Why Accurate Time Matters on Networks
Many network systems depend on clocks being within a small tolerance of each other. TLS/SSL certificates have validity windows — a client with a wildly incorrect clock may reject valid certificates or accept expired ones. Kerberos authentication (used in Active Directory environments) fails if the clock difference between client and server exceeds 5 minutes. Firewall and IDS logs become unreliable for forensics if timestamps do not align across devices. Distributed databases like Cassandra and CockroachDB use timestamps to resolve write conflicts, requiring synchronized clocks.
In a homelab, NTP matters for log correlation (if your Proxmox host and OPNsense router have different times, cross-referencing events in logs requires mental arithmetic), for certificate validation, and for cron job timing across multiple systems.
How NTP Works
NTP uses a hierarchical system of time servers called strata. Stratum 0 devices are atomic clocks, GPS receivers, and other highly accurate physical time sources. They are not on the internet directly. Stratum 1 servers are directly connected to Stratum 0 sources — these are the root NTP servers run by national laboratories, universities, and major tech companies. Stratum 2 servers sync from Stratum 1 and are what most devices use on the internet. Your router likely syncs from Stratum 2 servers in the public NTP pool (pool.ntp.org).
NTP uses UDP port 123. A client sends a timestamp request to an NTP server, which responds with its current time and the time it received the request. The client calculates the round-trip delay and clock offset, then adjusts its clock gradually (not instantaneously) to avoid disrupting time-sensitive processes. Modern NTP implementations (ntpd, chrony) step the clock if the offset is large and then slew (gradually adjust) once close.
NTP vs SNTP vs PTP
SNTP (Simple NTP) is a simplified version of NTP without the complex clock discipline algorithms. It is used in embedded devices and IoT hardware where precision is less critical. SNTP clients simply set the clock to the server's time with one round trip, without calculating and correcting for network delay jitter.
PTP (Precision Time Protocol, IEEE 1588) achieves nanosecond-level synchronization using hardware timestamping in network equipment. It is used in financial trading systems, broadcast video production, and industrial automation where microsecond accuracy is required. PTP is increasingly supported in server NICs and managed switches for homelab use, enabling GPS-accurate time distribution over a local network.
NTP Stratum Hierarchy
| Stratum | Source | Accuracy | Examples |
|---|---|---|---|
| 0 | Physical reference (atomic clock, GPS) | Nanoseconds | Cesium clocks, GPS receivers |
| 1 | Directly connected to Stratum 0 | Microseconds | time.nist.gov, time.cloudflare.com |
| 2 | Synced from Stratum 1 | Milliseconds | pool.ntp.org members, ISP NTP servers |
| 3 | Synced from Stratum 2 | Low tens of ms | Office NTP server syncing from internet |
| 4–15 | Synced from upstream stratum | Increasing drift | Branch office servers, IoT aggregators |
| 16 | Unsynchronized | No reference | Device with no NTP configured |
Frequently Asked Questions
What NTP server should I use?
pool.ntp.org is the most common choice — it is a distributed pool of volunteer NTP servers that automatically routes you to nearby servers. Cloudflare time.cloudflare.com (Stratum 1) and Google time.google.com are reliable Stratum 1 alternatives. Your ISP may also provide an NTP server. Use 3–4 different servers for better accuracy and redundancy.
How do I check if NTP is working on Linux?
Run timedatectl status to see the current time synchronization state and which NTP service is active. chronyc tracking shows the reference server, estimated offset, and RMS error for systems using chrony. ntpq -p lists all configured NTP servers and their current status for systems using ntpd.
Should I run a local NTP server in my homelab?
Yes, for larger setups. Configure your router (OPNsense has a built-in NTP server) or a dedicated VM to sync from internet NTP servers and serve as the NTP source for all local devices. This reduces external NTP traffic, provides consistent synchronization across all local devices, and works even if the internet connection is briefly down. All VMs and containers point to the local NTP server.
Why do NTP servers adjust the clock gradually instead of jumping?
Sudden clock jumps cause problems for running processes. Applications may see time going backward (breaking logging, distributed lock expiry, and transaction ordering) or jump forward unexpectedly (breaking scheduled tasks and timeouts). NTP slewing — adjusting at a rate of up to 500 ppm (parts per million) — brings clocks in line without disruption. The exception is the initial sync: most NTP clients step the clock if the offset exceeds 128 ms on first start, then switch to slewing.