Network Time Protocol (NTP) Overview

Updated

Introduction

Network Time Protocol (NTP) is used to synchronize the clocks of various devices distributed across your networks. NTP is generally important because it ensures consistent and accurate timekeeping across all your devices, which might otherwise drift out of sync. For ZEDEDA, NTP is crucial for maintaining synchronized time between ZEDEDA Cloud interfaces and across your globally distributed edge nodes, enabling reliable data processing, secure device management, consistent application performance, and logging in real-time edge environments.

This article covers how EVE-OS maintains clock synchronization.

Prerequisites

You should be familiar with edge nodes and edge apps.

NTP in EVE-OS

EVE-OS maintains clock synchronization through an embedded NTP Client, which begins synchronizing the system clock from boot time. This synchronization is critical for several reasons:

  • Certificate Generation: On the first boot, device certificates are generated. A synchronized clock ensures these certificates have valid timestamps.
  • Accurate Logging: EVE-OS generates logs using the local clock. Synchronizing the clock guarantees that these logs have accurate timestamps.
  • Time Availability for Applications: EVE-OS provides its synchronized local clock to edge applications, both containers and VMs, which might lack their own time synchronization mechanisms such as an embedded NTP client.

NTP Server Selection

EVE-OS supports various methods for obtaining NTP servers:

  • DHCP Server: An external Dynamic Host Configuration Protocol (DHCP) server may provide one or more NTP server addresses as part of the DHCP process.
  • Network Configuration: When using static IP addressing through the use of DHCP mode ‘manual’ in the Network configuration, an NTP server address can be provided.
  • Default: If no NTP server is provided by the above methods, EVE-OS will default to contacting ‘pool.ntp.org’. Based on DNS load-balancing, a set of nearby NTP servers will be used.

Edge Node - NTP Server Options.gif

It is considered a best-practice to have 4 NTP servers. This enables comparison of clock sources and an assessment of their (relative) performance. If the edge node has multiple network interfaces with NTP server information (static or obtained via DHCP), EVE-OS will use all the provided NTP servers as potential clock sources.

If the edge node is deployed behind a firewall, ensure that NTP traffic is allowed through. NTP communicates over UDP port 123.

Note: When configuring a Network Instance of type ‘local’, you can specify an NTP server address. This NTP server will not be used by EVE-OS as a time source. Instead, it will be used in the DHCP offer to any application instances connected to the network instance, allowing control over which NTP server the application may use. The DHCP offer will include the configured NTP server (if any) along with any NTP server information associated with the physical ports connected to the network instance.

Providing Clock Synchronization to Edge Applications

In many use cases, edge applications (VMs, containers) have a need for accurate clock information. This can be for logging, certificate validation, or other scenarios. Depending on the use case, there might be a need for Time-of-Day (ToD) and/or frequency synchronization. 

Edge applications have various options to acquire ToD information:

  • Embedded NTP client
  • KVM-Clock
  • IEEE 1588 Precision Time Protocol (PTP)

Edge App - NTP Server Options.gif

Embedded NTP client

Applications might include their own NTP client to synchronize to external NTP sources. Applications might rely on receiving NTP server information through DHCP. When using Network Instances of type ‘Local’, NTP server information can be relayed to the application as part of the DHCP process.

KVM-clock

The kvm-clock is a paravirtual driver enabling the edge node to share its clock with edge applications. By ensuring the edge node is synchronized using NTP, applications do not need an embedded NTP client but can rely on the kvm-clock. The application needs to include driver support for KVM-clock to take advantage of this capability.

IEEE 1588 precision time protocol (PTP) 

IEEE standard 1588 defines a protocol for high precision clock synchronization throughout a computer network. EVE-OS supports a virtual PTP clock (for x86_64) that can be exposed to guests enabling the guest to synchronize its clock with the (NTP synchronized) edge node clock. A client program, such as the chrony daemon, is required in order to synchronize the system's clock with the virtual PTP device.

EVE-OS enables the chrony daemon automatically for containers when the environment variable EVE_ENABLE_CHRONY=1 is defined. For VM applications, the chrony daemon must be installed and configured to sync the guest's clock with the device /dev/ptp0 or /dev/ptp_kvm. The kernel must also support the virtual PTP device driver.

Clock Accuracy Considerations

When your edge nodes don’t have network connectivity, they can’t synchronize with NTP servers. Neither can your edge apps.

You can, however, still ensure that your edge nodes and apps are keeping internally consistent time.

Free running clock performance

Edge nodes might not have permanent network connectivity. In case connectivity is interrupted, the clock becomes ‘free-running’. During such an event, the node relies on an internal hardware frequency source to maintain the current time without any external NTP corrections to compensate for drift. Hardware platforms typically offer different frequency sources such as Time Stamp Counter (TSC), High Precision Event Timer (HPET) or ACPI_PM, a reliable hardware timer counter defined by the ACPI standard. These sources provide different levels of accuracy and stability. For example, certain platforms have shown TSC performance impact as a function of BIOS power-saving settings.

Application synchronization approach

If the application does not include an NTP client, KVM-clock or a virtual PTP source can be used to synchronize the workload to the host clock. When using KVM-clock, the edge application captures the ToD at application boot time and uses a virtualized hardware clock source to maintain it. This approach may result in clock drift over time, though operating systems often attempt to compensate for this (for example, using the high-precision HPET counter to adjust TSC frequency).

When PTP is used, frequent ToD clock adjustments are performed between the host and edge application. This minimizes the dependency on an accurate frequency source inside the application and typically provides better overall performance.

References

See Clock Synchronization in eve-os.readthedocs. 

Next Steps

  1. Create a Network and configure NTP
  2. Monitor an Edge Node's NTP Servers
Was this article helpful?
2 out of 2 found this helpful