Clepsydra NTS-4000, NTS-5000 User Manual

USER MANUAL
NTP/PTP Network Time Servers
NTS-3000
NTS-4000
NTS-5000 w/ 4x PTP/IEEE1588
multi LAN HYDRA-Extender
Updated: September 2017
1
SAFETY INSTUCTIONS
TRADEMARKS, ACKNOWLEGMENT & CONTACTS
QUICK MANUAL
1.
QUICK INFO – ABOUT PRODUCT
2.
QUICK INFO – PRODUCT AT ARRIVAL
3.
QUICK INFO – MOUNTING AND CONNECTING
4.
QUICK INFO – POWERING ON
5.
QUICK INFO – PANEL KEYBOARD SETUP
6.
QUICK INFO - LCD MESSAGES
7.
QUICK INFO – TROUBLESHOOTING WITH SSH
8.
QUICK INFO – UPDATING FIRMWARE
9.
MAIN MANUAL
10. PRODUCT PERFORMANCE
11. PRODUCT ASSURANCE REQUIREMENTS
12. NTS-X000 FIRMWARE EVOLUTION
13. GLOSSARY TIME TERMS
14. OVERVIEW
15. HARDWARE
16. EXTRA FEATURES
17. HIGH PRECISION [NS] 4XPTP ITU-I G.8261
18. HYDRA MODULAR MULTI-LAN EXTENSION
19. UTC, LEAP SECOND AND TIME MULTISOURCE
.
UTC
.
GPS TIME (GPST)
.
GLONASS TIME (GLONASST)
.
GALILEO TIME (GST)
.
BEIDOU TIME (BDT)
.
LEAP SECOND
20. GNSS RECEIVER & ANTENNA
21. NTS-PROTECT (EXTRA SURGE PROTECTION)
22. FO-CONVERTER (FIBER OPTIC CONVERTER)
23. ROBUST SYNC - APPLICATION NOTES
24. POWERING UP
25. LCD MESSAGES
26. KEYBOARD SETUP
27. RESTORING FACTORY DEFAULTS
28. UTC MULTISOURCE INPUTS OF NTS
29. MAINTAINING HOLDOVER MODE (NTS-5000)
30. SOFTWARE SETUP FOR STD. LAN1-LAN2
31. PTPV2 SETUP OF PTP1-LAN4 (LAN3-LAN6)
32. APPLICATION NOTES FOR HFT & MIFID II
33. SOFTWARE SETUP VIA WWW (HTTP/HTTPS)
34. NTP SYMMETRIC AUTHENTICATION (MD5)
35. SYSLOG
2
3
3
5
6
7
8
9
12
14
15
17
18
19
26
28
29
31
32
36
38
39
41
41
41
42
42
42
43
49
56
61
64
66
67
68
69
70
71
73
81
100
103
113
121
SAFETY INSTUCTIONS
ATTANTION!
These are the important Safety Instructions that should be followed during
installation and maintenance of the Elproma NTS-3000/4000/5000 timeserver family
product.
IMPORTANT NOTE
This equipment contains hazardous AC and DC voltages. Do not handle any metallic
part until the power has been disconnected. Do not assemble, disassemble set when
the power is ON. Making wiring and touching cables is strongly prohibited when
power is ON. Please refer to your RACK’19 safety instruction to learn more about
connecting power to equipment. The NTS-protection system requires PE line to be
connected into RACK’19 din rails.
Elproma safety advises:
1.
2.
3.
4.
5.
6.
Safety first! Never work alone under hazardous voltage conditions
High short circuit current trough conductive materials can cause server burns
Check that the power cord(s), plug(s), and sockets are in good conditions
Always use qualified service personnel to install permanently wired equipment
Do not handle any metallic part before the power has been disconnected
Take care your power lines and rack’19 frame is properly PE grounded
TRADEMARKS, ACKNOWLEGMENT &
CONTACTS
© CLEPSYDRA
© ELPROMA
is trademark of
is trademark of
&
© TELEORIGIN is trademark of
Elproma
Elproma
Elproma
Elproma
Elektronika
Electronics
Elektronika
Elektronika
Sp. z o.o.
BV
Sp.z o.o.
Sp. z o.o.
ELPROMA Electronics Poland Sp. z o.o.
Szymanowskiego Str. 13 PL05092 Lomianki/Warsaw POLAND (EU)
Phone:
+48 227517680
Fax:
+48 227517681
Internet: http://www.clepsydratime.com
E-mail:
[email protected]
3
Acronyms
1PPS
AIV
BIPM
1 Pulse Per Second
Assembly, Integration and Validation
Bureau International des Poids et
Mesures
Certificate Authority
Consultative Committee for Time and
Frequency
Core Infrastructure Facilities
Commercial Off-the-Shelf
Common View
Digital Audio Broadcasting
ITU
KPI
MCT
International Telecom Union
Key Performance Indicator
Modular Coherent Transfer
NMI
NTA
National Metrological Institutes
National Time Authority
(mostly the same as NMI)
Network Time Protocol
Optical Fibber Technology
Oscillators (OCXO, Rubidium, Cs)
Point Precise Positioning
DB
DVB
Demonstrator for EGNSS services
based on Time Reference Architecture
Database (mostly SQL)
Digital Video Broadcasting
PTP
PTPv2
QR
RINEX
ETH
Ethernet
RMO
EBU
EGNOS
SFN
SIS
EWR
FO
FR
GCC
FTP
GDO
GGTO
GMT
European Broadcast Union
European geostationary navigation
overlay system
European GNSS
European Regional Metrological
Organisation
Extended White Rabbit
Fibber Optic
FREE-RUN mode
Galileo Control Centre
File Transfer Protocol
GPS Disciplined Oscillator
Galileo GPS Time Offset
Greenwich Mean Time
GNSS
GPS
GPST
GSA
GST
Global Navigation Satellite System
Global Positioning System
GPS Time Scale
GNSS Supervising Authority
Galileo System Time
TMC
TRF
TSA
TSI
TWSTF
HTTP
HTTPS
HO
HW
IPR
IRIG-B
Hypertext Transfer Protocol
Hypertext Transfer Protocol Secure
HOLDOVER mode
Hardware
Intellectual Property Rights
Time Code (AM or DM)
UT
Service Provision Facility
Satellite Vehicle
Satellite Vehicle Number
Service Validation Facility
Software
Time and(&) Frequency
International Atomic Time
Polish Atomic Time
Time Division Multiple Access
Time and Frequency Laboratory
Time Local Clock (the same as
UT)
Time Master Clock (see TSG)
Time Reference Facility (see TMC)
Time Stamping Authority
Time Service Infrastructures
Two Way Satellite Time and
Frequency Transfer
User Terminal (see also TLC)
UTC
WP
WR
WPL
Universal Time Coordinated
Work Package
White Rabbit (see PTP)
Work Package Leader
CA
CCTF
CIF
COTS
CV
DAB
DEMETRA
EGNSS
EURAMET
4
NTP
OFT
OSC
PPP
SPF
SV
SVN
SVF
SW
T&F
TAI
TA(PL)
TDMA
TFL
TLC
Precise Time Protocol IEEE 1588
(WR –White Rabbit profile of PTP)
Quality Report
Receiver Independent Exchange
Format
Regional Metrological
Organization
Single Frequency Network
Signal In Space
QUICK MANUAL
Configure
In 5 Minutes
5
1. QUICK INFO – About product
NTS-x000 covers following ELPROMA time server models: NTS-3000, NTS-4000, NTS-5000. These
are all STRATUM-1 NTP time servers. They optionally support other standards too, incl.
PTP/IEEE1588, IRIG, IBM SYSPLEX etc. The main difference between specific models is built-in
oscillator (OSC). It serves time & frequency even when NTS-x000 cannot receive GNSS signals. This
is called HOLDOVER mode (HO). NTS-x000 operating in HO mode reminds STRATUM-1. However,
to operate HO server OSC must be synchronized to GNSS first, and this means NTS-x000 must get
synchronized to GNSS first too. Unsynchronized OSC works in FREE-RUN (FR) mode and server
claim then STRATUM-6. Server NTS-5000 optionally supports low level hardware PHY timestamping.
It can be equipped with 1-4 high accuracy (PDV) PTP/IEEE1588 cards offering nanoseconds [ns].
Servers supports simultaneously several UTC ref. sources of time from 3 independent groups:
#Group:
1) GNSS satellite systems
2) Remote TIME SERVERS
3) Local ATOMIC clocks
Ref. TIME:
GPS, GLONASS, GALIELO, BEIDOU
NTP, PTP/IEEE1588:2008, IBM SYSPLEX, IRIG-B
1PPS, 10MHz, RS-232, RS-485, IRIG-B, LAN/VLAN/WAN
NTS-x000 (NTS-3000, NTS-4000, NTS-5000) can simultaneously use multiple REF. TIME
ELPROMA Time Server computes weighted average time from its all trusted TIME ref. sources.
6
2. QUICK INFO – Product at arrival
Standard product pack includes on arrival inside box:
1.
