receives time from a stratum 1 server, and so on. When a
client receives time from different NTP servers, a lower-
stratum server is chosen as the most trusted source
unless there is a big time difference between the lower-
stratum server and all the other servers.
There are two ways communication between NTP clients
and servers takes place: IT can be statically configured or
can occur through broadcast messages. You can
manually configure NTP clients to establish a connection
and to associate and solicit time updates from NTP
servers by simply statically configuring the hostname or
the IP addresses of the servers. In local-area networks
within the same subnet, NTP can be configured to use
broadcast messages instead. Configuration in this
situation is simpler, as each device can either be
configured to send or receive broadcast messages. With
broadcast NTP messages, there is a slight loss of
accuracy since the flow of information is only one way.
Since time accuracy is critical in today’s infrastructure, it
is recommended to implement all security features that
come with NTP. Two NTP security features are most
commonly used:
An encrypted authentication mechanism between clients and servers
should always be enabled.
NTP associations should be limited to only trusted servers through
access control lists.In most situations, it is recommended to have at least
three higher-stratum NTP servers configured for each
network. A large number of public NTP servers can be
used for these purposes.
LAYER 2 VERSUS LAYER 3 NETWORK
DIAGRAMS