure multiple redundant servers are available for the CMIN to insure multiple redundant servers are available for the
algorithms to mitigate properly. However, for historic reasons the algorithms to mitigate properly. However, for historic reasons the
default value for CMIN is one. default value for CMIN is one.
11.2.2. Cluster Algorithm 11.2.2. Cluster Algorithm
The candidates of the majority clique are placed on the survivor list The candidates of the majority clique are placed on the survivor list
in the form of tuples (p, theta_p, psi_p, lambda_p), where p is an v in the form of tuples (p, theta_p, psi_p, lambda_p), where p is an
association identifier, theta_p, psi_p, and stratum_p the current association identifier, theta_p, psi_p, and stratum_p the current
offset, jitter and stratum of association p, respectively, and offset, jitter and stratum of association p, respectively, and
lambda_p is a merit factor equal to stratum_p * MAXDIST + lambda, lambda_p is a merit factor equal to stratum_p * MAXDIST + lambda,
where lambda is the root synchronization distance for association p. where lambda is the root synchronization distance for association p.
The list is processed by the cluster algorithm below and the second The list is processed by the cluster algorithm below and the second
half of the clock_select() algorithm in Appendix A.5.5.1. half of the clock_select() algorithm in Appendix A.5.5.1.
1. Let (p, theta_p, psi_p, lambda_p) represent a survivor candidate. 1. Let (p, theta_p, psi_p, lambda_p) represent a survivor candidate.
2. Sort the candidates by increasing lambda_p. Let n be the number 2. Sort the candidates by increasing lambda_p. Let n be the number
of candidates and NMIN the minimum required number of survivors. of candidates and NMIN the minimum required number of survivors.
3. For each candidate compute the selection jitter psi_s: 3. For each candidate compute the selection jitter psi_s:
1/2
+----- -----+ +----- -----+^1/2
| n-1 | | n-1 |
| --- | | --- |
1 | \ 2 | | 1 \ 2 |
psi_s = ---- * | / (theta_s - theta_j) | psi_s = | ---- * / (theta_s - theta_j) |
n-1 | --- | | n-1 --- |
| j=1 | | j=1 |
+----- -----+ +----- -----+
4. Select psi_max as the candidate with maximum psi_s. 4. Select psi_max as the candidate with maximum psi_s.
5. Select psi_min as the candidate with minimum psi_p. 5. Select psi_min as the candidate with minimum psi_p.
6. Is psi_max < psi_min or n <= NMIN? If yes, follow step 6A; 6. Is psi_max < psi_min or n <= NMIN? If yes, follow step 6A;
otherwise, follow step 6B. otherwise, follow step 6B.
skipping to change at page 46, line 42 skipping to change at page 46, line 42
THETA and system peer jitter PSI_p, where each server statistic is THETA and system peer jitter PSI_p, where each server statistic is
weighted by the reciprocal of the root synchronization distance and weighted by the reciprocal of the root synchronization distance and
the result normalized. the result normalized.
The combined THETA is passed to the clock_update() routine in The combined THETA is passed to the clock_update() routine in
Appendix A.5.5.4. The first candidate on the survivor list is Appendix A.5.5.4. The first candidate on the survivor list is
nominated as the system peer with identifier p. The system peer nominated as the system peer with identifier p. The system peer
jitter PSI_p is a component of the system jitter PSI. It is used jitter PSI_p is a component of the system jitter PSI. It is used
along with the selection jitter PSI_s to produce the system jitter: along with the selection jitter PSI_s to produce the system jitter:
PSI = [(PSI_s)^2 + (PSI_p)^2] PSI = [(PSI_s)^2 + (PSI_p)^2]^1/2
Each time an update is received from the system peer, the Each time an update is received from the system peer, the
clock_update() routine in Appendix A.5.5.4 is called. By rule, an clock_update() routine in Appendix A.5.5.4 is called. By rule, an
update is discarded if its time of arrival p.t is not strictly later update is discarded if its time of arrival p.t is not strictly later
than the last update used s.t. The labels IGNOR, PANIC, ADJ and STEP than the last update used s.t. The labels IGNOR, PANIC, ADJ and STEP
refer to return codes from the local_clock() routine described in the refer to return codes from the local_clock() routine described in the
next section. next section.