Network Time Server NTP/PTP
NTS-3000, 4000 or 5000 model
1pcs.
2.
Intelligent GNSS Receiver
w/ build in Antenna
1pcs.
3.
Roof Mounting Kit (H=05m)
(incl. screws, handlers etc.)
1set.
4.
CD with software
Incl. PDF manual
1pcs.
5.
Ethernet patchcord
UTP cat. 5 (2m)
2pcs.
6.
110-230VAC Power cable 1.5m
1pcs.
or
Shipment can include extra parts (product extra options):
a.
2 Redundant GNSS Receiver
(see p.2 in table above)
extra 1pcs.
+
b.
Mounting accessories
(if option a. delivered)
extra 1set.
Please ref. to p.3 above
c.
NTS-protect
surge/overvoltage for:
GNSS, 110-230 PwR, ETH 1&2
1set.
d.
NTS-FO
(converter electric-2-fibber)
e.g. to connect GNSS
2pcs.
(1set)
nd
Important Note!
Antenna cable is not included. Standard UTP cat 5 (or above) is recommended min. - best if
external env. use. You can connect GNSS receiver on max. distance of 0.7km from server, and
without amplifying signal. However, it is much better to choose STP (shielded) cat. 6 cables. It much
more resistant for EMC interferences. Using STP a max. connection distance is also doubled (1.4km).
PTP/IEEE1588 1GE Ethernet 1-4 modules are always arriving build-in to NTS-5000 (if option ordered)
7
3. QUICK INFO – Mounting and connecting
Quick unpacking/mounting steps:
1. Remove all parts from shipped BOX.
Prepare
additional
tools:
RJ45
connectors (pcs.2), UTC or STP cat.5
(not included to shipment), Ethernet
crimping tool, screwdriver, scissors etc.
2. Mount GNSS receiver on the top point of
roof of a building. It should access
o
possible a 360 sky view to receive max.
available satellite vehicles (SVN). Do not
mount GNSS receiver nearby: wall,
chimney, electric engines, fans and airconditions. The min. recommended
distance to keep between other: GNSS,
TELECOM transmitters at least 2 meters!
3. Lunch UTP (STP) cables down to server
room. Cables should not be located in
direct neighborhood of other power lines.
Try play gently with cables (do not cut
cables, nor break cable). Well done cable
installation should be tested for
connectivity and resistance before using.
4. (optionally) Mount NTS-surge protection
on the back of rack’19 shell. Ensure, it is
properly grounded to PE lines. Ask,
certified authority to assist you, if you are
not qualified for electric installations.
Read all safety instructions first.
5. Crimp RJ45 connectors to terminate
antenna cables. Test connection again.
6. Locate Time Server in rack”19 shell.
Please keep min. 1U space to
neighborhood
product
that
can
unexpectedly hit your NTS-x000.
7. Connect all POWER lines 110-230VA.
8. Switch POWER-ON. Observe server’s
LCD and 6x LED during BOOT, and
GNSS synchronization.
9. Setup basic LAN configuration from front
panel KEYBOARD.
10. Prepare PC for SSH/www advance setup
via interface LAN1 or LAN2.
Rack”19 shell with 3x NTS-5000
(Installation example)
8
4.
QUICK INFO – Powering ON
If both, GNSS antenna and the PWR lines have been connected to NTS-x000, unit is ready to use.
You can TURN-ON a power switch located on the back panel of NTS-x000 server. In case of
redundant power lines (A/B), each power supply should be SWITCH-ON separately in random order.
The YELLO LED starts pulse (PPS) max. 1 minute after switching power-ON. This is typical firmware
start-up time duration. takes 1 minute. BOOT progress and each phase of starting process can be
traced on front panel 6x LED (left side) and LCD display located on right side of front panel.
Following boot sequence presents start-up phases of NTS-x000 (NTS-3000, NTS-4000, NTS-5000):
#
1
Process
OFF-ON
Time
duration
6x LED
(Front Panel - left)
LCD display
(Front Panel right side)
ANT1/ANT2
(Back Panel)
(C) 2016 ELPROMA
www.ntp-servers.com
1s
Yellow LED is OFF
2
HW
INIT
(C) 2016 ELPROMA
www.ntp-servers.com
1s
Yellow LED is OFF
3
SW
INIT
Boot Loader V16.0120
Loading
1s
Yellow LED is OFF
9
#
Time
duration
6x LED
(Front Panel - left)
LCD display
(Front Panel right side)
Loading
4
BOOT
LOADER
<1min
(60s)
ANT1/ANT2
(Back Panel)
NTS-5000
…………
Yellow LED is OFF
5
OS
INIT
<5s
Press & hold [OK]
to enter setup
Yellow LED is OFF
6
OS
READY
<2s
Press & hold [OK] [C]
to reset to defaults
Yellow LED is OFF
7
NET
INIT
<2s
LAN1: no carrierOK
15-07-2017
LAN2: no SAT
carrierA=0/0
17:17:37
GNSS RECEIVEING IF
YELLO LED PULSE 1PPS
NTP
READY
8
LAN
Link(-)
9
GNSS
READY
+1min
(+60s)
15-07-2017
17:17:37 SAT
Yellow LED pulse
INIT
A=0/0
Yellow LED pulse
+6min
(+360s)
max
15-07-2017
17:17:37 SAT
OK
A=17/30
ToD (NMEA) millisecond accuracy
of synchronization begins now
Yellow LED pulse
10
1PPS
READY
+6min
(+360s)
max
15-07-2017
17:18:47 SAT
OK
A=19/30
Microsecond [us] to nanosecond [ns]
high accuracy of 1 PPS
synchronization has started now
10
Yellow LED pulse
#
Process
Time
duration
11
IRIG
READY
+2min
(+180s)
max
6x LED
(Front Panel - left)
LCD display
(Front Panel right side)
15-07-2017
17:18:47 SAT
ANT1/ANT2
(Back Panel)
OK
A=19/30
Yellow LED pulse
12
OSC
READY
15-07-2017
17:18:47 SAT
+10min
(+600s)
max
OK
A=19/30
Yellow LED pulse
ETH
Link(+)
13
15-07-2017
17:18:47 SAT
LAN1
or
LAN2
OK
A=19/30
Yellow LED pulse
Remarks:
a. STEP #1 - STEP #6 should terminate success (please observe step by step as presented in
above table). If no back panel (ANT1/ANT2) YELLOW LED pulsing, please re-check hardware
installation incl. GNSS receiver, cables, connectors etc. You will be still able to LOG-IN
(SSH/WWW) to server, but it will only work FREE-RUN mode STRATUM-6 for LAN1/LAN2.
b. STEP#7. If no GNSS signal receiving until now, the NTS-x000 starts internally search for
alternative primary ref. of UTC time. This can be remote NTP server, or any external clocks
serving UTC and connected by RS232/RS485, IRIG-B, or SYSPLEX. Unless you have any of
them active (a remote NTP servers must be defined in NTS-x000 setup first) your NTS-x000
will remind in FREE-RUN mode (STRATUM-6) since it still misses a ref. of UTC time.
c.
STEP #7 to STEP#9. At least 5 satellites must be found to synchronize ToD (Time of a Day)
from GNSS. The #volume of visible satellite vehicles (SV) can be traced on front panel LCD.
The detailed strength of SV signals can be traced using WWW/SSH setup only.
d. STEP #10 A Pulse Per Second (1PPS) synchronization starts here. STEP#10 is only reached
if ToD (STEP #9) synchronization is successfully pending. The 1PPS synchronization is high
accurate one. It offers from level of microsecond [us] down to nanosecond [ns] level of
synchronization accuracy. At the same time, a ToD information provides limited millisecond
[ms] accuracy of synchronization only. This is also a moment, the internal built-in OSC
(OCXO, Rubidium) are beginning to be synchronized (PLL) preparing HOLDOVER mode. It
will take at least another 10-20 minutes until built-in OSC will be ready for HO. HOLDOVER
status is indicated by LED an explained at STEP#12.
e. STEP #11 indicates once IRIG-B microprocessor module has started and operational READY.
If all data correctly is received form GNSS the following below LCD screen is displayed for ANT1 (A)
and/or ANT2 (B). Information also provides detailed information for each GNSS subsystem: GPS,
GLONASS, BEIDOU, GALILEO (id supported for your region):
15-07-2017
23:01:00 SAT
OK
A= 18/32
15-07-2017
23:01:00 SAT
11
OK
B= 16/32
5. QUICK INFO – Panel Keyboard SETUP
Switch ON power and a following screen sequence will appear on LCD display:
(C) 2016 ELPROMA
www.ntp-servers.com
Boot Loader V16.0120
Loading
When booting the following message will be displayed while dots will be counted up booting progress
in the lower line:
Loading
NTS-5000
…………
After approximately 1 minute the following sequence of messages are displayed in loop:
Press & hold [OK]
to enter setup
Press & hold [OK] [C]
to reset to defaults
…………
…………
LAN1: (disabled)
LAN2: (disabled)
LAN1: no carrier
LAN2: no carrier
Press & hold front panel KEYBOARD [OK-key] for 5s to entrance SETUP. The LAN1 IP address
will appear on LCD. Use arrow keys [çè] to select column position, and [éê] to assign requested 0-9
values for each IP address position separately.
