The Network Time Protocol (NTP) is the mechanism widely used on the Internet to distribute accurate time information which can then be used by systems on the Internet to set their clocks. A primary NTP server has a directly attached accurate time piece such as a radio clock or an atomic clock. A secondary NTP server is one that is synchronised from other NTP servers.
The University NTP service is provided by four secondary NTP servers. Three of these, ntp0.cam.ac.uk, ntp1.cam.ac.uk, and ntp3.cam.ac.uk are provided by University Information Services (UIS). These are synchronised from various external servers including those run by Jisc, the National Physical Laboratory and Cloudflare, along with a primary server at the Department of Computer Science and Technology. A fourth secondary server, ntp2.cam.ac.uk, is provided by the Department of Engineering. The secondary servers also communicate among themselves, so that if one of them loses access to the Internet, it can still synchronise with the others.
The four secondary servers are in four separate locations across the University estate. This means that a problem with a single location should affect at most one of the servers and not disrupt the service as a whole.
The UIS servers all run chrony. Each one has a published IPv4 and IPv6 address. The IPv6 addresses are anycast, which means that they are not dependent on which network the NTP servers are currently on. The IPv4 addresses are not currently anycast, but it is expected that they will become anycast in due course without needing to change.
The UIS servers co-operate to provide sntp.cam.ac.uk. They use the Virtual Router Redundancy Protocol (VRRP) to negotiate among themselves which one should provide the service at any time. In the event of the failure of one server, another should take over the address within about 4 seconds. They also contribute to the NTP Pool, which means that clients of the NTP Pool in the University will often find themselves using a University NTP server.
All of the University NTP servers support Network Time Security (NTS). NTS allows an NTP client to authenticate NTP replies, so that it can be certain that the reply is fresh and came from the correct server. An NTS client first connects to its server using Network Time Security Key Exchange (NTS-KE), which uses Transport Layer Security (NTS) to securely provide a collection of ‘cookies’ to the client. Each cookie can be used to authenticate a single NTP response, and also to decrypt a fresh cookie sent with the reply.