AS-TIMESYNC: A Complete Setup Guide for Network Time Synchronization
What AS-TIMESYNC is
AS-TIMESYNC is a time-synchronization solution (assumed here as a dedicated service/agent) that ensures consistent system clocks across networked devices by communicating with authoritative time sources and distributing accurate time to clients.
Why it matters
- Consistency: Prevents clock drift across servers and network devices.
- Security: Accurate timestamps are critical for logs, authentication, and certificate validation.
- Reliability: Coordinated time improves database replication, scheduled jobs, and event ordering.
Prerequisites
- Administrative access to servers and network devices.
- One or more reachable upstream time sources (public NTP/PTP servers or internal reference clocks/GPS).
- Network ports for time protocols allowed (NTP: UDP 123; PTP: UDP ⁄320, others depending on profile).
- Firewall and ACL rules updated to permit synchronization traffic.
High-level architecture
- Upstream sources: External NTP/PTP servers or GPS/IRIG reference clocks.
- Time servers (stratum ⁄2): Machines running AS-TIMESYNC in server mode, pulling from upstream and serving clients.
- Clients: Workstations, application servers, network devices configured to sync from the time servers.
- Monitoring/alerting: Metrics and alerts for offset, jitter, reachability, and stratum changes.
Step-by-step setup (assumes Linux servers)
- Install AS-TIMESYNC
- Use the vendor package or a distribution package manager:
bash
# example; replace with vendor instructions sudo apt update sudo apt install as-timesync
- Configure upstream servers
- Edit the main config (e.g., /etc/as-timesync/config.conf) to list upstream NTP/PTP sources:
ini
upstreamservers = [ “0.pool.ntp.org”, “1.pool.ntp.org”, “time.example.internal” ] protocol = “ntp” # or “ptp”
- Set server mode and access controls
- Enable server mode so this host serves clients; restrict clients by CIDR:
ini
mode = “server” allowclients = [“10.0.0.0/8”, “192.168.1.0/24”]
- Tune sync parameters
- Configure polling intervals, max offset, and slew vs step behavior:
ini
min_poll = 6 # 64s max_poll = 10 # 1024s max_offset = 0.5 # seconds before step is allowed slewthreshold = 0.128 # seconds
- Enable hardware timestamping (if NIC/GPS available)
- Turn on kernel/hardware timestamping for improved accuracy (requires supported NIC and kernel):
ini
hardware_timestamping = true timestampinterface = “eth0”
- Start and enable service
bash
sudo systemctl enable –now as-timesync
- Configure clients
- Point clients to your AS-TIMESYNC servers:
bash
# /etc/as-timesync/client.conf servers = [“10.0.1.10”, “10.0.1.11”] mode = “client”
- Start client service.
- Monitoring and alerting
- Export metrics via Prometheus (if supported) and set alerts:
- Alert on offset > 0.5s, unreachable upstream, or stratum increase.
- Monitor logs for frequent stepping or large jitter.
Verification and testing
- Check service status:
bash
sudo systemctl status as-timesync
- Query status and offsets:
bash
as-timesyncctl status as-timesyncctl peers
- Verify client offset:
bash
timedatectl timesync-status # if integrated with systemd-timesyncd ntpq -p # for NTP protocol
Best practices
- Use at least three independent upstream sources for redundancy.
- Prefer hardware timestamping for sub-millisecond accuracy.
- Restrict which hosts can query your servers.
- Monitor offsets and configure graceful slewing to avoid large steps.
- Keep software up to date and test updates in staging.
Troubleshooting quick tips
- Large steady offset: check network delay, routing, and CPU load.
- Frequent stepping: increase max_offset or enable slewing.
- Clients not reaching server: verify firewall, ports, and ACLs.
- High jitter: check upstream quality and packet loss.
If you want, I can produce example config files for a specific OS/distribution, systemd unit snippets, or a Prometheus alert rule set.
Leave a Reply