IGNORE means the update has been ignored as an outlyer. PANIC means IGNORE means the update has been ignored as an outlyer. PANIC means
the offset is greater than the panic threshold PANICT (1000 s) and the offset is greater than the panic threshold PANICT (1000 s) and
SHOULD cause the program to exit with a diagnostic message to the SHOULD cause the program to exit with a diagnostic message to the
system log. STEP means the offset is less than the panic threshold, system log. STEP means the offset is less than the panic threshold,
but greater than the step threshold STEPT (125 ms). Since this means but greater than the step threshold STEPT (125 ms). In this case the
all peer data have been invalidated, all associations MUST be reset clock is stepped to the correct offset, but since this means all peer
and the client begins as at initial start. data have been invalidated, all associations MUST be reset and the
client begins as at initial start.
ADJ means the offset is less than the step threshold and thus a valid ADJ means the offset is less than the step threshold and thus a valid
update. In this case the system variables are updated from the peer update. In this case the system variables are updated from the peer
variables as shown in Figure 30. variables as shown in Figure 30.
+-------------------------------------------+ +-------------------------------------------+
| System Variable <-- System Peer Variable | | | System Variable <-- System Peer Variable | |
+-------------------------------------------+ +-------------------------------------------+
| s.leap <-- p.leap | | s.leap <-- p.leap |
| s.stratum <-- p.stratum + 1 | | s.stratum <-- p.stratum + 1 |
skipping to change at page 50, line 39 skipping to change at page 50, line 39
The discipline is implemented by the local_clock() routine, which is The discipline is implemented by the local_clock() routine, which is
called from the clock_update() routine. The local_clock() routine in called from the clock_update() routine. The local_clock() routine in
Appendix A.5.5.6 has two parts; the first implements the clock state Appendix A.5.5.6 has two parts; the first implements the clock state
machine and the second determines the time constant and thus the poll machine and the second determines the time constant and thus the poll
interval. interval.
The local_clock() routine exits immediately if the offset is greater The local_clock() routine exits immediately if the offset is greater
than the panic threshold PANICT (1000 s). The state transition than the panic threshold PANICT (1000 s). The state transition
function is implemented by the rstclock() function in function is implemented by the rstclock() function in
Appendix A.5.5.7. Figure 33 shows the state transition function used Appendix A.5.5.7. Figure 33 shows the state transition function used
bu this routine. It has four columns showing respectively the state by this routine. It has four columns showing respectively the state
name, predicate and action if the offset theta is less than the step name, predicate and action if the offset theta is less than the step
threshold, the predicate and actions otherwise, and finally some threshold, the predicate and actions otherwise, and finally some
comments. comments.
+-------+---------------------+-------------------+--------------+ +-------+---------------------+-------------------+--------------+
| State | theta < STEP | theta > STEP | Comments | | State | theta < STEP | theta > STEP | Comments |
+-------+---------------------+-------------------+--------------+ +-------+---------------------+-------------------+--------------+
| NSET | ->FREQ | ->FREQ | no frequency | | NSET | ->FREQ | ->FREQ | no frequency |
| | adjust time | step time | file | | | adjust time | step time | file |
+-------+---------------------+-------------------+--------------+ +-------+---------------------+-------------------+--------------+
skipping to change at page 52, line 8 skipping to change at page 52, line 8
times the clock jitter, the hysteresis counter hyster is reduced by times the clock jitter, the hysteresis counter hyster is reduced by
two; otherwise, it is increased by one. If hyster increases to the two; otherwise, it is increased by one. If hyster increases to the
upper limit LIMIT (30), tau is increased by one; if it decreases to upper limit LIMIT (30), tau is increased by one; if it decreases to
the lower limit -LIMIT (-30), tau is decreased by one. Normally, tau the lower limit -LIMIT (-30), tau is decreased by one. Normally, tau
hovers near MAXPOLL, but quickly decreases if a temperature spike hovers near MAXPOLL, but quickly decreases if a temperature spike
causes a frequency surge. causes a frequency surge.
12. Clock Adjust Process 12. Clock Adjust Process
The actual clock adjustment is performed by the clock_adjust() The actual clock adjustment is performed by the clock_adjust()
routine in Appendix Appendix A.5.6.1. It runs at one-second routine in Appendix A.5.6.1. It runs at one-second intervals to add
intervals to add the frequency correction and a fixed percentage of the frequency correction and a fixed percentage of the residual
the residual offset theta_r. The theta_r is in effect the offset theta_r. The theta_r is in effect the exponential decay of
exponential decay of the theta value produced by the loop filter at the theta value produced by the loop filter at each update. The TC
each update. The TC parameter scales the time constant to match the parameter scales the time constant to match the poll interval for
poll interval for convenience. Note that the dispersion EPSILON convenience. Note that the dispersion EPSILON increases by PHI at
increases by PHI at each second. each second.
