Fibrolan’s GPS/GNSS (Global Navigation Satellite System) referenced NTP Server combines a multi-security layer time propagation ability with exceptional scalability capacity.
To learn more about Fibrolan’s NTP Servers offering follow the links below:
NTP has been around since 1985 and has been widely accepted as the default method to propagate time over packet-based networks. It is a client-server protocol but can also perform in peer to peer architecture. NTP clients are implemented in almost every network element, operating system and mobile device with the main purpose of synchronizing time across the network allowing devices to timestamp events and actions as they occur.
Multiple public NTP servers are available on the Internet free of charge but at the cost of a potential security breach. Public servers can be spoofed by hackers and other hostile organizations, with the intent to provide false time or for the benefit of gaining access to enterprise networks and launch malicious attacks.
Fibrolan’s NTP server includes numerous network security advantages - highlighted list is detailed below:
- The NTP clock signal is derived directly from GPS/GNSS, a highly reliable source, therefore eliminating potential spoofing attacks through the public network.
- The NTP server transactions can be authenticated using the MD5 algorithm, securing the connection between the server and its clients.
- Support of simultaneous multiple separated subnets, each of them assigned to a separate VLAN and a different IP address. Thus, creating separated virtual servers that can be accessible to separate networks.
- NTP requests are processed in hardware (model dependent), therefore, completely separating the NTP functions from the management plane and eliminating the possibility of abusing the protocol for any kind of DoS/DDoS attacks.
NTP was designed to operate in a hierarchical structure with the top level, being Stratum 1, connected directly to highly accurate primary clock sources such as GPS/GNSS. Such clock sources are referred as Stratum 0 rely on Stratum 1 NTP servers to distribute protocol messages to lower servers or clients in the hierarchical structure. Downstream NTP servers in the hierarchy derive their clock from servers in the level above them or ones that share the same Stratum level and are referred as NTP Peers.
NTP hierarchical structure can reach a maximum of 15 levels. Each such level increases the stratum level (number) by one, thus indicating its “distance” from the GPS/GNSS equipped source. As Stratum level grows higher the accuracy and stability of the clock degrades. The NTP standard dictates that clients cannot sync to a Stratum 15 server, deeming them as ill equipped to serve as time sources.
Servers that lose all valid time sources automatically set themselves as Stratum 15 in order to prevent any other servers, peers or clients in the hierarchy from using them as a time source.
Dedicated NTP Clock
Service Providers who wish to extend their existing service offering (such as Internet connectivity, storage, telephony, or hosting) may find NTP clock a suitable addition to their portfolio. A dedicated NTP domain can be easily assigned per end user with Fibrolan’s NTP servers. Each of the end users can be assigned with a dedicated NTP server IP address and be confined by a separate VLAN to provide the adequate security measures. Fibrolan’s demarcation devices such as the nFalcon-M can be added at the network edges to extend management and monitoring capabilities and add another security layer.
Resiliency and Availability
A stable NTP source is key to a reliable service. Stable NTP service can be obtained by combining a resilient design and proper network architecture that assure high availability. Fibrolan’s NTP Servers are equipped with a Rubidium Clock or OCXO (model dependent), to cater for long periods of GPS/GNSS outage (i.e. holdover). They can also support up to 5 levels of alternate time reference input sources (NTP or PTP) that can provide a secondary clock input in case of a GPS/GNSS outage, thereby preventing the NTP server from going into holdover.
For any question and order please contact us.