用NTP網絡時間協議同步你的IT系統

NTP協議全稱網絡時間協議（Network Time Procotol）。它的目的是在國際互聯網上傳遞統一、標準的時間。具體的實現方案是在網絡上指定若干時鐘源網站，爲用戶提供授時服務，並且這些網站間應該能夠相互比對，提高準確度。

NTP 最早是由美國Delaware大學的Mills教授設計實現的，從1982件最初提出到現在已發展了將近20年，2001年最新的NTPv4精確度已經達到了200毫秒。對於實際應用，又有確保秒級精度的SNTP（簡單的網絡時間協議）。

NTP是一個跨越廣域網或局域網的複雜的同步時間協議，它通常可獲得毫秒級的精度。RFC2030[Mills 1996]描述了SNTP（Simple Network Time Protocol），目的是爲了那些不需要完整NTP實現複雜性的主機，它是NTP的一個子集。通常讓局域網上的若干臺主機通過因特網與其他的NTP主機同步時鐘，接着再向局域網內其他客戶端提供時間同步服務。

NTP協 議是OSI參考模型的高層協議，符合UDP傳輸協議格式，擁有專用端口123。

隨着時間的推移， 計算機的時鐘會傾向於漂移。 網絡時間協議 (NTP) 是一種確保您的時鐘保持準確的方法。它爲路由器、交換機、工作站和服務器之間提供了一種時間同步的機制。所以NTP Server經常應用於一些有時間同步要求的IT系統環境中。

[size=large][color=blue][b]一、服務端設置[/b][/color][/size]

Mac OS X Server似乎默認就有了，只說一下Linux下如何設置。
在Ubuntu Linux中應用NTP Server非常方便：
[b]1. 安裝[/b]
[code]
sudo apt-get install ntp
[/code]

[b]2. 配置[/b]
配置文件是/etc/ntp.conf

a. 找到server一項，添加你喜歡的Time Server
[code]
server time.asia.apple.com iburst dynamic
[/code]
b. 設置權限，我的所有restrict條目如下
[code]
restrict -4 default kod notrap nomodify nopeer noquery
restrict -6 default kod notrap nomodify nopeer noquery

# Local users may interrogate the ntp server more closely.
restrict 127.0.0.1
restrict ::1

# Clients from this (example!) subnet have unlimited access, but only if
# cryptographically authenticated.
#restrict 192.168.123.0 mask 255.255.255.0 notrust
restrict 192.168.0.0 mask 255.255.255.0
[/code]

[b]3. 重啓ntp服務器[/b]
/etc/init.d/ntp restart

[b]4. 查看服務器是否工作正常[/b]
在服務器運行
[code]
ntpq -p
[/code]

[size=large][color=green][b]二、工作站同步[/b][/color][/size]

好了，測試一下吧，假設你的新服務器IP地址爲192.168.0.7。在客戶端運行如下命令：
ntpdate -u 192.168.0.7

同步成功後，將會顯示如下：
6 Mar 15:44:24 ntpdate[9921]: adjust time server 192.168.0.7 offset -0.007277 sec

[size=large][color=olive][b]三、交換機同步[/b][/color][/size]

Cisco IOS
[code]
ciscorouter> enable
password: *********
ciscorouter# config t
ciscorouter(config)# ntp update-calendar
ciscorouter(config)# ntp server 192.168.0.4
ciscorouter(config)# ntp server 192.168.0.7
ciscorouter(config)# exit
ciscorouter# wr mem
[/code]

Dell 6248
[code]
dell6248-corner>en
dell6248-corner#configure
dell6248-corner(config)#sntp server 192.168.0.7
dell6248-corner(config)#
[/code]

[size=large][color=darkblue][b]四、一些常見的時間服務器[/b][/color][/size]

210.72.145.44 ── (國家授時中心服務器IP地址)
133.100.11.8 ── 日本 福岡大學
time-a.nist.gov 129.6.15.28 ── NIST, Gaithersburg, Maryland
time-b.nist.gov 129.6.15.29 ── NIST, Gaithersburg, Maryland
time-a.timefreq.bldrdoc.gov 132.163.4.101 ── NIST, Boulder, Colorado
time-b.timefreq.bldrdoc.gov 132.163.4.102 ── NIST, Boulder, Colorado
time-c.timefreq.bldrdoc.gov 132.163.4.103 ── NIST, Boulder, Colorado
utcnist.colorado.edu 128.138.140.44 ── University of Colorado, Boulder
time.nist.gov 192.43.244.18 ── NCAR, Boulder, Colorado
time-nw.nist.gov 131.107.1.10 ── Microsoft, Redmond, Washington
nist1.symmetricom.com 69.25.96.13 ── Symmetricom, San Jose, California
nist1-dc.glassey.com 216.200.93.8 ── Abovenet, Virginia
nist1-ny.glassey.com 208.184.49.9 ── Abovenet, New York City
nist1-sj.glassey.com 207.126.98.204 ── Abovenet, San Jose, California
nist1.aol-ca.truetime.com 207.200.81.113 ── TrueTime, AOL facility, Sunnyvale, California
nist1.aol-va.truetime.com 64.236.96.53 ── TrueTime, AOL facility, Virginia


[color=indigo][size=large][b]五、使用Python腳本來獲取時間[/b][/size][/color]

[code]
#!/usr/bin/python
from socket import *
import struct,os,time,sys

# Script to set Linux hardware clock (/usr/sbin/hwclock) from an NTP
# time server. Run as "setclock.py" to simply print the time from
# the NTP server. Run as "setclock.py --set" to set the Linux
# hardware clock (as the super user, of course).

# Based on Simon Foster's simple SNTP client from ASPN Python cookbook.
# Adapted by Paul Rubin; this script lives at:
# http://www.nightsong.com/phr/python/setclock.py

time_server = ('time.apple.com', 123)
# time.apple.com is a stratum 2 time server. (123 is the SNTP port number).
# More servers info can be found at
#
# http://www.eecis.udel.edu/~mills/ntp/servers.htm
#
# Note it's considered antisocial to use a stratum 1 server (like NIST)
# for purposes like this which don't need extreme accuracy (i.e. syncing
# your own big NTP network). See www.ntp.org for more info.
#
# You could also use time.windows.com (Microsoft server) which syncs
# all Windows XP machines everywhere, so it can presumably handle lots
# of clients.

# number of seconds between NTP epoch (1900) and Unix epoch (1970).
TIME1970 = 2208988800L # Thanks to F.Lundh

client = socket( AF_INET, SOCK_DGRAM )
data = '\x1b' + 47 * '\0'
client.sendto(data, time_server)
data, address = client.recvfrom( 1024 )
if data:
print 'Response received from', address,'\n'
t = struct.unpack( '!12I', data )[10]
if t == 0:
raise 'invalid response'
ct = time.ctime(t - TIME1970)
print 'Current time = %s\n' % ct
if len(sys.argv) > 1 and sys.argv[1] == "--set":
os.system("/usr/sbin/hwclock --set '--date=%s'"% ct)
else:
raise 'no data returned'

[/code]

上面這個腳本原址在這裏，http://www.nightsong.com/phr/python/setclock.py。使用方式如下：
$ python setclock.py
Response received from ('17.151.16.23', 123)

Current time = Fri Mar 6 16:03:19 2009