LAN1 IP address:
192.168.001.002
LAN1 netmask:
255.255.255.000
LAN1 gateway:
192.168.001.001
Press [OK] to switch to next screen (or press & hold [OK] for 5s to save entered configuration).
You can always interrupt and quit SETUP at any moment by pressing & holding [C]. Exiting SETUP
in [C] (CANCEL) mode disregards all changes and last saved settings will be restored. Repeat above
sequences to setup LAN2 IP address:
LAN2 IP address:
010.000.000.002
LAN2 netmask:
255.255.000.000
LAN2 gateway:
010.000.000.001
Important note! Both LAN1 & LAN2 are information isolated (not routed) and therefore they can
serve different TCP/IP sub-networks, both theoretically with independent GATEWAY. However, due to
fact they share single IP stack, it is strongly not recommended to set both GATEWAYS
simultaneously! This problem is well known for FreeBSD UNIX – a NTS-x000 firmware basis on.
Instead, please consider using static routing option in main MENU available text mode via SSH. If you
need to use 2 different GATEWAYS please set single LAN (#1 or #2) and leave another one filled by
zero digits (000.000.000.000). Once IP address is set following screen request your confirmation to
save all settings:
12
Are you sure?
[OK] - Yes [Cancel] - No
and your NTS-5000 timeservers is ready to communicate via LAN1/LAN2 interface. Unless you wish
to provide more advance settings, the above configuration is minimum required to start working.
If the GNSS (GPS/Glonass/Galileo/Beidou) Multi-SAT receiver remains asynchronous the following
information will be displayed on LCD indicating a part of process called – “warm” start:
15-07-2017
23:00:11
INIT
Once number of satellites are in view receiver lock to GNSS and synchronization process is pending.
Starting from now your server is READY and following message is displayed:
15-07-2017
OK
23:01:00 SAT A= 18/32
If you use 2 receivers (A & B), additional information from Multi-SAT GNSS (B) will be displayed too:
15-07-2017
OK
23:01:01 SAT B= 19/32
It is possible and very probable both GNSS receivers can show different volume of GNSS satellites.
15-07-2017
23:01:17
GPS 11/32
GNSS 9/32
In standard operation mode above screen is displayed to present each satellite system data using
format: XX/YY where XX are number of visible satellites for specific system; YY - total #amount of
available SAT channels at receiver). Following additional information can be provided at any time:
Firmware release
NTS-3000
04/02/2014
Firmware release
NTS-4000
09/03/2015
Firmware release
NTS-5000
05/03/2016
Environmental DATA is provided periodically using time zone settings:
CPU temperature [C]
+41.5 +36.8 +25.1
CPU temperature [F]
+106,7 +98,2 +77,1
Onboard voltage [V]
+3.32 +5.03 +15.54
Plugging Ethernet cable to LAN1 will trigger Link(+) and following message will be displayed on LCD:
LAN1: no carrier
LAN2: no carrier
LAN1: active
LAN2: no carrier
13
LAN1: 192.168.1.2
LAN2: (disabled)
6. QUICK INFO - LCD Messages
If no antenna is currently connected to NTS-x000 device, a following error screen will be shown:
15-07-2017 ERRsats
23:35:21 ANT ERROR
Error: all antennas disconnected
NTS-x000 server is requiring min. 5 satellites in order to get time from GNSS (e.g. GPS). If it receives
less than 5 satellites or if quality of signals is not good enough, server can display following message:
15-07-2017 ERRsats
23:38:28sat A=1/12
Error: missing GNSS satellites
and it automatically switch to HOLDOVER or FREE-RUN mode. modes time server. In HOLDOVER
mode, a time is not provided from GNSS but from built-in oscillator OSC (OXCO – NTS-4000,
Rubidium & OSCO – NTS-5000). Std. NTS-3000 does not include oscillator therefore it HOLDOVER is
limited to very short time and basis on built-in QURTZ. To provide accurate time in HOLDOVER mode,
oscillators must be synchronized to GNSS first. If server has never reached synchronization to GNSS
it reminds in FreeRUN mode operating STRATUM-6. It can then provide a precise time, but not
accurate to UTC. In case of poor SV signal quality, the following LCD message can be displayed:
15-07-2017 ERRsats
23:45:55sat A=1/12
Error: bad GNSS geometry (min 5 sat)
This require find a better GNSS antenna location otherwise NTS servers cannot obtain time
information from GNSS antenna. The unit will still work properly in HOLDOVER (if previously
synchronized to GNSS long enough), otherwise operate FREE-RUN mode not synchronized and
providing large offset ERROR.
The LCD shows only a status of the GNSS antennas. It does not show status of the other time
sources as I/O time interfaces (1PPS, IRIG-B etc.). However other time sources can be monitored and
traced by a remote software utility ntpq. The ntpq is available via SSH/WWW setp.
There another error message “Err sync” is possible to be displayed. It indicates that internal
phase/frequency loop is not yet locked or temporary not working, because of 1PPS jitter or too much
offset from GPS time. Details of problem can be investigated using ntpq via SSH/WWW setup.
17-02-2014 ERRsync
8:02:21 sat A=5/12
Error: GNSS is not in sync
Last possible error message is “Error call service” message. It means that device is not operating
properly (message will show up approx. 30 sec after rebooting). Please contact service in this situation
for further instructions.
Error call service
+48 (22) 7517680
Error: Device out of order
14
7. QUICK INFO – Troubleshooting with SSH
If any steps earlier were not succeeding, or there are any doubts regarding GNSS signal receiving,
antenna connection quality and so forth, problem can only be investigated via software SETUP.
Unless “Error call service +48 (22) 7517680” message is displayed on LCD, you should be able to
login to server using any networking PC/ Laptop, and SSH protocol (default ENABLE). Operating
systems, the one such as Linux, Unix, Mac OS/X - they all include SSH. For Microsoft Windows, you
can download FREE putty.exe from http://www.putty.org/.
To run SHH communication connect your PC/laptop to LAN1 or LAN2 of NTS server. Please do not
use LAN3-LAN6 for SSH communication. The factory default setting (user and password) is:
Username: admin
Password: 12345
For diagnostic go to MISC section, select GPS option, and observe strength of SAT signals. You
should be able to observer at least min. 5 satellites to be able synchronize to GNSS (e.g. GPS).
15
If connection to GNNS receiver is OK, you should see screen similar to above examples. If values of
SAT signal strength are zero (00) it means GNSS receiver is not receiving SAT signals from antenna.
Please recheck hardware installation (step by step again), and restart server and observe LCD and
LEDs. It is also a good idea to select NTPQ menu item at MISC menu level.
If antennas is installed correct, the REACH column should not be zero (0). After several minutes of
server being uptime this octal value should reach number 377. It means GNSS data receive is correct
and server can start synchronizing local holdover oscillators, in order: OCXO, and after 10-20 minutes
Rubidium (Rb) too. A HOLDOVER oscillator is ready if NTPQ “pe” command displays apteryx ‘*’ or
letter ‘o’ located at very first column of a table. Server will operate FreeRUN mode of oscillator, if
GNSS signal quality is poor or nor receiving. In this case OCXO (Rubidium), will not get mark of ‘*’ or
letter ‘o’ located at very first column of a table. Please refer to more NTPQ commands.
16
8. QUICK INFO – Updating FIRMWARE
Time Server firmware update can arrive neither on USD-memory or it can be downloaded via
cryptographically protected CLOUD. User access to cloud is available on request.
1. Prepare USB flash drive with minimum 128Mb free space (FAT32 formatted)
2. Download nts345.v-yymmdd.img file from cloud and copy it to root folder of USB flash drive
3. Plug-in to NTS-x000 front panel USB connector (upper or lower)
4. Login to NTS-x000 using SSH and LAN1 or LAN2
5. Go to MISC menu, and select UPGRADE submenu using arrow-keys
6. Follow information on the screen
7. Once firmware update is done, please EXIT (LOGOUT) and restart server OFF-ON again
8. New firmware version should be displayed on LCD after restarting
Server SETUP via SSH (display view)
Firmware release
NTS-5000
06/03/2017
Front Panel LCD information
17
9. MAIN MANUAL
User Manual
18
10. Product Performance
Time Servers NTS-3000/4000/5000 achieves following accuracy:
•
32-channel MultisSAT receiver to UTC:
<15x 10E-9s
[ns]
(nanosecond)
•
Interface LAN1, LAN2 accuracy NTP:
<100x 10E-3s [ms]
(millisecond)
•
Interface LAN1, LAN2 accuracy PTP:
<10x 10E-3s
[ms]
(millisecond)
•
Interface LAN3-LAN6 accuracy PTP* (HW stamps):
<25x 10E-9s
[ns]
(nanosecond)
•
IRIG-B sync accuracy
<10x 10E-6s
[us]
(microseconds)
•
NTP over Internet typically
better than 100 [ms]
(milliseconds)
Below screenshot presents typical synchronization of NTS-x000 after min. 1 hour uptime:
View of internal NTS-3000 clocks (single GPS receiver). Accuracy over LAN is claimed to be 28[us]
NTS-3000/4000/5000 product performance has been measured by NMI (International Institutes of
Metrology). ELPROMA cooperates to several EU Institutes who regularly test our product.