The clock adjust process includes a timer interrupt facility driving The clock adjust process includes a timer interrupt facility driving
the seconds counter c.t. It begins at zero when the service starts the seconds counter c.t. It begins at zero when the service starts
and increments once each second. At each interrupt the and increments once each second. At each interrupt the
clock_adjust() routine is called to incorporate the clock discipline clock_adjust() routine is called to incorporate the clock discipline
time and frequency adjustments, then the associations are scanned to time and frequency adjustments, then the associations are scanned to
determine if the seconds counter equals or exceeds the p.next state determine if the seconds counter equals or exceeds the p.next state
variable defined in the next section. If so, the poll process is variable defined in the next section. If so, the poll process is
called to send a packet and compute the next p.next value. called to send a packet and compute the next p.next value.
skipping to change at page 53, line 19 skipping to change at page 53, line 19
| last | last | last poll time | | last | last | last poll time |
| next | next | next poll time | | next | next | next poll time |
| reach | reach | reach register | | reach | reach | reach register |
| unreach | unreach | unreach counter | | unreach | unreach | unreach counter |
| UNREACH | 24 | unreach limit | | UNREACH | 24 | unreach limit |
| BCOUNT | 8 | burst count | | BCOUNT | 8 | burst count |
| BURST | flag | burst enable | | BURST | flag | burst enable |
| IBURST | flag | iburst enable | | IBURST | flag | iburst enable |
+---------+---------+--------------------+ +---------+---------+--------------------+
Figure 34: Poll Process Variables Figure 34: Poll Process Variables and Parameters
The poll process variables are allocated in the association data The poll process variables are allocated in the association data
structure along with the peer process variables. Following is a structure along with the peer process variables. Following is a
detailed description of the variables. The parameters will be called detailed description of the variables. The parameters will be called
out in the following text. out in the following text.
hpoll: signed integer representing the poll exponent, in log2 seconds hpoll: signed integer representing the poll exponent, in log2 seconds
last: integer representing the seconds counter when the most recent last: integer representing the seconds counter when the most recent
packet was sent packet was sent
skipping to change at page 54, line 38 skipping to change at page 54, line 38
increases until reaching BEACON, when it starts over from the increases until reaching BEACON, when it starts over from the
beginning. beginning.
The poll() routine includes a feature that backs off the poll The poll() routine includes a feature that backs off the poll
interval if the server becomes unreachable. If reach is nonzero, the interval if the server becomes unreachable. If reach is nonzero, the
server is reachable and unreach is set to zero; otherwise, unreach is server is reachable and unreach is set to zero; otherwise, unreach is
incremented by one for each poll to the maximum UNREACH. Thereafter incremented by one for each poll to the maximum UNREACH. Thereafter
for each poll hpoll is increased by one, which doubles the poll for each poll hpoll is increased by one, which doubles the poll
interval up to the maximum MAXPOLL determined by the poll_update() interval up to the maximum MAXPOLL determined by the poll_update()
routine. When the server again becomes reachable, unreach is set to routine. When the server again becomes reachable, unreach is set to
zero, hpoll is reset to the t.c system variable and operation resumes zero, hpoll is reset to the tc system variable and operation resumes
normally. normally.
A packet is sent by the xmit_packet() routine in Appendix A.3. Some A packet is sent by the xmit_packet() routine in Appendix A.3. Some
header values are copied from the peer variables left by a previous header values are copied from the peer variables left by a previous
packet and others from the system variables. Figure 35 shows which packet and others from the system variables. Figure 35 shows which
values are copied to each header field. In those implementations values are copied to each header field. In those implementations
using floating double data types for root delay and root dispersion, using floating double data types for root delay and root dispersion,
these must be converted to NTP short format. All other fields are these must be converted to NTP short format. All other fields are
either copied intact from peer and system variables or struck as a either copied intact from peer and system variables or struck as a
timestamp from the system clock. timestamp from the system clock.
skipping to change at page 56, line 31 skipping to change at page 56, line 31
16. Acknowledgements 16. Acknowledgements
The editors would like to thank Karen O'Donoghue, Brian Haberman, The editors would like to thank Karen O'Donoghue, Brian Haberman,
Greg Dowd, Mark Elliot, and Harlan Stenn for technical reviews of Greg Dowd, Mark Elliot, and Harlan Stenn for technical reviews of
this document. this document.
