1
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
4
<meta name="generator" content="HTML Tidy, see www.w3.org">
5
<title>NTP Version 4 Release Notes</title>
8
<h3>NTP Version 4 Release Notes</h3>
10
<img align="left" src="pic/hornraba.gif" alt="gif"><a href=
11
"http://www.eecis.udel.edu/~mills/pictures.htm">from <i>Alice's
12
Adventures in Wonderland</i>, Lewis Carroll</a>
14
<p>The rabbit toots to make sure you read this.<br clear="left">
18
<p>This document was last updated 4 May 2001</p>
20
<h4>NTP Version 4 Release Notes</h4>
22
<p>This release of the NTP Version 4 (NTPv4) daemon for Unix, VMS
23
and Windows (NT4 and 2000) incorporates new features and
24
refinements to the NTP Version 3 (NTPv3) algorithms. However, it
25
continues the tradition of retaining backwards compatibility with
26
older versions, except for symmetric mode in NTPv1. Client/server
27
mode continues to be supported in NTPv1. The NTPv4 version has been
28
under development for quite a while and isn't finished yet. In
29
fact, quite a number of NTPv4 features have already been
30
retrofitted in the current NTPv3, although this version is not
31
actively maintained by the NTPv4 developer's group.</p>
33
<p>The primary purpose of this release is to verify the remaining
34
new code compiles and runs in the various architectures, operating
35
systems and hardware complement that can't be verified here. Of
36
particular interest are Windows 2000, VMS and various reference
37
clock drivers. As always, corrections and bugfixes are warmly
38
received, especially in the form of context diffs.</p>
40
<p>This note summarizes the differences between this software
41
release of NTPv4, called ntp-4.x.x, and the previous NTPv3 version,
42
called xntp3-5.x.x. Additional information on protocol
43
compatibility details is in the <a href="biblio.htm">Protocol
44
Conformance Statement</a> page.</p>
48
<p>Most calculations are now done using 64-bit floating double
49
format, rather than 64-bit fixed point format. The motivation for
50
this is to reduce size, improve speed and avoid messy bounds
51
checking. Workstations of today are much faster than when the
52
original NTP version was designed in the early 1980s, and it is
53
rare to find a processor architecture that does not support
54
floating double. The fixed point format is still used with raw
55
timestamps, in order to retain the full precision of about 212
56
picoseconds. However, the algorithms which process raw timestamps
57
all produce fixed point differences before converting to floating
58
double. The differences are ordinarily quite small so can be
59
expressed without loss of accuracy in this format.</p>
63
<p>The clock discipline algorithm has been redesigned to improve
64
accuracy, reduce the impact of network jitter and allow an increase
65
in poll intervals to well over one day with only moderate sacrifice
66
in accuracy. The NTPv4 design allows servers to increase the poll
67
intervals even when synchronized directly to the peer. In NTPv3 the
68
poll interval in such cases was clamped to the minimum, usually 64
69
s. For those servers with hundreds of clients, the new design can
70
dramatically reduce the network load.</p>
74
<p>This release includes support for the <a href=
75
"http://www.eecis.udel.edu/~mills/resource.htm"><i>
76
nanokernel</i></a> precision time kernel support, which is now in
77
stock Linux and FreeBSD kernels. If a precision time source such as
78
a GPS timing receiver or cesium clock is available, kernel
79
timekeeping can be improved to the order less than one microsecond.
80
The older precision time kernel for the Alpha continues to be
85
<p>This release includes support for Autokey public-key
86
cryptography, which is the preferred scheme for authenticating
87
servers to clients. It uses NTP header extensions fields documented
88
in: Mills, D.L. Public-Key cryptography for the Network Time
89
Protocol. Internet Draft draft-ietf-stime-ntpauth-00.txt,
90
University of Delaware, June 2000, 36 pp. <a href=
91
"http://www.eecis.udel.edu/~mills/database/memos/draft-ietf-stime-ntpauth-00.txt">
92
ASCII</a> and implemented in this release. The design provides for
93
orderly key refreshment and does not require public keys and
94
related media to be copied from one machine to another. Specific
95
information about Autokey cryptography is contained in the <a href=
96
"authopt.htm">Authentication Options</a> page and links from
101
<p>NTPv4 includes two new association modes which in most
102
applications can avoid per-host configuration altogether. Both of
103
these are based on IP multicast technology and Autokey
104
cryptography. They provide for automatic discovery and
105
configuration of servers and clients without identifying servers or
106
clients in advance. In multicast mode a server sends a message at
107
fixed intervals using specified multicast group addresses, while
108
clients listen on these addresses. Upon receiving the message, a
109
client exchanges several messages with the server in order to
110
calibrate the multicast propagation delay between the client and
111
server. In manycast mode a client sends a message to a specified
112
multicast group address and expects one or more servers to reply.