In years 2015-2016 ELPROMA servers has been updated by technology developed during EU project
DEMETRA (www.demetratime.eu). ELPROMA servers has been tested in below schemes:
1PPS in (reference)
Time Server
1PPS”
OFFSET
1PPS’
(1PPS” - 1PPS’)
Internal offset measurement. NTS-3000 generates 1PPS” output that is compared to ref. input signal.
Offset measurement is provide by hardware precise clock counter (PikTime T3200 counter).
Hardware LAN accuracy measurement scheme:
1PPSin
Time Server
Time Server
LAN
1PPS”
OFFSET
(1PPS” - 1PPS’)
1PPS’
19
Elproma servers has been tested in following Metrology LAB’s
1)
Laboratory SHORT-LOOP-TEST based on national UTC (k) and in cooperation to:
•
•
•
•
•
INRIM (Italy)
based on “Project DEMETRA” (www.demetratime.eu)
GUM (Poland) based on “Project DEMETRA” (www.demetratime.eu)
NPL (UK)
based on “Project DEMETRA” (www.demetratime.eu)
SIQ (Slovenia)
VLS (The Netherlands) regarding direct cesium (CS) clock synchronization
General scheme of Short-Loop Test (SMF sends all data to Database)
Short-Loop Test Campaign for ELPROMA unit (UT with NTS-x000)
20
2) END-TO-END with participation of selected End-users and NTA based on ref. Galileo or GPS UTC signals
General scheme of END-TO-END Test (SMF sends all data to Database)
End-to-End Test Campaign for ELPROMA unit (UT with NTS-x000)
All synchronization data is stored in database and can be review retrospectively for future analyses.
21
22
23
24
NTS-5000HFT January 2017 tests at London NPL has confirmed following performance for
PTP/IEEE1588:2008:
25
11. Product Assurance Requirements
The Product Assurance (PA) and Safety program is implemented and performed by Elproma and its
subcontractors to assure the compliance. It bases on ISO 9001 Number (AT-11895) audited by
auditors from Quality Austria (since 2011). PA covers regulations and procedures covering all projects
during: design development, manufacturing, integration, and acceptance. The PA is structured
according to the standard disciplines required for international IQNet ISO9001 programs and it
regularly audited to appoint its international standards. In particular, the PA Program has following
tasks:
•
assure and verify that performance and quality requirements are properly fulfilled by the
design of products,
•
assure that the design and development processes are compliant with the QA requirements,
and related ISO9001 procedures,
•
give evidence of the procedures, reports of audits,
•
apply the necessary control during throughout the Design, Manufacturing, Assembly,
Integration and Qualification/Acceptance Testing for the achievement of the required quality
level.
ISO9001:2008 Certificate
Elproma shall allocate a PA manager to its own related tasks. Elproma has performed ISO9001 external audits to
check our ready for product assurance. The ISO9001 and IQNet audits were hosted by Quality Austria in
March/April 2015 and successfully terminated. Therefore, the certification is valid until April the 6th 2018.
26
27
12. NTS-x000 Firmware Evolution
First NTS-3000 was developed in 1999. Since begin product base on Open Source FreeBSD Unix
(available on BSD license). The NTS-5000 was developed in 2004, and NTS-4000 arrived in 2007.
Very important functionality and security updates has been added to all product as a result of
DEMETRA Horizon 2020 program. Newest technology is now available (since 2017).
Since 1999, there were 7 generation of products. The internal hardware architecture of NTS family
product has been modified 3 times, but still there is 100% compatibility between specific generations
of product at external application level. The LAN1 & LAN2 are still the same I/O since 1999 and they
warranty 100% compatibility to product made since 1999. The LAN3 of models manufactured 19992004 has been cancelled and replaced by new generation high speed LAN3-LAN6 interfaces
supporting PTP/IEEE1588:2008 – all modern profiles.
28
13. Glossary Time Terms
In alphabetic order:
Accuracy - The degree of conformity of a measured or calculated value to its definition or with respect
to a standard reference time. In the meaning of NTP (Network Time Protocol) the accuracy determines
how close the PC clock is to UTC reference (GNSS or external atomic clock).
Atomic Time Scale (TA) - a time scale based on atomic or molecular resonance phenomena. Elapsed
time is measured by counting cycles of a frequency locked to an atomic or molecular transition. Earlier
time scales were based on the rotational rate of the earth.
GBEIDOU– (see COMPASS)
Calibration - The process of identifying and measuring time or frequency errors, offsets, or deviations
of a clock/oscillator relative to an established standard, such as UTC(NIST).
Clock - a device for maintaining and displaying time.
GOMPASS (BEIDOU)– is Chinese satellite navigation system. It consists of two separate satellite
constellations – a limited test system that has been operating since 2000, and a full-scale global
navigation system that is currently under construction. The first BeiDou system, officially called the
BeiDou Satellite Navigation Experimental System.
Coordinated Universal Time (UTC) - a coordinated time scale, maintained by the Bureau International
des Poids et Mesures (BIPM), which forms the basis of a coordinated dissemination of standard
frequencies and time signals. A UTC clock has the same rate as a Temps Atomique
International (TAI) clock or international atomic time clock but differs by an integral number of
seconds called leap seconds. The UTC scale is adjusted by the insertion or deletion of leap seconds
to ensure approximate agreement with UT1.
Drift (frequency) - the linear (first-order) component of a systematic change in frequency of an
oscillator over time.
Frequency - the rate at which a periodic phenomenon occurs over time. Frequency drift - see drift.
Frequency offset - the frequency difference between the measured value and the defined value.
Frequency shift - change in frequency from a standard reference. Frequency stability - statistical
estimate of the frequency fluctuations of a signal over a given time interval.
Frequency standard - an oscillator such as a rubidium (Rb), cesium (Cs), or hydrogen (H) maser
who’s output is used as a frequency.
GALILEO – is a global navigation satellite system (GNSS) currently being built by the European Union
(EU) and European Space Agency (ESA). One of the aims of Galileo is to provide a high-precision
positioning system upon which European nations can rely, independently from the Russian
GLONASS, US GPS, and Chinese COMPASS (BEIDOU) which can be disabled in times of war or
conflict. Galileo is compatible to US GPS (see GPS).
GLONASS – acronym for Globalnaya navigatsionnaya sputnikovaya sistema or Global Navigation
Satellite System, is a space-based satellite navigation system operated by the Russian Aerospace
Defence Forces. It provides an alternative to Global Positioning System (GPS) and is the only
alternative navigational system in operation with global coverage and of comparable precision.
Glonass use L1-1575.42MHz with additional frequency margin between 1597.50-1609.50Mhz.
GPS (Global Positioning System) - a highly accurate, global satellite navigation system based on a
constellation of at 24 satellites orbiting the earth at a very high altitude 20000 km. GPS signals
are: L1-1575.42MHz;L2-1227.6MHz;L3-1381.05 MHz
GMT (Greenwich Mean Time) - a 24 Hour system based on mean solar time plus 12 hours at
Greenwich, England. Greenwich Mean Time can be considered approximately equivalent to
Coordinated Universal Time (UTC), which is broadcast from all standard time and frequency radio
stations. However, GMT is now obsolete and has been replaced by UTC.
International Atomic Time (TAI) - an atomic time scale based on data from a worldwide set of atomic
clocks. It is the internationally agreed upon time reference conforming to the definition of the second,
the fundamental unit of atomic time in the International System of Units (SI). It is defined as the
29
duration of 9 192 631 770 periods of the radiation corresponding to the transition between two
hyperfine levels of the ground state of the cesium - 133 atom.
Synchronization - The process of measuring the difference in time of two time scales such as the
output signals generated by two clocks. In the context of timing, synchronization means to bring two
clocks or data streams into phase so that their difference is 0 (see time scales in synchronism).
Synchronization - Relative adjustment of two frequency sources with the purpose of canceling their
frequency difference but not necessarily their phase difference.
Stability (frequency) - statistical estimate of the frequency fluctuations of a signal over a given time
interval: Long term stability usually involves measurement averages beyond 100s. Short term stability
usually involves measurement averages from a few tenths of a second to 100s.
Stratum - indicates how fare from cesium ref. the clock is in the chain of synchronization.
Time code - a system of symbols (digital or analog) used for identifying specific instants of time. An
information format used to convey time information. IRIG-B is example of Time Code.
Time interval - The duration between two instants read on the same time scale.
