Enterprise Network Timing: NTP/PTP with Layered Timing Topology - A Best Practice Guide for GPS/GNSS Engineers

Network timing in the enterprise world is often overlooked, and that is a mistake. Network architects or engineers often default to an Internet-based timing architecture for their ultimate source of time. In today’s world of frequent cyberattacks, regulatory compliance requirements and demand for highly stable and accurate network timing, is that the best we can do? Here is another approach: the hierarchy (layering) of timing topology.

The Advantage of Layering: Hierarchical Timing Topology

A hierarchical timing topology takes advantage of layering the timing infrastructure internally for enterprise deployment to bring secure, resilient and accurate timing to the network. A typical layout consists of a reference layer, a distribution layer and a client/handoff layer. Let’s look at each layer and explore its characteristics and importance.

1. Reference Layer 

The reference layer is where your time server gets its legal time from universally accepted time references such GNSS and STL (Satellite Time & Location).

Fig. 1: Reference Layer

Figure 1.png

This layer should include resilient  time references to help prevent failure scenarios. For resiliency, it should have separate redundant antenna access for each server. It should also be able to identify, detect and protect from jamming and spoofing of satellite-based signals and/or have alternative signals to GNSS when required.

With these features, the reference layer will provide a highly accurate, reliable and redundant source of time to the distribution layer. Based on the underlying network infrastructure, the servers in this layer should support multiple methods of industry standards for time transmission. It should also be easy to scale.

In a typical deployment, we recommend having at least three different time servers in the reference layer, with resilient time reference options available to them, including these requirements:

  • Each server should have redundant power and be distributed across different sites and network racks
  • Support for time distribution protocols, which can vary by requirements of a given deployment – NTP/PTP, White Rabbit (PTP-High Accuracy), PPS, IRIG and so forth
  • Better quality oscillator (e.g., an internal atomic clock) with receiver(s) supporting multi-GNSS constellations and alternatives to GNSS

At Orolia, products and technologies such as SecureSync, STL, Anti-Jamming (AJ) Antenna, GPSdome Anti-Jammer, CRPA Testing System, and IDM (Interference Detection and Mitigation) features are well suited for the reference layer.

2. Distribution Layer 

At the distribution layer, the focus is on time distribution challenges.

Appropriate time transmission protocols should be used to receive the time from the reference layer based on the timing accuracy requirement. For instance, White Rabbit is ideal for sub-nanosecond accuracy, PTP or NTP can be ideal for micro- or millisecond accuracy. For some deployments, IRIG or PPS may be the best option.

Fig. 2: Distribution Layer

Figure 2.png

Your distribution servers do not require access to an antenna, allowing you to scale the deployment to distribute time across various network locations. Key characteristics of distribution layer servers should include:

  • Dual power and multi-uplink for traffic path redundancy
  • Support for active and passive deployment technology; for example, NTP over Anycast
  • Better throughput and higher capacity for handling timing traffic
  • Support for a wide range of time transmission protocols

To reduce the jitters and timing offset errors that can happen due to network path variations, it is recommended that these servers be placed in a symmetric path distance between the reference and the client layer. For instance, a direct fiber link between the reference and distribution layers can provide better accuracy vs. a network routed or switched path.

A layering topology also simplifies the scaling problem. Just add distribution servers for any scaling requirement – redundancy, capacity, disaster recovery, or security.

Orolia’s SecureSync® resilient time server, a network time and frequency solution, is a good choice for this layer and it is available with a wide range of custom features and option cards.

The distribution  layer should also be resilient to time source failure scenarios. It should include at least two local and multiple remote time sources from the reference layer. With options such as low latency and high-speed ethernet, multiple uplinks, and dual power for resiliency, this layer will then provide accurate, reliable and redundant time to the client/handoff layer.

3. Client/Handoff Layer

The client/handoff layer is where time is received by the clients. To receive time, clients should have access to at least three or more distribution time servers.

Fig. 3: Client Layer

Figure 3.png

At the handoff layer, the clients include business-critical application servers, network routers and switches, and other network devices that can support both NTP and PTP.  However, today many clients and their operating systems (Linux, Windows, iOS, Android and so on), including computer desktops, servers, mobile and smart devices, widely support NTP. Hence, at a minimum, distribution time servers must support NTP as a handoff timing protocol.

Fig. 4: Typical Layout for a Complete Hierarchical Timing Topology

Figure 4.png

As we can see, the key merits of layering your timing network include allowing you to put your eggs in multiple baskets, which then allows you to maximize the outcomes of resources in place for resiliency, accuracy and security. It also avoids the need for internet servers as a time source for internal devices — which is the primary source of NTP and other cybersecurity attacks, and a key source of unstable timing accuracy.

Orolia offers innovative, customized products and solutions to address the needs of timing infrastructure deployments at every layer. To learn more, contact us, or Request a Quote.

Related Resources Related Resources

Pritam Kandel
Pritam Kandel

Pritam Kandel is an Applications Engineer with over a decade of experience working in design, assessment and implementation of TCP/IP routing and switching infrastructure for network cores/backbones, datacenters, Internet edge and WAN. He is experienced with maintaining IT infrastructure, including Internet peering and ISP services, MPLS and carrier networks, and VoIP global infrastructure. He holds certifications in CCNP, CCNA, JNCIA, MPLS Deployment, Alcatel Lucent and NIX platforms. Pritam is a graduate of the Rochester Institute of Technology with an MBA in Technology Management and holds a Bachelor of Engineering in IT from Pokhara University.