© MOBATIME
61 / 84
800847.08
8.8.2
NTP Autokey
The validity of the time received to the NTP clients is assured by symmetric keys. For a
higher degree of certainty, exchanging the keys used regularly is, however, necessary
to obtain protection, e.g. from replay attacks (i.e. attacks in which recorded network
traffic is simply played back).
The autokey procedure was introduced as the exchange is very involved in a large
network. A combination of group keys and public keys enables all NTP clients to check
the validity of the time information which they receive from servers in their own autokey
group.
NTP Autokey is relatively complex in its use and studying the functionality is definitely
necessary beforehand.
Autokey is descrbied at
http://www.cis.udel.edu/~mills/proto.html
or on the NTP
homepage
http://www.ntp.org
.
Autokey is currently defined in an IETF draft.
http://www.ietf.org/internet-drafts/draft-ietf-ntp-autokey-04.txt
The configuration of Autokey is explained in
http://support.ntp.org/bin/view/Support/ConfiguringAutokey
or in
http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm#S-CONFIG-ADV-AUTH
.
8.9
Redundant operation of 2 DTS 4128.timeservers
For redundant operation two DTS 4128 devices are synchronized via optical fibers. For
this purpose, a mini GBIC module is plugged into both devices and connected via optical
fibers (see Appendix F, Technical Data):
Both devices have a GPS receiver in redundant operation. Both devices are configured
for the redundant mode, but are basically equal and work out the master/slave role
among themselves. The slave is always synchronized to the master in operation. The
slave supervises the system time on the basis of its own GPS time and generates an
error message, should the time difference amount exceed the configurable value of n
milliseconds.
mini GBIC Module