Time scale - a system of unambiguous ordering of events. A time scale is meant to be stable and
homogeneous.
Time standard - a continuously operated device used for the realization of a time scale in accordance
with the definition of the second and with an appropriately chosen origin.
Time step - a discontinuity in a time scale at some instant. A step is positive (+) if the time scale
reading is increased and negative (-) if the reading is decreased at that instant.
Difference between Accuracy and Stability in Time Synchronization
ACCURATE & PRECISE
PRECISE BUT NOT ACCURATE
NOT ACCURTE & NOT PRECISE
30
DRIFT
14. Overview
This manual is common for all Clepsydra Time server models available from Elproma:
NTS-3000, NTS-4000 and NTS-5000 also shortly indicated as NTS-3000/4000/5000. Therefore, it use
following convention of NTS-4000/5000 to present functionality what us not available for NTS-3000.
Unless it is clearly indicated in the manual the assuming for functionality is valid for all 3 above
models.
The NTS-3000/4000/5000 Clepsydra Time Server provides a high precision time directly to TCP/IP
Ethernet networks using: NTP (Network Time Protocol), SNTP (Simple Network Time Protocol). It is
compatible to all available versions of NTP/SNTP available on market. Optionally NTS-4000/5000
servers can extra support PTPv2 (Precision Time Protocol IEEE1588), IRIG-B and IBM SYSPLEX
synchronization standards in configuration depends on ordered options.
The NTS-3000/4000/5000 supports all majority of current popular operating systems (OS) including:
Microsoft Windows, Mac OS/X, Linux, FreeBSD, HPUX, IBM AIX, IBM AS/400, ORACLE SUN, CISCO
and other UNIX family systems. It can synchronize simultaneously ten of thousands servers,
workstations, routers, telecom stations (BTS), industrial and power distributions controllers.
Standard product provides accurate time via 2xLAN ports. Optionally the configuration can be
extended up to 6xLAN both: 100Base-T and GE. The Fiber Optic (FO) Ethernet communiocation is
possible via special converter available separatelly.
The NTS-4000/5000 has several extra I/O synchronization standards including optionally interface for:
IRIG-B, 1PPS, 10MHz, SYSPLEX, PTPv2/IEEE1588, E1/T1. Special fast sync startup mode of NTP
has been implemented to reduce unsynchronized time after powering up products that has no battery
powered up RTC clocks. Server NTS-5000 can be extra equipped with additional 8x IRIG-B (AM)
output distribution panel.
The accurate target UTC time is calculated as weighted average of numerous time sources including
double A/B redundant GNSS (GPS/Glonass/Galileo) receiver with build-in active antenna. Servers
NTS4000/5000 can use external clocks as reference too. The target UTC time is produced on way of
comparing settings of maximum available time references including: GNSS, 1PPS, 10Mhz, IRIG-B,
SYSPLEX etc. Special DCF77 RF-AM receiver is available on request for Central Europe & Germany.
Unit status information can be traced on front panel 2x20 characters LCD display. More detailed
statistic is available by remote NTP software utilities (ntpq, ntpdc) and setup utility via: WWW,
TELNET, SSH, SNMP.
All Clepsydra Time Servers can operate in standard or special NTP authentication mode protected by
MD5 algorithms and PKI infrastructure. Unit supports broadcast, manycast, multicast and client/server
modes of NTP. A true novelty is an option to create cascade of servers where one can simulate an
NMEA (GPS) antenna for the other. This functionality enables time synchronization of secured LANs
with official time from NTP servers available publicly on line in Internet.
All servers are ready to work with any external SYSLOG or SNMP (MIB2) server. Error messages can
be traced on local (2x20) LCD or remotely over wall LED NTP display from Elproma. It let friendly
warn on any unexpected situation that may happen. Messages can be also sent via E-MAIL directly
from any NTS-3000/4000/5000 timeservers.
Servers are designed to operate without ventilators and fans. Metal housing is an important part of
natural cooling system designed in such way that unit can be located in the neighbourhood of any
device working inside rack19 mount frame.
31
15. Hardware
NTS-3000/4000/5000 (standard version) has similar front panel architecture and components location.
There is 2x20 characters LCD Status Display (green color). All devices come with 6-key keyboard for
quick setup. The RS232 (DSUB-9 mail) connector is preserved for value added functionality (e.g.
cesium clock connection etc.). There is 2xUSB2.0 interface for firmware upgrade or backup purpose.
There is LAN2 connector located on the front panel too. It contains 2x LEDs: green - indicates cable
connection, yellow - flashes while data is being transmitted.
Standard Front Panel
The back panel of NTS-3000/4000/5000 (standard version) is organized on way there are several I/O
referential time sections. :
Standard Back Panel
32
NTS-3000 (Standard Version)
NTS-3000 (standard) Front Panel
NTS-3000 (standard) Back Panel
Table describe connectors it’s availability and related into it functions:
Name
Connector
Standard Purpose
Antenna (A)
RJ-45
RS-485
Antenna connector (main antenna)
Antenna (B)
RJ-45
RS-485
Antenna connector (backup antenna)
IRIG-B IN*
BNC
IRIG-B
IRIG-B source signal (optionally)
IRIG-OUT*
BNC
IRIG-B
IRIG-B output signal (optionally)
10 MHz
BNC
10MHz
10 MHz output reference signal
1 PPS IN
BNC
1pps
1 PPS (pulse per second) source signal
1 PPS OUT
BNC
1pps
1 PPS (pulse per second) output signal
TIMER IN
DSUB9
RS-232
2xPPS (pulse per second) input signal
TIMER OUT
DSUB9
Various
Extra feature (not available yet)
LAN1
RJ-45
TCP/IP
Local Area Network (back panel)
LAN2
RJ-45
TCP/IP
Local Area Network (front panel)
RS-232
DSUB9
RS-232
For technical and service purpose
USB
KUSB
USB
For technical and service purpose
NTS-3000 (standard) Back Panel picture
NTS-3000 (standard) Front Panel picture
33
Availability
+
+
+
+
+
+
+
NTS-4000 OCXO (Standard Version)
NTS-4000 OCXO (Standard Version) 1U rack’19 mount Front Panel
NTS-4000 OCXO (Standard Version) Back Pane
Table describe connectors it’s availability and related into it functions:
Name
Connector
Standard Purpose
Antenna (A)
RJ-45
RS-485
Antenna connector (main antenna)
Antenna (B)
RJ-45
RS-485
Antenna connector (backup antenna)
IRIG-B IN
BNC
IRIG-B
IRIG-B source signal (optionally)
IRIG-OUT
BNC
IRIG-B
IRIG-B output signal (optionally)
10 MHz
BNC
10MHz
10 MHz output reference signal
1 PPS IN
BNC
1pps
1 PPS (pulse per second) source signal
1 PPS OUT
BNC
1pps
1 PPS (pulse per second) output signal
TIMER IN
DSUB9
RS-232
2xPPS (pulse per second) input signal
TIMER OUT
DSUB9
Various
Extra feature (not available yet)
LAN1
RJ-45
TCP/IP
Local Area Network (back panel)
LAN2
RJ-45
TCP/IP
Local Area Network (front panel)
RS-232
DSUB9
RS-232
For technical and service purpose
USB
KUSB
USB
For technical and service purpose
NTS-4000 OCXO (Standard Version) Back Panel picture
NTS-4000 (Standard Version) Front Panel picture
34
Availability
+
+
+
+
+
+
+
+
+
+
+
+
+
NTS-5000 Rubidium+OCXO (Standard Version)
NTS-5000 RUBIDIUM+OCXO (Standard Version) 2U rack’19 mount Front Panel
NTS-5000 RUBIDIUM+OCXO (Standard Version) 2U rack’19 mount Back Panel
Table describe connectors it’s availability and related into it functions:
Name
Connector
Standard Purpose
Antenna (A)
RJ-45
RS-485
Antenna connector (main antenna)
Antenna (B)
RJ-45
RS-485
Antenna connector (backup antenna)
IRIG-B IN
BNC
IRIG-B
IRIG-B source signal (optionally)
IRIG-OUT
BNC
IRIG-B
IRIG-B output signal (optionally)
10 MHz
BNC
10MHz
10 MHz output reference signal
1 PPS IN
BNC
1pps
1 PPS (pulse per second) source signal
1 PPS OUT
BNC
1pps
1 PPS (pulse per second) output signal
TIMER IN
DSUB9
RS-232
2xPPS (pulse per second) input signal
TIMER OUT
DSUB9
Various
Extra feature (not available yet)
LAN1
RJ-45
TCP/IP
Local Area Network (back panel)
LAN2
RJ-45
TCP/IP
Local Area Network (front panel)
RS-232
DSUB9
RS-232
For technical and service purpose
USB
KUSB
USB
For technical and service purpose
NTS-5000 RUBIDIUM+OCXO (Standard Version) 2U rack’19 mount Front Panel
NTS-5000 RUBIDIUM+OCXO (Standard Version) 2U rack’19 mount Back Panel
35
Availability
+
+
+
+
+
+
+
+
+
+
+
+
+
16. Extra Features
Extra options and product extensions can make a difference to std. panel component location:
Double Redundant Power Supply
Custom NTS-3000 or NTS-4000ocxo with redundant A+B dual power supply
Custom NTS-5000 Rb+OCXO with redundant A+B dual power supply
Direct Cesium 5071A (Custom) Time Server
Custom NTS-3000 with special direct cesium 5071A interface (1PPS+RS232)
Dial-Up GSM/PSTN/ISDN Time Server
Custom NTS-3000 Dial-Up with built-in GSM & PSTN (or ISDN) modem
6xLAN (NTP) Time Server
Custom NTS-3000 with 6x LAN (NTP) interfaces /also available as NTS-4000/
Custom NTS-5000 Rb+OCXO with 6x LAN (NTP) interfaces
36
Low performance PTP Master Clock
NTS-4000OCXO PTPv2 Master Clock (IEEE1588 Server on LAN5)
NTS-5000 Rb+OCXO PTPv2 Grand Master Clock (IEEE1588 Server on LAN5)
IEEE15888/PTPv2 Slave Clock with E1/T1 outputs
NTS-4000OCXO PTPv2 Slave Clock (IEEE1588 Client on LAN4) with T1/E1 outputs
NTS-5000Rb+OCXO PTPv2 Slave Clock (IEEE1588 Client on LAN4) with T1/E1 outputs
IEEE15888/PTPv2 Grand Master Clock with E1/T1 (SSU) in/out
NTS-4000OCXO Grand Master PTPv2 Clock (LAN4 PTP-client LAN-5-PTP-server) with T1/E1 in/out
NTS-5000Rb+OCXO Grand Master PTPv2 Clock (LAN4 PTP-client LAN-5-PTP-server) with T1/E1 in/out
8x IRIG-B DISTRIBUTION SYNCHRONIZED TO 2x OPTO GNSS RECEIVER
NTS-5000Rb+OCXO w/ 8x IRIG-B output & 2x OPTO GNSS antenna
37
17. High Precision [ns] 4xPTP ITU-I G.8261
This is extra option. The upper-floor can support max. 4x PTPv2/IEEE1588:2008 w/ SyncE. Each card is equipped
with 2x 1GE Ethernet interfaces, but only 1 of 2 can be used in time. Supported connectors are: SFT, RJ45.
