Commands
In this article, we will review how to configure Chrony on RHEL9 using chrony. We will focus on the server-side setup and finish with the
Learn the key differences between NTP and Chrony, two popular time synchronization protocols. Discover which one suits your needs based on accuracy, efficiency, and security.
In the world of networking, accurate time synchronization is crucial for everything from logging events and tracking data packets to maintaining the proper functioning of distributed systems. The two most common time synchronization protocols are NTP (Network Time Protocol) and Chrony, a newer, more modern implementation designed to address some of the shortcomings of NTP. This blog post delves into the key differences between NTP and Chrony, exploring their features, advantages, and when to use each.
What is NTP? |
Network Time Protocol (NTP) has been the standard protocol for time synchronization since its inception in the 1980s. It is used to synchronize the clocks of computers across a network, ensuring that all systems within a given environment have the same time reference. NTP operates over the UDP protocol and uses a hierarchical system of time sources (stratum levels), ranging from stratum 0 (high-precision devices like atomic clocks) to stratum 15 (devices with less precise time sources).
NTP has a long history and is widely used in enterprises and across the internet. However, its architecture and approach have limitations in specific use cases, particularly in environments where network latency or unstable time sources can affect synchronization accuracy.
What is Chrony? |
Chrony is a more recent time synchronization service that provides an alternative to NTP. It is designed to be more accurate and efficient, particularly in environments with intermittent network connectivity, or in scenarios where systems are frequently booting or resuming from hibernation. Chrony has been gaining traction due to its faster convergence time (the time it takes to synchronize the clock), better handling of network delays, and ability to operate effectively in both small-scale and large-scale environments.
Chrony, like NTP, uses the same time servers, but its algorithm for clock correction is more sophisticated and better suited for modern networking environments.
Photo by admingeek from Infotechys
| Feature | NTP | Chronyd |
|---|---|---|
| Design and Purpose | Developed in 1985, designed for large-scale environments. | Developed in the 2000s, optimized for efficiency and faster convergence. |
| Clock Synchronization Method | Periodic polling of time servers. | Uses a combination of polling and continuous adjustments. |
| Response to Network Delays | Can be slow to react to network delays. | More adaptive to network delay fluctuations. |
| Convergence Time | Slower (can take minutes to hours). | Faster (usually takes a few seconds). |
| Precision in Low-Connectivity | Struggles with low-connectivity or transient network failures. | More reliable in low-connectivity situations. |
| Accuracy on Boot | Can have issues if time drift is significant on boot. | Can correct time on boot faster, even in the presence of significant drift. |
| Configuration Complexity | More complex configuration, especially for firewalls and proxies. | Easier configuration, especially with modern systems. |
| Server Use | Typically uses public or private NTP servers. | Can work with a mix of NTP servers and local sources. |
| Resource Usage | Uses more system resources for time synchronization. | More lightweight, uses fewer resources. |
| Supported Platforms | Supported by virtually all operating systems. | Supported by most Linux distributions and Unix-like systems. |
Time Synchronization Process |
NTP uses a traditional approach to time synchronization, where each system on the network polls a time server at regular intervals. The server then sends time information back to the client, and the client adjusts its clock accordingly. This can result in a longer adjustment time if the system’s clock is significantly out of sync or if the network is experiencing high latency.
In contrast, Chrony employs a more adaptive method of synchronization. Rather than simply polling time servers, Chrony continuously adjusts the system clock, ensuring it remains synchronized with the time source. This approach allows for faster convergence and more accurate synchronization, particularly in unstable network conditions.
NTP on Ubuntu/Debian-based systems |
To install NTP and configure it, you would typically use the following commands:
sudo apt update && sudo apt install ntp
To start and enable NTP service:
sudo systemctl enable --now ntp
For configuration, the /etc/ntp.conf file will be used to specify time servers.
sudo vim /etc/ntp.conf
Chrony on Ubuntu/Debian-based systems |
Chrony is often the preferred solution on modern Linux systems, and installation and configuration is relatively straightforward:
sudo apt update && sudo apt install chrony
To start and enable Chrony service:
sudo systemctl enable --now chrony
Chrony’s main configuration file is /etc/chrony.conf.
sudo vim /etc/chrony.conf
Chrony on CentOS/RHEL or Linux-based systems |
For RHEL 9 or CentOS 9 (any release 7 or higher), the default NTP implementation is handled by Chrony rather than the traditional ntpd service, so if you don’t have the NTP package in the repository, Chrony is pre-installed instead.
Handling Network Delays |
One of the key advantages of Chrony over NTP is its ability to respond more quickly to network delays or jitter. NTP can be slow to adjust in cases where network conditions fluctuate, resulting in inaccurate time synchronization or slow convergence. Chrony, however, adjusts to changes in network latency more effectively and is better suited for environments where network quality cannot always be guaranteed.
This characteristic of Chrony is particularly useful in mobile environments or when dealing with systems that experience frequent power cycling or network disconnections. Chrony ensures that the system clock remains as accurate as possible without the need for manual intervention.
Boot Time Synchronization |
Systems that frequently boot or resume from hibernation can experience significant clock drift. In traditional NTP setups, the system might take a while to sync the clock after boot, especially if it was disconnected from the network or if the system’s clock was far out of sync.
Chrony, on the other hand, can synchronize the system clock more quickly, even when there’s substantial drift. It can handle startup and resume situations more gracefully, ensuring that the system’s clock is accurate from the moment the system boots up.
Resource Usage and Efficiency |
Chrony is designed to be more lightweight and resource-efficient compared to NTP. NTP can be resource-heavy, especially when there are multiple clients or time servers to manage. It continuously runs polling processes that consume more CPU and memory resources.
Chrony uses fewer resources because it doesn’t require the same constant polling. Instead, it continuously adjusts the system’s time, keeping the system clock in sync with minimal resource overhead.
Accuracy in Different Environments |
Both NTP and Chrony can achieve high levels of accuracy when synchronized with reliable time sources. However, Chrony often delivers better accuracy in environments where time synchronization is particularly challenging, such as in virtualized or cloud environments where time drift is more common.
Additionally, Chrony excels in scenarios where systems are often disconnected from the network, like mobile devices or laptops, or when working in cloud-based infrastructure where network connectivity is more variable.
Security Considerations |
Security is always a concern with time synchronization protocols. NTP has been in use for decades, and while it is a stable protocol, it has been the target of various security attacks over the years, such as spoofing and denial-of-service attacks.
Chrony, being newer, includes enhanced security features, including better handling of cryptographic signatures for time servers. While both NTP and Chrony can use cryptographic techniques to ensure time accuracy and security, Chrony generally provides a more robust and flexible framework for securing time synchronization.
In this article, we will review how to configure Chrony on RHEL9 using chrony. We will focus on the server-side setup and finish with the
In this article, we will review network time protocol (NTP) installation and configuration on a CentOS8 or RHEL8 operating system. As part of this process,
Learn how to install and configure IPA/IdM on RHEL 9 and CentOS 9. This comprehensive guide covers prerequisites, step-by-step installation, user management, and enabling 2FA