9 .Nd Network Time Protocol (NTP) daemon
18 .Op Fl r Ar broadcastdelay
26 utility is an operating system daemon which sets
27 and maintains the system time of day in synchronism with Internet
28 standard time servers.
29 It is a complete implementation of the
30 Network Time Protocol (NTP) version 4, but also retains
31 compatibility with version 3, as defined by RFC-1305, and version 1
32 and 2, as defined by RFC-1059 and RFC-1119, respectively.
36 utility does most computations in 64-bit floating point
37 arithmetic and does relatively clumsy 64-bit fixed point operations
38 only when necessary to preserve the ultimate precision, about 232
40 While the ultimate precision is not achievable with
41 ordinary workstations and networks of today, it may be required
42 with future gigahertz CPU clocks and gigabit LANs.
48 configuration file at startup time in order to determine the
49 synchronization sources and operating modes.
50 It is also possible to
51 specify a working, although limited, configuration entirely on the
52 command line, obviating the need for a configuration file.
54 be particularly useful when the local host is to be configured as a
55 broadcast/multicast client, with all peers being determined by
56 listening to broadcasts at run time.
58 If NetInfo support is built into
62 will attempt to read its configuration from the
63 NetInfo if the default
65 file cannot be read and no file is
72 variables can be displayed and
73 configuration options altered while the
84 starts it looks at the value of
92 The following options are available:
93 .Bl -tag -width indent
95 Require cryptographic authentication for broadcast client,
96 multicast client and symmetric passive associations.
99 Do not require cryptographic authentication for broadcast client,
100 multicast client and symmetric passive associations.
101 This is almost never a good idea.
103 Enable the client to synchronize to broadcast servers.
105 Specify the name and path of the configuration file, default
108 Specify debugging mode.
109 This option may occur more than once,
110 with each occurrence indicating greater detail of display.
112 Specify debugging level directly.
113 .It Fl f Ar driftfile
114 Specify the name and path of the frequency file, default
116 This is the same operation as the
117 .Ic driftfile Ar driftfile
118 configuration command.
122 exits with a message to the system log if the offset exceeds
123 the panic threshold, which is 1000 s by default.
124 This option allows thetime to be set to any value without restriction;
125 however, this can happen only once.
126 If the threshold is exceeded after that,
128 will exit with a message to the system log.
129 This option can be used with the
136 command for other options.
138 Specify the name and path of the symmetric key file, default
140 This is the same operation as the
142 configuration command.
144 Specify the name and path of the log file.
145 The default is the system log file.
146 This is the same operation as the
147 .Ic logfile Ar logfile
148 configuration command.
150 Do not listen to virtual IPs.
151 The default is to listen.
153 Enable the client to synchronize to multicast servers at the IPv4 multicast
154 group address 224.0.1.1.
158 To the extent permitted by the operating system, run the
160 at the highest priority.
162 Specify the name and path of the file used to record the
165 This is the same operation as the
166 .Ic pidfile Ar pidfile
167 configuration command.
169 To the extent permitted by the operating system, run the
171 at the specified priority.
175 just after the first time the clock is
177 This behavior mimics that of the
180 which is to be retired.
186 be used with this option.
187 Note: The kernel time discipline is disabled with this option.
188 .It Fl r Ar broadcastdelay
189 Specify the default propagation delay from the
190 broadcast/multicast server to this client.
192 only if the delay cannot be computed automatically by the
195 Specify the directory path for files created by the statistics
197 This is the same operation as the
198 .Ic statsdir Ar statsdir
199 configuration command.
201 Add a key number to the trusted key list.
202 This option can occur more than once.
205 Add a system variable listed by default.
207 Normally, the time is slewed if the offset is less than the
208 step threshold, which is 128 ms by default, and stepped if above
210 This option sets the threshold to 600 s,
211 which is well within the accuracy window to set the clock manually.
212 Note: Since the slew rate of typical Unix kernels is limited to 0.5 ms/s,
213 each second of adjustment requires an amortization interval of 2000 s.
214 Thus, an adjustment as much as 600 s will take almost 14 days to complete.
215 This option can be used with the
222 command for other options.
223 Note: The kernel time discipline is disabled with this option.
225 .Ss "How NTP Operates"
228 utility operates by exchanging messages with
229 one or more configured servers at designated poll intervals.
231 started, whether for the first or subsequent times, the program
232 requires several exchanges from the majority of these servers so
233 the signal processing and mitigation algorithms can accumulate and
234 groom the data and set the clock.
235 In order to protect the network
236 from bursts, the initial poll interval for each server is delayed
237 an interval randomized over a few seconds.