The best benefit of using 4x PTP cards is security and ultra-high synchronization accuracy. Each card has own
IPv4 stack, and id driven by own operating system OS (Unix family). Cards are information isolated from each
other and from GrandMaster part of NTS-5000. The PTPv2 together with SyncE offers nanosecond level of
synchronization. They also support SNTP (Simple Network Time Protocol) server that is 100% compatible to std.
NTP clients.
NTS-5000Rb+OCXO w/ extra 4x PTP modules (SFT+RJ45) – all PTP modules works autonomous with own TCP/IP stack
Double redundant Power Supply, and dual redundant GNSS receivers (ANT1, ANT2)
NTS-5000Rb+OCXO w/ extra 3x PTP modules (SFT+RJ45) – all PTP modules works autonomous with own TCP/IP stack
Double redundant Power Supply, and dual redundant GNSS receivers (ANT1, ANT2)
NTS-5000Rb+OCXO w/ extra 2x PTP modules (SFT+RJ45) – all PTP modules works autonomous with own TCP/IP stack
Double redundant Power Supply, and dual redundant GNSS receivers (ANT1, ANT2)
NTS-5000Rb+OCXO w/ extra 2x PTP modules (SFT+RJ45) – all PTP modules works autonomous with own TCP/IP stack
Double redundant Power Supply, and dual redundant GNSS receivers (ANT1, ANT2)
38
18. HYDRA Modular Multi-LAN Extension
This is extra option. Each NTS-x000 (incl. NTS-3000, NTS-4000, NTS-5000) can be linked with a
special multi-LAN extender, the NTS-HYDRA. Extender is a separate unit. It is equipped with own
CPU and it can support up to 7 independent network interface cards (NIC). Unit is Linux driven,
therefore all 7 NIC shares single IP stack for NTP/PTP operations. There are 3 types of NIC available:
1GE (1,2,4x LAN/NIC), 10GE (1 or 2x LAN/NIC), 100GE (1x LAN/NIC). Supported connectors are:
SFT or RJ45.
HYDRA extender can support max. 7 NIC, 4x LAN/NIC. Together with preinstalled 2x LAN 1GE, single
extender supports max. 30x LAN – each different configuration. There are max. 10x HYDRA
extenders, so all together cluster supports max. 300x LAN’s in single UTC distribution node. HYDRA
clusters are useful to create synchronization time scale clusters.
NTS-3000 and NTS-4000 HYDRA extension
39
NTS-5000 HYDRA w/ 4x PTP High Precision LAN3-LAN6 Interfaces
HYDRA super-cluster with max. 10 extenders (all together max. 300 LAN interfaces 1GE, 10GE, 100GE)
40
19. UTC, Leap Second and Time Multisource
.
UTC
The basic supported time scale is UTC. Customized version of servers can be configured to supply
other scales including TAI and GPST (a separate scale supporting GPS satellite system). Universal
Coordinated (UTC) Time is the primary time standard by which the world regulates clocks and time. It
is one of several closely related successors to Greenwich Mean Time (GMT) set according to
astronomic observations. For most purposes, UTC is synonymous with GMT, but GMT is no longer
precisely defined by the scientific and IT community, therefore we strongly suggest to not mismatch
both names.
The UTC time is computed by NTS-x000 satellite receiver. There are max. 2 receivers supporting
each of NTS-x000. They support GNSS (GPS, GLONASS, BEIDOU, GALILEO). The final time is
computed UTC is weighted average of all sat systems. Therefore, ELPROMA systems are not as
much sensitive to internal errors of specific satellite systems as other product available on market.
GNSS Systems strongly rely on measuring the time of arrival of radio signals propagation down on
Earth. Thus, each GNSS System has its own time reference from which all elements of the Space,
Control and User segments are time synchronized. The most relevant GNSS time references used for
computing UTC are briefly described below:
.
GPS Time (GPST)
GPS Time (GPST) is a continuous time scale (no leap seconds) defined by the GPS Control segment
h
on the basis of a set of atomic clocks at the Monitor Stations and onboard the satellites. It starts at 0
d
UTC (midnight) of January 5th to 6th 1980 (6. 0). At that epoch, the difference TAI−UTC was 19
s
seconds, thence GPS−UTC=n − 19 . GPS time is synchronized with the UTC(USNO) at 1
microsecond level (modulo one second), but actually is kept within 25 ns.
41
.
GLONASS Time (GLONASST)
GLONASS Time (GLONASST) is generated by the GLONASS Central Synchronizer and the
difference between the UTC(SU) and GLONASST should not exceed 1 millisecond plus three hours
(i.e.,
, where
),
but is typically better than 1 microsecond. Note: Unlike GPS, Galileo or BeiDou, GLONASS time
scale implements leap seconds, like UTC.
.
GALILEO Time (GST)
Galileo System Time (GST) is a continuous time scale maintained by the Galileo Central Segment and
h
synchronized with TAI (atomic timescale) with a nominal offset below 50 ns. The GST start epoch is 0
UTC on Sunday, 22 August 1999 (midnight between 21 and 22 August).
.
BEIDOU Time (BDT)
h
BeiDou Time (BDT) is a continuous time scale starting at 0 UTC on January 1st, 2006 and is
synchronized with UTC within 100 ns< (modulo one second).
Below diagram presents offsets between specific GNSS satellite systems:
42
.
LEAP Second
A leap second is a one-second adjustment that is occasionally applied to Coordinated Universal Time
(UTC) in order to keep its time of day close to the mean solar time, and UT1 time. Without such a
correction, time reckoned by Earth's rotation drifts away from atomic time (TAI) because of
irregularities in the Earth's rate of rotation. Since this system of correction was implemented in 1972,
st
the 37 leap seconds have been already inserted, the most recent on 31 of December 2017 23:59:60
UTC-midnight. Together with first 10 initial seconds’ total amount of leap seconds is now 37s, and
therefore the formula for calculating is:
TAI – UTC = 37s (01 January 2017)
Adding leap second procedure bases on special announcement NTP flag set by decoding special
message file from NIST or IERST. The implementation procedure theoretically should give a perfect
60 second and the UTC time clock effect should show as follow:
23:59:59 -> 23:59:60 -> 00:00:00
But there are a couple o problems why above structure needs an attention during IT system
deployment. According to D. Mills article “A kernel model for precision timekeeping”, there are possible
several side effects of getting time deviations depends on end-user operating system (OS) and its
kernel version. We would like to point attention to possible several scenarios of supporting leap
second depends on OS version and its kernel (e.g. those implemented in old API generation POSIX
Linux system but not only limited to). Possible implementations of leap second support at OS kernel
are:
1. Step OS Clock Time Back at the End of the Leap Second
Leap Second - Step Back Clock at the End of Second
In this case time is simply stepped back at the end of an inserted leap second as shown in above
figure. Therefore, OS time cannot be monotonic, and thus duplicate time stamps occur after the leap
second (e.g. at the beginning of the next UTC day). Mills claims as a result, there can be later time
stamps assigned to events which occurred earlier, which can heavily mess up applications using time
stamps to order the sequence of events or transactions.
