BT

InfoQ Homepage News Cloudflare Releases Free Time Service That Supports NTP and NTS

Cloudflare Releases Free Time Service That Supports NTP and NTS

Bookmarks

Cloudflare have released time.cloudflare.com, their free time service that supports both NTP (Network Time Protocol) and the emerging NTS (Network Time Security). NTP is an Internet protocol for synchronizing time between remote computer systems. Cloudflare's new service provides NTP services over their anycast network of over 180 locations worldwide.

To begin using Cloudflare's NTP service, you need to repoint your NTP client to time.cloudflare.com. While most NTP implementations are still adding support for NTS, Cloudflare's NTP server already support NTS. If you have an NTS client you can point it at time.cloudflare.com:1234. Cloudflare currently has interoperability with NTPsec which includes experimental support for NTS. Note that Cloudflare requires the use TLS v1.3 with their NTS service.

NTP was designed to synchronize time between remote computer systems communicating over unreliable, variable-latency networks. NTP works by having the client send a query packet out to an NTP server that responds with its current clock time. The requesting computer then calculates an estimate of the difference between its clock and the remote NTP server's clock. This allows the system to compensate for network delay. NTP clients query multiple servers and have algorithms to select the best estimates for this skew.

NTP architecture

Diagram illustrating syncing time using NTP server (credit: Cloudflare)
 

According to Aanchal Malhotra, a graduate research assistant at Boston University, at the time of NTP's creation in 1985 there were two main design goals for the service: robustness and load distribution. The team wanted the system to be robust enough to handle networking errors and other failures. To accomplish this, the system was designed such that the client can gather samples from multiple peers over different network paths and then average them to improve the accuracy of the measurements.

Regarding the second goal of load distribution, Malhotra notes

While every client would like to talk to time servers which are directly attached to high precision time-keeping devices like atomic clocks, GPS, etc, and thus have more accurate time, the capacity of those devices is only so much.

To ease the load on the network, the service was designed hierarchically. The top of the hierarchy (Stratum 0) are servers connected to non-NTP time sources which distribute time to other servers. Those servers in turn distribute time to more servers in lower layers. Most systems connect to either the second or third stratums.

NTP time stratum diagram

Architectural drawing illustrating NTP hierarchically structure (credit: Cloudflare)
 

Cloudflare's service synchronizes with Stratum 1 time service providers and then distributes that to their consumers. This is similar to how other public NTP providers function. As Malhotra notes, Cloudflare "intends to solve the limitations with the existing public time services, in particular by increasing availability, robustness and security."

To tackle availability and robustness, Cloudflare leverages their global network of over 180 locations coupled with their anycast network to route packets to the closest server. This in turn should reduce the jitter (the variance in latency on a network) and potential asymmetry affecting the packet transfer. Malhotra continues to state that "The biggest source of inaccuracy for time synchronization protocols is the network asymmetry, leading to a difference in travel times between the client and server and back from the server to the client."

Cloudflare's NTP and NTS services are available to use now. However, NTS is still an emerging protocol, so interested readers are encouraged to reach out to time-services@cloudflare.com to join Cloudflare's mailing list for updates on the NTS client implementation. More details on configuration are available in the developer docs.

Rate this Article

Adoption
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

BT

Is your profile up-to-date? Please take a moment to review and update.

Note: If updating/changing your email, a validation request will be sent

Company name:
Company role:
Company size:
Country/Zone:
State/Province/Region:
You will be sent an email to validate the new email address. This pop-up will close itself in a few moments.