113
Using engineered algorithms, the client selects an appropriate
114
subset of servers from the messages received and continues in
115
ordinary client/server operation. The manycast scheme can provide
116
somewhat better accuracy than the multicast scheme at the price of
117
additional network overhead. See the <a href="assoc.htm">
118
Association Management</a> page for further information.</p>
122
<p>There are two burst mode features available where special
123
conditions apply. One of these is enabled by the <tt>iburst</tt>
124
keyword in the <tt>server</tt> configuration command. It is
125
intended for cases where it is important to set the clock quickly
126
when an association is first mobilized. The other is enabled by the
127
<tt>burst</tt> keyword in the <tt>server</tt> configuration
128
command. It is intended for cases where the network attachment
129
requires an initial calling or training procedure. See the <a href=
130
"assoc.htm">Association Management</a> page for further
135
<p>The reference clock driver interface is smaller, more rational
136
and more accurate. Support for pulse-per-second (PPS) signals has
137
been extended to all drivers as an intrinsic function. Most of the
138
drivers in NTPv3 have been converted to this interface, but some,
139
including the PARSE subinterface, have yet to be overhauled. New
140
drivers have been added for several GPS receivers now on the market
141
for a total of 39 drivers. Drivers for the Canadian standard time
142
and frequency station CHU, the US standard time and frequency
143
stations WWV/H and for IRIG signals have been updated and
144
capabilities added to allow direct connection of these signals to
145
the Sun audio port <tt>/dev/audio</tt>.</p>
149
<p>In all except a very few cases, all timing intervals are
150
randomized, so that the tendency for NTPv3 to self-synchronize and
151
bunch messages, especially with a large number of configured
152
associations, is minimized.</p>
156
<p>In NTPv3 a large number of weeds and useless code had grown over
157
the years since the original NTPv1 code was implemented almost
158
twenty years ago. Using a powerful weedwacker, much of the
159
shrubbery has been removed, with effect a substantial reduction in
160
size of almost 40 percent.</p>
164
<p>The entire distribution has been converted to gnu <tt>
165
automake</tt>, which should greatly ease the task of porting to new
166
and different programming environments, as well as reduce the
167
incidence of bugs due to improper handling of idiosyncratic kernel
172
<h4>Nasty Surprises</h4>
174
<p>There are a few things different about this release that have
175
changed since the latest NTP Version 3 release. Following are a few
176
things to worry about:</p>
180
<p>As required by Defense Trade Regulations (DTR), the
181
cryptographic routines supporting the Data Encryption Standard
182
(DES) have been removed from the base distribution. These routines
183
are readily available in most countries from RSA Laboratories.
184
Directions for their use are in the <a href="build.htm">Building
185
and Installing the Distribution</a> page.</p>
189
<p>As the result of the above, the <tt>./authstuff</tt> directory,
190
intended as a development and testing aid for porting cryptographic
191
routines to exotic architectures, has been removed. Developers
192
should note the NTP authentication routines use the interface
193
defined in the <tt>rsaref2.0</tt> package available from RSA
198
<p>The enable and disable commands have a few changes in their
199
arguments see the <tt>ntpd</tt> <a href="confopt.htm">Configuration
200
Options</a> page for details. Note that the <tt>authenticate</tt>
201
command has been removed.</p>
205
<p>The <tt>ppsclock</tt> line discipline/streams module is no
206
longer supported. This function is now handled by the <a href=
207
"driver22.htm">PPS Clock Discipline</a> driver, which uses the new
208
PPSAPI application program interface proposed by the IETF. Note
209
that the <tt>pps</tt> configuration file command has been obsoleted
210
by the driver. See the <a href="pps.htm">Pulse-per-second (PPS)
211
Signal Interfacing</a> page for further information.</p>
215
<p>Several new options have been added for the <tt>ntpd</tt>
216
command line. For the inveterate knob twiddlers several of the more
217
important performance variables can be changed to fit actual or
218
perceived special conditions. It is possible to operate the daemon
219
in a one-time mode similar to <tt>ntpdate</tt>, which program is
220
headed for retirement. See the <a href="ntpd.htm"><tt>ntpd</tt> -
221
Network Time Protocol (NTP) daemon</a> page for the new
226
<p>To help reduce the level of spurious network traffic due to
227
obsolete configuration files, a special control message called the
228
kiss-of-death packet has been implemented. If enabled and a packet
229
is denied service or exceeds the client limie, a compliant server
230
will send this message to the client. A compliant client will cease
231
further transmission and send a message to the system log. See the
232
<a href="accopt.htm">Authentication Options</a> page for further
237
<p>An experimental filter algorithm called huff-n'-puff has been
238
implemented to reduce errors under conditions of severe assymetric
239
delays characteristic of <tt>ppp</tt> connections with telephone
240
modems and downloading or uploading considerable traffic. See the
241
<a href="ntpd.htm">ntpd - Network Time Protocol (NTP) daemon</a>
242
page for further information.</p>
248
<p>This release has been compiled and tested on several systems,
249
including SunOS 4.1.3, Solaris 2.5.1-2.8, Alpha 4.0, Ultrix 4.4,
250
Linux, FreeBSD and HP-UX 10.02. It has been compiled and tested on
251
Windows NT, but not yet on any other Windows version or for VMS. We
252
are relying on the NTP volunteer corps to do that. Known problems
253
are summarized below:</p>
257
<p>The latest NTPv4 <tt>ntpdc</tt> does not work with previous
258
versions of <tt>ntpd</tt> and previous versions of <tt>ntpdc</tt>
259
do not work with latest <tt>ntpd</tt>. This situation is
260
regrettable and may be fixed in future; however, it is necessary in
261
order for the autokey function to retrieve canonical names and
262
certificates from directory services such as Secure DNS.</p>
266
<p>The precision time support in stock Solaris 2.6 has bugs that
267
were fixed in 2.7. A patch is available that fixes the 2.6 bugs.
268
The 2.6 kernel discipline has been disabled by default. For
269
testing, the kernel can be enabled using the <tt>enable kernel</tt>
270
command either in the configuration file or via <tt>ntpdc</tt>.</p>
274
<p>The HTML documentation has been partially updated. However, most
275
of the NTPv3 documentation continues to apply to NTPv4. Until the
276
update happens, what you see is what you get. We are always happy
277
to accept comments, corrections and bug reports. However, we are
278
most thrilled upon receipt of patches to fix the dang bugs.</p>
283
<a href="index.htm"><img align="left" src="pic/home.gif" alt=
286
<address><a href="mailto:mills@udel.edu">David L. Mills
287
<mills@udel.edu></a></address>