Clock synchronization

This guide covers various ways to ensure that your edge assets, i.e., your edge nodes and edge applications, keep accurate time. We’ll cover a few options, but we’ll focus on best practice: using the Network Time Protocol (NTP) for clock synchronization.

Clock synchronization refers to the processes your edge assets can use to update their internal clocks to match the times of reliable external sources of truth. Without clock synchronization, your edge assets’ clocks will naturally “drift” out of sync with what is generally considered to be accurate.

To use NTP, you need to designate NTP servers for your edge assets to synchronize with. NTP servers are equipped with high precision timekeeping devices, such as GPS or atomic clocks. 

The following sections cover:

  • Edge nodes with NTP
  • Edge application options
  • Keeping time when your edge nodes are offline

Prerequisites

You should be familiar with edge nodes and edge apps.

Edge nodes

EVE-OS uses an embedded NTP client (chrony) to synchronize its clock with NTP servers. This task is essential for your edge nodes for the following reasons:

  • Certificates: Upon first boot, an edge node will generate device certificates. They must have valid timestamps.
  • Logging: EVE-OS generates logs using its node’s local clock. Accurate timestamps depend on an accurate clock.
  • Edge applications: If an edge application doesn’t have its own clock synchronization method, it can depend on EVE-OS’s system clock.

NTP server options

EVE-OS comes with an embedded NTP Client , which begins working upon system boot. You just need to tell it how to use NTP servers.

EVE-OS supports various methods for specifying NTP servers:

  1. DHCP Server: An external DHCP server may provide one or more NTP server addresses.
  2. Network Configuration: You can specify DHCP “manual” mode when you create a network object to use static IP addressing to designate an NTP server address. (Note: Using FDQNs is not supported.)
  3. Default: If no NTP server is provided by the above methods, EVE-OS will default to using pool.ntp.org. Based on DNS load-balancing, a set of nearby NTP servers will be used. 

After you assign NTP servers to an edge node, you can monitor the status and performance of those servers through the ZEDEDA GUI.

If the edge node is deployed behind a firewall, ensure that NTP traffic is allowed through. (NTP communicates over UDP port 123.)

Best practice

It’s best-practice to assign 4 NTP servers to each of your edge nodes, giving your nodes redundancy, and enabling them to choose the best results, based on various factors, such as stratum level, variation, latency, loss, etc.

If an edge node has multiple network interfaces with NTP server information (static or obtained via DHCP), EVE-OS will use them all.

Edge applications

Edge apps often need an accurate clock. They may, for example, need to keep logs or validate certificates.

You can keep your edge apps’ clocks synchronized in a few ways:

  • Embedded NTP client (recommended)
  • kvm-clock
  • IEEE 1588 Precision Time Protocol (PTP)

Embedded NTP client

Edge apps may each have their own NTP client to synchronize with external NTP servers.

Note: When configuring a Network Instance of type ‘local’, you can specify an NTP server address. This NTP server will not be used by EVE-OS as a time source. Instead, it will be used in the DHCP offer to any application instances connected to the network instance, allowing control over which NTP server the application may use. The DHCP offer will include the configured NTP server (if any) along with any NTP server information associated with the physical port(s) connected to the network instance. 

kvm-clock

When using KVM-clock, the edge application captures the time-of-day at application boot time and uses a virtualized hardware clock source to maintain it. This approach may result in clock drift over time, though operating systems often attempt to compensate for this (for example, using the high-precision HPET counter to adjust TSC frequency).

VM edge apps need to include driver support for KVM clock to do this. 

IEEE 1588 Precision Time Protocol (PTP) 

IEEE 1588 is a protocol for high-precision clock synchronization. EVE-OS supports a virtual PTP clock (for x86_64 devices) that can be exposed to edge apps, enabling apps to synchronize their clocks with the edge node clock.

Frequent time-of-day clock adjustments are performed between the edge node and edge app. This minimizes the dependency on an accurate frequency source inside the application and typically provides better overall performance.

A client program, such as the chrony daemon, is required.

For containers, EVE-OS enables the chrony daemon automatically when the following environment variable is set: EVE_ENABLE_CHRONY=1.

For VM applications, the chrony daemon must be installed and configured to sync the guest's clock with the corresponding PTP device. The kernel must also support the virtual PTP device driver.

Offline time-keeping

When your edge nodes don’t have network connectivity, they can’t synchronize with NTP servers. Neither can your edge apps.

You can, however, still ensure that your edge nodes and apps are keeping internally consistent time.

Edge nodes

When an edge node loses network connectivity, its clock becomes free-running, meaning that it uses a hardware frequency to keep time instead of an NTP server.

Hardware platforms typically offer different frequency sources such as Time Stamp Counter (TSC), High Precision Event Timer (HPET), or ACPI_PM (a reliable hardware timer counter defined by  the ACPI standard).

Note that these sources provide different levels of accuracy and stability.

For example, some hardware platforms have known issues related to their TSC counter, such as reporting wrong frequencies, presenting some instability, or getting the counter reset by BIOS while in some power save mode.

Check if your edge nodes’ hardware has any known issue regarding TSC.

Edge applications

When an edge application can’t synchronize with an external source, it should synchronize with its edge node. it can synchronize with the host clock using either KVM-clock or a virtual PTP source.

Next steps

Take a look at our guide to monitoring the status and performance of your edge nodes' NTP servers.

Was this article helpful?
0 out of 0 found this helpful