NTP Properties

The following NTP properties are available from Configuration: Services: NTP.

Table 3-33 NTP Properties

Property Description Examples

Discover NTP server via multicast address

Enter a multicast address here for an NTP server to be located automatically

224.0.1.1

Manually specify NTP server(s)

Enter one or more NTP servers (and their corresponding authentication keys, if any) for the appliance to contact directly

0.pool.ntp.org

NTP Authentication Keys

Enter one or more NTP authentication keys for the appliance to use when authenticating the validity of NTP servers. See the next table.

Auth key: 10, Type: SHA225, Private Key: SUN7000

Validation - If an invalid configuration is entered, a warning message is displayed and the configuration is not committed. This occurs when:

  • A multicast address is used but no NTP response is found.

  • An NTP server address is used, but that server does not respond properly to NTP.

Authentication - To prevent against NTP spoofing attacks from rogue servers, NTP has a private key encryption scheme whereby NTP servers are associated with a private key that is used by the client to verify their identity. These keys are not used to encrypt traffic, and they are not used to authenticate the client; they are only used by the NTP client (that is, Oracle ZFS Storage Appliance) to authenticate the NTP server. To associate a private key with an NTP server, the private key must first be specified. Each private key has a unique integer associated with it, along with a type and key. The type must be one of the following: RSA-SHA1, SHA1, SHA224, SHA256, SHA3-224, SHA3-256, SHA3-384, SHA3-512, SHA384, SHA512, SHA512-224, SHA512-256, SHAKE128, and SHAKE256. Each type is a hash algorithm and takes a key value that is an ASCII string. To authenticate the response, the key number, key type, and key value on the client must match the key number, key type, and key value on the server.

After the keys have been specified, an NTP server can be associated with a particular private key. For a given key, all of the key number, key type, and private key values must match between client and server for an NTP server to be authenticated.