238 At the default initial poll
239 interval of 64s, several minutes can elapse before the clock is
241 The initial delay to set the clock can be reduced using the
246 command, as described in
249 Most operating systems and hardware of today incorporate a
250 time-of-year (TOY) chip to maintain the time during periods when
252 When the machine is booted, the chip is used to
253 initialize the operating system time.
254 After the machine has
255 synchronized to a NTP server, the operating system corrects the
256 chip from time to time.
257 In case there is no TOY chip or for some
258 reason its time is more than 1000s from the server time,
260 assumes something must be terribly wrong and the only
261 reliable action is for the operator to intervene and set the clock
265 to exit with a panic message to
269 option overrides this check and the
270 clock will be set to the server time regardless of the chip time.
271 However, and to protect against broken hardware, such as when the
272 CMOS battery fails or the clock counter becomes defective, once the
273 clock has been set, an error greater than 1000s will cause
277 Under ordinary conditions,
280 small steps so that the timescale is effectively continuous and
281 without discontinuities.
282 Under conditions of extreme network
283 congestion, the roundtrip delay jitter can exceed three seconds and
284 the synchronization distance, which is equal to one-half the
285 roundtrip delay plus error budget terms, can become very large.
288 algorithms discard sample offsets exceeding 128 ms,
289 unless the interval during which no sample offset is less than 128
291 The first sample after that, no matter what the
292 offset, steps the clock to the indicated time.
294 reduces the false alarm rate where the clock is stepped in error to
295 a vanishingly low incidence.
297 As the result of this behavior, once the clock has been set, it
298 very rarely strays more than 128 ms, even under extreme cases of
299 network path congestion and jitter.
300 Sometimes, in particular when
302 is first started, the error might exceed 128 ms.
304 may on occasion cause the clock to be set backwards if the local
305 clock time is more than 128 s in the future relative to the server.
306 In some applications, this behavior may be unacceptable.
309 option is included on the command line, the clock will
310 never be stepped and only slew corrections will be used.
312 The issues should be carefully explored before deciding to use
316 The maximum slew rate possible is limited
317 to 500 parts-per-million (PPM) as a consequence of the correctness
318 principles on which the NTP protocol and algorithm design are
320 As a result, the local clock can take a long time to
321 converge to an acceptable offset, about 2,000 s for each second the
322 clock is outside the acceptable range.
323 During this interval the
324 local clock will not be consistent with any other network clock and
325 the system cannot be used for distributed applications that require
326 correctly synchronized network time.
328 In spite of the above precautions, sometimes when large
329 frequency errors are present the resulting time offsets stray
330 outside the 128-ms range and an eventual step or slew time
331 correction is required.
332 If following such a correction the
333 frequency error is so large that the first sample is outside the
336 enters the same state as when the
339 The intent of this behavior
340 is to quickly correct the frequency and restore operation to the
341 normal tracking mode.
342 In the most extreme cases
345 comes to mind), there may be occasional
346 step/slew corrections and subsequent frequency corrections.
348 helps in these cases to use the
351 configuring the server.
352 .Ss "Frequency Discipline"
355 behavior at startup depends on whether the
356 frequency file, usually
360 contains the latest estimate of clock frequency error.
363 is started and the file does not exist, the
365 enters a special mode designed to quickly adapt to
366 the particular system clock oscillator time and frequency error.
367 This takes approximately 15 minutes, after which the time and
368 frequency are set to nominal values and the
371 normal mode, where the time and frequency are continuously tracked
372 relative to the server.
373 After one hour the frequency file is
374 created and the current frequency offset written to it.
377 is started and the file does exist, the
379 frequency is initialized from the file and enters normal mode
381 After that the current frequency offset is written to
382 the file at hourly intervals.
383 .Ss "Operating Modes"
386 utility can operate in any of several modes, including
387 symmetric active/passive, client/server broadcast/multicast and
388 manycast, as described in the
389 .Qq Association Management
391 (available as part of the HTML documentation
393 .Pa /usr/share/doc/ntp ) .
394 It normally operates continuously while
395 monitoring for small changes in frequency and trimming the clock
396 for the ultimate precision.
397 However, it can operate in a one-time
398 mode where the time is set from an external server and frequency is
399 set from a previously recorded frequency file.
401 broadcast/multicast or manycast client can discover remote servers,
402 compute server-client propagation delay correction factors and
403 configure itself automatically.
404 This makes it possible to deploy a
405 fleet of workstations without specifying configuration details
406 specific to the local environment.
410 runs in continuous mode where each of
411 possibly several external servers is polled at intervals determined
412 by an intricate state machine.
413 The state machine measures the
414 incidental roundtrip delay jitter and oscillator frequency wander
415 and determines the best poll interval using a heuristic algorithm.