43
2. Step OS Clock Time Back at the Beginning of the Leap Second
Leap Second Time Back at the Beginning of Second
Time is simply stepped back at the beginning of an inserted leap second as shown above. In this case
time is also not monotonic. Mills points the difference from the previous case is that duplicate time
stamps occur during the leap second, i.e., at the end of the UTC day. Similarly, there can be later time
stamps assigned to events which occurred earlier, which can cause the same confusion as the
previous case.
3. Stopping OS Clock Time Counting for Exactly One Second
Leap Second Stopping Clock Time for 1 Second
A modified approach which guarantees strictly monotonic time stamps has been proposed Mills, the
inventor of the Network Time Protocol (NTP), who suggested stopping the clock during an inserted
leap second, but incrementing the fractions of time stamps by the smallest possible time increment
th
whenever the time is read by an application. This technique gives another the 4 minor scenario (see
below).
Some operating systems like Microsoft Windows are not aware of leap second and thus are not
prepared to handle it. In such case it may be possible to slew the system time over the leap second.
44
Windows slows the system clock down to half the nominal speed for 2 seconds, so the Windows OS
time is again aligned to UTC. This method is not optimal, but at least after the leap second the OS
time is correct again.
Nevertheless, there is an important conclusion going out of above discussion. Depends on OS version
and its kernel, the leap second can be supported on different ways giving offset error to UTC for
seconds, and in some cased for hours. Many vendors therefore recommend to not use
synchronization a couple of hours before and after leap second UTC midnight.
Dave Mills NTP proposal to Increment Time LSB
OS clock is just put on hold for one second as shown above and time stamps are all the same during
the inserted leap second. OS time does not increase monotonically, and time stamps can't be used to
order events.
A true novelty is real multi source time concept. Product can take simultaneously a reference time
from its all-available hardware inputs. Compering to other existing solutions, it does not take “artificial
selected” source of UTC, but it is automatically and continuously computing weighted average UTC
clock ERROR from available sources (clock truechimers) including:
•
•
•
GNSS satellite systems
(GPS, GLONASS, GALIELO, BEIDOU via: RS485 or LAN)
Remote TIME SERVERS
(NTP, PTP/IEEE1588, SYSPLEX))
Local external atomic clocks (IRIG-B, 1PPS, 10MHz, RS-232),
45
Multisource concept. Server simultaneously receives time from all available time sources
•
•
•
GNSS satellite systems
(GPS, GLONASS, GALIELO, BEIDOU via: RS485 or LAN)
Remote TIME SERVERS
(NTP, PTP/IEEE1588, SYSPLEX))
Local external atomic clocks (IRIG-B, 1PPS, 10MHz, RS-232),
Some other vendor products available on market use name “multisource” too. The following figure
presents difference between ELPROMA-Clepsydra multisource meanings and other concepts:
Other product available on market
(Switching between “best selected” sources)
Ref. time is taken from” the best” available UTC and corrected
by weighted arithmetic mean ERROR of all clocks 1-3
sydra Time Servers does not allow manual source time selection, however single source can be
achieved by disabling all remind sources. This is including GNSS Multi-SAT receiver supporting GPS,
GLONASS, GALILEO, BEIDOU – each acting independent source for UTC time. Considering other
than std. configuration please take a note that modern time metrology highlights philosophical rule
where “having single clock you have to trust it; taking time from 2 different clocks - you don’t know
what time is; 3 or more clocks enables to consider what time might be”.
True output UTC time (single source system)
For single reference source of time (i.e. GPS), the synchronization and output UTC is represented:
46
Single source of reference UTC time
The dispersion represents the maximum possible error on the offset of source time reference like
GPS. The current Timeserver time is represented by zero (0) offset. The “Offset” margin adjustment of
internal server’s clock is proceeding and it can be set to possible values between “Reference UTC”
plus “Dispersion” and the “Reference UTC” minus “Dispersion”. In case of single source servers the
target UTC accuracy can be then less or equal to it’s reference origin pattern. However using single
source of time avoids advance computing for target output UTC. Actually timeserver always provides
“best replica” of source reference parameters. In some cases like Institutes of Metrology this technique
can be very useful, especially when using local-external, high performance atomic clock - as primary
reference source of time. Using local atomic clocks let produce high accuracy and stable UTC output
for NTP/PTP.
.
Single source configuration of NTS-3000 connected to Cesium Primary Reference Std. 5071A Clock
To allow output UTC (clock) quickly achieve high accuracy, yet avoid overshooting the time with
large time adjustments, timeserver uses large adjustments (after power-up) occur quickly and small
adjustments occur over time for normal mode of operation. For small time differences (less than 128
ms) server uses a minimal-gradual adjustment. This is called slewing. For larger time differences (i.e
after powering up), the adjustment is immediate and large. This is called stepping. The different types
of time adjustment are shown in figure below.
Computing target output UTC time from multisource NTS-3000/4000/5000. Step adjustment is possible after Power-ON only.
Output UTC time from multisource time reference
For multisource the synchronization and output UTC is much more complicated. Several steps are
involved by NTS-3000/4000/5000 in determining the correct time on server’s inputs. Although some of
these steps are not necessary when synchronizing to a single source (i.e. GPS) it is essential for more
complex multisource.
47
Multi source reference of UTC
Increasing the number of independent reference UTC sources is good for two reasons: it allows for
more accurate output time, and reduces the chance of the time becoming unsynchronized from an
accidentally or intentionally misconfigured time source. These advantages are realized inside server in
special clustering algorithm and the clock combination algorithm. Server NTS-3000/4000/5000 not
only tries to synchronize to “true time”, it also computes an error range on all source inputs. The
maximum error in either direction is called the dispersion representing offset and maximum possible
time error. NTS-3000/4000/5000 server determines the best time sources based on several factors,
including offset, the delay (latency), and statistical error factors (represents errors related to clock
reading times and frequency tolerance etc).
Multisource can improve target output UTC accuracy by reducing final dispersion (thin grey interval)
UTC-multisource also helps reduce risk of time manipulations. Input clocks that have error bars
(dispersion) that overlap this interval are in the majority. Input clocks that are in this majority are called
“Truechimers” and clocks that are outside this majority are called “Falsetickers.” In most cases, all the
clocks in a configuration will be Truechimers. If a clock at server’s input appears to be a Falseticker,
then it is important to investigate to see what the problem is. While in an ideal world, all Falsetickers
would be the result of incorrectly set clocks, it is possible (but very unlikely) that a Falseticker may
have a incorrectly set clock as the result of time manipulation (i.e. GPS spoofing). These kind of tricky
things are similar acting to “time machine”. Spoofing GPS is one of most popular, but unfortunately not
the only one. Multisource offers unique possibilities to detect and eliminate Falsetickers.
48
20. GNSS Receiver & Antenna
Preparing for Antenna Mounting
NTS-3000/4000/5000 is equipped with active GNSS Antenna and receiver supporting:
•
•
•
•
GPS
GLONASS
GALILEO
BEIDOU
GNSS receiver is set for receiving multiple satellite systems simultaneously. Following configurations
are available for each receiver:
•
•
•
•
•
•
GPS+GLONASS (default)
GPS+BEIDOU
GPS+GALIILEO
GLONASS+BEIDOU
GPS+GLONASS+GALILEO
GPS only
The GNSS configuration is factory pre-set and therefore must be defined before ordering.
NTS3000/4000/5000 Servers can support max. 2 independent GNSS antenna/receivers getting
simultaneously time from all 4-satellite systems:
•
GPS+GLONASS+GALILEO+BEIDOU
Depends on above configuration receiver use between 32 (min) and 170 (max. option) independent
channels. Each GNSS satellite system can supply independent data to calculate UTC output time.
Each of NTS-3000/4000/5000 servers is equipped with 2 independent antenna inputs (Channels: A/B).
Each can operate as INPUT or OUTPUT:
Ch“A” Ch“B”
ANTENNA
Antenna INPUT (Ch “A”, CH “B”) can support simultaneously GPS/GLONASS/GALILEO/BEIDOU.
Antenna OUTPUT mode can generate GPS NMEA+1PPS emulation to another server. There are 2
LED (red, green) on the back panel of NTS-3000/4000/5000 to indicate GPS, OCXO 1PPS
synchronization. The following unit status is reported on LED's:
GREEN LED
OFF
ON
BLINKS (NTS-3000 and -4000)
BLINKS (NTS-5000)
RED LED
OFF
ON
BLINKS
STATUS
NTP daemon not started
NTP daemon started
Synchronized to OCXO
Synchronized to 1PPS from external BNC connector,
Rubidium or OCXO
STATUS
No GNSS signal
Synchronized to GPS (NMEA)
Synchronized to GPS (1PPS)
49
The hardware of the GNSS antenna contains in one box. In a box are placed GPS receiver, frequency
converter and basic over-voltage protection. Box is water resistant (IP67) therefore it should stay over
water level during rain.
