In this blog, we are going to discuss NTP working mechanism. NTP stands for Network Time Protocol and was introduced by David Mills in 1985. It is a layer 7 protocol that uses UDP port number 123. In today’s scenario, it plays a keen role to provide an identical time to all the networking devices through the NTP server. The purpose of NTP is to synchronize the clocks of an NTP server.


What Are The Aspects Related To NTP

Utility: In this section, we will understand the use of NTP. As we know, time stamps are used everywhere in today’s scenario. For example, Log files are required in the banking sector to record when the transaction has happened. Also, the Airline Industry, Networking devices, and many more are required time stamps.

Packet Flow: In this section, we will understand what kind of packets are exchanged. There is two-way communication. By one, we get a Server and by another one, we get a Client.

Packet Flow

i)  Packet Sent
  ——> Client sends the request with its timestamp
<——- Server return the packet with 3 timestamps:
– Echo of client time stamp
– when did the server receive the packet? 
– when did the server send the response?
ii) Client estimate the offset between him and the server.
iii) Client can have many servers, but the client will choose only one NTP server to sync the time and then minimize the offset and skew with feedback logs.

What Are The Network Uses Of NTP

 As per the estimate, there are thousands and thousands of NTP Servers and thousands and thousands of NTP clients. So how much traffic they are generating over the internet?

– Pair of very small packets at every 64-1024 seconds for each server.
– As per the latest estimate, only 0.0.1% of world traffic on the Internet is of NTP (less than 5 GB per day).

NTP with RHEL 7
– The latest version of NTP is v4.
– The speed of communication between NTP Client and NTP Server will be 8 times more if the “burst” keyword is used.

How Does Network Time Protocol (NTP) Work?


In this section, we will know how NTP works. It is based on “Marzullo’s “algorithm. This algorithm is used only by high strata servers to get accurate time using several sources. But normally, a normal client on a normal day will use only one server. NTP timestamps are used in seconds.

A time stamp is actually 64-bit in size in which 32-bit is for a number of seconds and another 32-bit is for fraction of seconds.

So, what we have learned is that when a client initiates a packet, as we have mentioned above, the client sends the request with the time stamp. So, he is sending his time stamp which is calculated in a number of seconds, and which is 64-bit in size.

Now, why we use NTP? We are using the NTP because we think our time is not the correct time. So, it means, we consider our time as the wrong time and server time as the true time.

Because the client has got the wrong time, he needs to recalculate or adjust his timing as per the response given by the NTP server.

The Following Steps Are Involved

– Client sends the request at the “wrong time” (Lets say T1= 100 sec).

– Because of Internet Connectivity, the Server gets the request at “true time” (Let say T2=150 sec).

– Server might be busy, so it doesn’t send out the response until “true time” (Let say T3=160 sec)

– Again, the server sends the response and because of Internet connectivity, the client will get the response at the “wrong time” (Let say T4- 120 sec).

– Client determines the time speed on the network as below:

=> T4-T1 – (T3-T2)
=> 120-100 – (160-150) = 10 seconds.

Now, the client assumes that the time it took for the response to get from server to client is:
=> 10/2 = 5 seconds.  (Since it is two-way communication)

Hence, the client will add that time to the “true” time when the server sent the response to estimate that it received the response at “true” time.
i.e., 160 +5 => 165 seconds The client now knows that he needs to add 45 seconds to his clock. Because, the client has received the response at 120 seconds, but the time he has got is 165 seconds. So if we subtract the time at which the client received the response from the server and the estimated time
I.e. 165-120 => 45 seconds
So there is a difference of 45 seconds between server time and client time and the client will add 45 seconds to its clock. It is how the NTP time is calculated.

Drift File

Now, we will understand a bit about the Drift file. Drift means “deviation” and why it happens? It happens, when our hardware clock is either fast or slow compared to the reference clock (NTP Server).In this article, we have learned about the NTP working mechanism. We hope, we are very much clear about NTP time synchronization between the NTP server and the Client. We understood, how time stamp plays a key role for updating our logs, record with respect to the correct time. We also understood, how the client determines his hardware time clock to the NTP server using “Marzullo’s algorithm”.   

The detailed explanation of the drift file along with the NTP authentication process will be explained in the next blog as we have only covered the working of NTP in this blog.

Zindagi Technologies is the expert solution provider in Campus LAN solutions for different corporate and enterprise networks. This is when NTP has shown its key role for time synchronization with all respective networking devices from a centralized NTP server that helped to record Syslog information with the correct time. If you feel that you need help or expert advice, then drop us a hello and let us connect or you can also give us a call on +919773973971.

Sani Singh
Consultant – Enterprise Networking