17. Informative References 17. Informative References
[1] Mills, D., "Network Time Protocol (Version 3) Specification, [1] Mills, D., "Network Time Protocol (Version 3) Specification,
Implementation and Analysis", RFC 1305, Current Status DRAFT Implementation", RFC 1305, March 1992.
STANDARD, March 1992.
[2] Mills, D., "Simple Network Time Protocol (SNTP) Version 4 for [2] Mills, D., "Simple Network Time Protocol (SNTP) Version 4 for
IPv4, IPv6 and OSI", RFC 4330, draft-mills-sntp-v4-01 (work in IPv4, IPv6 and OSI", RFC 4330, January 2006.
progress), Current Status INFORMATIONAL, January 2006.
[3] Mills, D.L., "The Autokey security architecture, protocol and [3] Mills, D.L., "The Autokey security architecture, protocol and
algorithms. Electrical and Computer Engineering Technical algorithms. Electrical and Computer Engineering Technical
Report 06-1-1", NDSS , January 2006. Report 06-1-1", NDSS , January 2006.
[4] Mills, D.L., Electrical and Computer Engineering Technical [4] Mills, D.L., Electrical and Computer Engineering Technical
Report 06-6-1, NDSS, June 2006., "Network Time Protocol Version Report 06-6-1, NDSS, June 2006., "Network Time Protocol Version
4 Reference and Implementation Guide.", 2006. 4 Reference and Implementation Guide.", 2006.
[5] Mills, D.L., "Computer Network Time Synchronization - the [5] Mills, D.L., "Computer Network Time Synchronization - the
Network Time Protocol. CRC Press, 304pp.", 2006. Network Time Protocol. CRC Press, 304pp.", 2006.
[6] Bradner, S., "Key words for use in RFCs to Indicate Requirement [6] Bradner, S., "Key words for use in RFCs to Indicate Requirement
Levels", BCP 14, RFC 2119, Current Status BEST CURRENT Levels", BCP 14, RFC 2119, March 1997.
PRACTICE, March 1997.
[7] Postel, J., "Internet Protocol", STD 5, RFC 791, Updated [7] Postel, J., "Internet Protocol", STD 5, RFC 791,
by RFC1349, Current Status STANDARD, September 1981. September 1981.
[8] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, [8] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321,
Current Status INFORMATIONAL, April 1992. April 1992.
[9] Marzullo and S. Owicki, "Maintaining the time in a distributed [9] Marzullo and S. Owicki, "Maintaining the time in a distributed
system.", ACM Operating Systems Review 19 , July 1985. system.", ACM Operating Systems Review 19 , July 1985.
[10] Bellovin, S. and E. Rescorla, Proceedings of the 13th annual [10] Bellovin, S. and E. Rescorla, Proceedings of the 13th annual
ISOC Network and Distributed System Security Symposium, ISOC Network and Distributed System Security Symposium,
"Deploying a new Hash Algorithm", February 2006. "Deploying a new Hash Algorithm", February 2006.
[11] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA [11] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA
Considerations Section in RFCs", BCP 26, RFC 2434, Updated Considerations Section in RFCs", BCP 26, RFC 2434,
by RFC3692, Current Status BEST CURRENT PRACTICE, October 1998. October 1998.
Appendix A. Code Skeleton Appendix A. Code Skeleton
This appendix is intended to describe the protocol and algorithms of This appendix is intended to describe the protocol and algorithms of
an implementation in a general way using what is called a code an implementation in a general way using what is called a code
skeleton program. This consists of a set of definitions, structures skeleton program. This consists of a set of definitions, structures
and code fragments which illustrate the protocol operations without and code fragments which illustrate the protocol operations without
the complexities of an actual implementation of the protocol. This the complexities of an actual implementation of the protocol. This
program is not an executable and is not designed to run in the program is not an executable and is not designed to run in the
ordinary sense. It is designed to be compiled only in order to ordinary sense. It is designed to be compiled only in order to
 End of changes. 70 change blocks. 
243 lines changed or deleted 237 lines changed or added

This html diff was produced by rfcdiff 1.33. The latest version is available from http://tools.ietf.org/tools/rfcdiff/