21
servers
are outfitted with the receivers and they use protocols such as SNTP to
synchronize the clock times of networked computers. Degrees of separation from the
UTC source are defined as strata. A radio clock (which receives true time from a
dedicated transmitter or satellite navigation system) is stratum-0; a computer that is
directly linked to the radio clock is stratum-1; a computer that receives its time from
astratum-1 computer is stratum-2, and so on.
The term SNTP applies to both the protocol and the client/server programs that run on
computers. The programs are compiled by the user as an SNTP client, SNTP server, or
both. In basic terms, the SNTP client initiates a time request exchange with the time
server. As a result of this exchange, the client is able to calculate the link delay, its local
offset, and adjust its local clock to match the clock at the server's computer. As a rule,
six exchanges over a period of about five to 10 minutes are required to initially set the
clock. Once synchronized, the client updates the clock about once every 10 minutes,
usually requiring only a single message exchange. Redundant servers and varied
network paths are used to ensure reliability and accuracy. In addition to client/server
synchronization, SNTP also supports broadcast synchronization of peer computer clocks.
SNTP is designed to be highly fault-tolerant and scalable.
4.7
ICMP (Internet Control Message Protocol)
ICMP (Internet Control Message Protocol) is a message control and error-reporting
protocol between a host server and a gateway to the Internet. ICMP uses Internet
Protocol - IP data-grams, but the messages are processed by the IP software and are
not directly apparent to the application user.
4.8
NAT-T
NAT-T (NAT Traversal in the IKE) is a method of enabling IPSec-protected IP datagram’s
to pass through a Network address translator (NAT). An IP packet is modified while
passing through a network address translator device in a manner that is incompatible
with Internet Protocol Security (IPSec). NAT-T protects the original IPSec encoded
packet by encapsulating it with another layer of UDP and IP headers. The negotiation
during the Internet key exchange (IKE) phase is defined in RFC 3947 and the UDP
encapsulation itself is defined in RFC 3948. Most major networking vendors support NAT-
T for IKEv1 in their devices. In Microsoft Windows XP with Service Pack 2 the feature can
be enabled.