416 Ordinarily, and in most operating environments, the state machine
417 will start with 64s intervals and eventually increase in steps to
419 A small amount of random variation is introduced in order to
420 avoid bunching at the servers.
421 In addition, should a server become
422 unreachable for some time, the poll interval is increased in steps
423 to 1024s in order to reduce network overhead.
425 In some cases it may not be practical for
429 A common workaround has been to run the
435 However, this program does not have the crafted signal
436 processing, error checking and mitigation algorithms of
440 option is intended for this purpose.
441 Setting this option will cause
444 setting the clock for the first time.
445 The procedure for initially
446 setting the clock is the same as in continuous mode; most
447 applications will probably want to specify the
451 configuration command.
453 keyword a volley of messages are exchanged to groom the data and
454 the clock is set in about 10 s.
455 If nothing is heard after a
456 couple of minutes, the daemon times out and exits.
458 period of mourning, the
463 When kernel support is available to discipline the clock
464 frequency, which is the case for stock Solaris, Tru64, Linux and
466 a useful feature is available to discipline the clock
470 is run in continuous mode with
471 selected servers in order to measure and record the intrinsic clock
472 frequency offset in the frequency file.
473 It may take some hours for
474 the frequency and offset to settle down.
478 stopped and run in one-time mode as required.
480 frequency is read from the file and initializes the kernel
482 .Ss "Poll Interval Control"
483 This version of NTP includes an intricate state machine to
484 reduce the network load while maintaining a quality of
485 synchronization consistent with the observed jitter and wander.
486 There are a number of ways to tailor the operation in order enhance
487 accuracy by reducing the interval or to reduce network overhead by
489 However, the user is advised to carefully consider
490 the consequences of changing the poll adjustment range from the
491 default minimum of 64 s to the default maximum of 1,024 s.
493 default minimum can be changed with the
496 command to a value not less than 16 s.
497 This value is used for all
498 configured associations, unless overridden by the
500 option on the configuration command.
501 Note that most device drivers
502 will not operate properly if the poll interval is less than 64 s
503 and that the broadcast server and manycast client associations will
504 also use the default, unless overridden.
506 In some cases involving dial up or toll services, it may be
507 useful to increase the minimum interval to a few tens of minutes
508 and maximum interval to a day or so.
509 Under normal operation
510 conditions, once the clock discipline loop has stabilized the
511 interval will be increased in steps from the minimum to the
513 However, this assumes the intrinsic clock frequency error
514 is small enough for the discipline loop correct it.
516 range of the loop is 500 PPM at an interval of 64s decreasing by a
517 factor of two for each doubling of interval.
518 At a minimum of 1,024
519 s, for example, the capture range is only 31 PPM.
521 error is greater than this, the drift file
524 have to be specially tailored to reduce the residual error below
526 Once this is done, the drift file is automatically
527 updated once per hour and is available to initialize the frequency
528 on subsequent daemon restarts.
529 .Ss "The huff-n'-puff Filter"
530 In scenarios where a considerable amount of data are to be
531 downloaded or uploaded over telephone modems, timekeeping quality
532 can be seriously degraded.
533 This occurs because the differential
534 delays on the two directions of transmission can be quite large.
536 many cases the apparent time errors are so large as to exceed the
537 step threshold and a step correction can occur during and after the
538 data transfer is in progress.
540 The huff-n'-puff filter is designed to correct the apparent time
541 offset in these cases.
542 It depends on knowledge of the propagation
543 delay when no other traffic is present.
544 In common scenarios this
545 occurs during other than work hours.
546 The filter maintains a shift
547 register that remembers the minimum delay over the most recent
548 interval measured usually in hours.
549 Under conditions of severe
550 delay, the filter corrects the apparent offset using the sign of
551 the offset and the difference between the apparent delay and
553 The name of the filter reflects the negative (huff)
554 and positive (puff) correction, which depends on the sign of the
557 The filter is activated by the
561 keyword, as described in
564 .Bl -tag -width /etc/ntp.drift -compact
566 the default name of the configuration file
567 .It Pa /etc/ntp.drift
568 the default name of the drift file
570 the default name of the key file
578 In addition to the manual pages provided,
579 comprehensive documentation is available on the world wide web
581 .Li http://www.ntp.org/ .
582 A snapshot of this documentation is available in HTML format in
583 .Pa /usr/share/doc/ntp .
586 .%T Network Time Protocol (Version 1)
591 .%T Network Time Protocol (Version 2)
596 .%T Network Time Protocol (Version 3)
602 utility has gotten rather fat.
603 While not huge, it has gotten
604 larger than might be desirable for an elevated-priority
606 running on a workstation, particularly since many of
607 the fancy features which consume the space were designed more with
608 a busy primary server, rather than a high stratum workstation in