Old header 2004-2014
Antenna w/ GNSS Receiver & Handler
New 2015 header w/ antenna
The old (2004-2014) GNSS active header supports only RS485 and GPS+GLONASS. The new 2015
GNSS header is 100% compatible to old header 2004-2014 (it supports RS485), but it also includes
several optional extensions. It can be equipped with Ethernet (PTPv2/IEEE1588) and it supports all
available GNSS systems including: GPS, GLONASS, GALIELO, BEIDOU.
Available NTS-3000/4000/5000 antenna system configurations:
1.
2.
3.
4.
Single RS485 antenna/receiver connected to ANT1 (included with std. product set)
Dual redundant RS485 antenna/receiver connected to ANT1 and ANT2
Tipple (2xRS485; 1x PTPv2) antenna/receiver connected to: ANT1, ANT2, PTP#1 or PTP#2
Quarto (2xRS485; 2x PTPv2) antenna/receiver connected to: ANT1, ANT2, PTP#1, PTP#2
All antenna type of communication (RS585, Ethernet/PTPv2) are requiring UTP/STP min. CAT 5
cable. Maximum possible distance connections are:
•
•
•
0.6 km for RS485 via UTP min. cat. 5
1,2 km for RS486 via STP min. cat. 5
0.2 km for PTPv2 (no switch allowed) min. cat. 5
Ch“1” Ch“2”
Ch“3” `Ch”4”
ANTENNA
RS485
ANTENNA
PTPv2/IEE1588
4x antenna configuration
50
The GNSS satellite receiver has been designed to provide extremely precise time. High precision time
is available 24 hours a day around the whole world from GNSS including: GPS, GLONASS, BEIDOU,
GALILEO. The GNSS is a satellite-based radio-positioning, navigation, and time-transfer system. The
source of time is based on Cesium (Cs) or Rubidium (Rb) atomic clocks. Time is represented as UTC.
The GPS, GLONASS and GALIELO
satellites are not stationary. They circle
round the globe in a period of approx.
about 12 hours. The BEIDOU/COMPASS
is geostationary.
At the time single GPS satellites can only
be received if there is no building in the
line of sight from the antenna to the
satellite, the multi-SAT GNSS offers much
better signal receiving sensitivity and time
accuracy. The antenna unit should be
mounted always at location of building
from which as much of the sky as possible
can be seen.
Panorama scheme of rooftops in the city (“OK” – recommended places to mount GNSS, “FINE” – places should be considered
for mounting, “NOT GOOD” – places you should avoid to mount your GNSS receiver)
The metal handler should be mounted always on top of building. Please select location of GNSS
antenna on way it work will be not disturbed by any other radio-transmitter or antennas. We advice to
keep min. distance of 5m from other electronic devices as GSM (2G/3G/4G) transceivers, radars,
telecoms equipment, air conditions etc. Your GNSS multi-SAT antenna/receiver should be mounted
solid to avoid strong winds and other bad weather conditions. Water, salt and snow conditions are
acceptable under condition the box remind over water level (IP67).
GNSS
GPS
GLONASS
BEIDOU/COMPASS
GALILEO
Country of origin
USA
RUSSIA
CHINA
European Community
SAT in View
14 (since Dec 2012)
4 (since 2012)
51
Purpose
Military & Civil
Military & Civil
Military & Civil
Civil/Commercial (only)
For surge and over voltage protection please refer to NTS-protec part of manual.
This product is not included with std. set and needs to be purchased separately.
NTS-protect includes special lightning protectors preventing NTS servers from
direct and indirect effects of atmospheric discharges and related over voltage
defects. The construction of NTSprotect is based upon the rule of voltage
compensation in accordance with PN IEC61024-1 standard regulations. It
stimulates upholding safe levels of over voltage that will not damage the
insulation in all protected electrical circuits of the NTS family servers.
For connecting antenna (GPS or DPS + DCF77) box we recommend usage of
UTP or STP CAT5 (or above) cables with standard RJ-45 connector termination
(both sides) with standard T568B conductors assignment. Cable should be
leaded into antenna box through cable gland. Please use standard Ethernet
cramping tooling (not included to NTS set) to mount antenna cable connection.
See table below for RJ45/UTP-STP cat. 5 wiring and related signal specification.
Tools to mount antenna:
1) RJ45 connectors pcs.2
2) UTC or STP cat. 5
cable (RS485 version):
• 0.6 km (max) UTP
• 1.2 km (max) STP
Old RS485 antenna w/ RJ45
3) Ethernet RJ45
Crimping machine
RS485 configuration
New RS485 antenna
PIN RJ45
1
2
3
4
5
6
7
8
GND
GPS Signal
PPS+
PPSTR+
DCFDCF+
TR+VCC
0V
GND
UTP Cat 5 cable
White/Orange
Orange
White/Green
Blue
White/Blue
Green
White/Brown
Brown
Not used
RJ45 (UTP/STP cat. 5) cable and signal specification
Note! For PTPv2IEEE1588 Ethernet version of GNSS receiver/antenna the rules and limitations are
limited by std. Ethernet communication and connections. Not switch/router is allowed when connecting
52
PTPv2 antenna receiver (master clock) to timeserver acting slave clock. You can connect max 2
PTPv2 antennas to single timeserver. PTPv2 antennas are operating independent on rs485 receivers.
The GNSS signal performance is different depends on geographical location and time of day. The
GPS, GLONASS and GALIELO satellites are not stationary. They circle round the globe in a period of
approx. about 12 hours. The BEIDOU is geostationary. GALILEO can be used experimental.
GPS/GLONASS/BEIDOU satellites in view
Properly mounted GNSS antenna gives timeserver access to maximum satellites available. Large
volume of available satellites improves performance of time synchronization. It has impact to time
server accuracy and stability. It makes solution better resistant to radio interferences (e.g. mobile
telecom network) and sat signal reflections (sky riper buildings etc.). Presented below sat signal
strength is an example measurement result. Signal strength and volume of satellites change during
day and therefore it is so important to take care for proper antenna installation.
Asia
Europe
USA
Asia
Europe
USA
Additional information on new GNSS sat systems BEIDOU & GALILEO (experimental)
BDS (Beidou/Compass - China) will be a global satellite navigation system consisting of 35
satellites in 2020, and is still under construction. It operates now with 10 satellites in view (as of
53
December 2012, 16 satellites for BeiDou-2 have been launched, 14 of them are in service). Satellites
are partially geostationary. The BDS could provide positioning data between longitude 55°E to 180°E
and from latitude 55°S to 55°N. NTS-3000/4000/5000 supports Beidou signals on E2 (Carrier FRQ
1561,098 MHz). This carrier is generally similar to the civilian codes of GPS (L1-CA and L2C), but
BDS signals have somewhat greater power. Other frequencies in four bands: E1, E2, E5B, and E6
overlaps with GALILEO sat signals and will be supported when GALILEO will be lunched.
GAL (GALILEO – EU) is a global navigation satellite system built by (EU) and European Space
Agency (ESA). On 21 October 2011 the first two of four operational satellites were launched to validate
the system. The next two followed on 12 October 2012, making it possible to test at timeservers
NTS3000/4000/5000 since March 2013. The GAL firmware version is experimental. GALILEO
satellites reminds in view periodically (max. 4) a few hours per day only. Full completion of the 30satellite Galileo system (27 operational and three active spares) is expected by 2020. The GALILEO
system is intended primarily for civilian use, unlike the more military-oriented systems of the United
States (GPS), Russia (GLONASS), and China (Beidou-1/2, COMPASS). The US (GPS) reserves the
right to limit the signal strength or precision of GPS, or to shut down public GPS access completely, so
that only the armed forces of the US and its allies would be able to use it in time of conflict. GALILEO
use the same frequency and coding as GPS civil. It can be used experimentally only.
2015 BEIDOU sat in view Europe and Asia
Antenna Mounting
The antenna supplied is of the active type, and is suitable for almost all applications. It is not supplied
with a pre-attached, cable, Before commencing installation, check that all the items detailed in the
contents list have been supplied and ready. The antenna is supplied with 0.5 handler with mounting
clamps for attachment to a mounting pole.
When mounting the antenna, ensure the antenna has a clear view of the horizon and is at least 2
meters away from transmission sources which may interfere with reception. Avoid the direct path of
any microwave links. Using any GNSS sat tracing FREE software on your mobile phone check that
signals are available at ratio is at least 33.dB and that at least 4 satellites are in view with
this minimum S/N signal. If you do not get these results check another antenna position
Caution! Do not allow the pole or other surfaces to extend higher than the underside of the antenna.
Such a condition would impair signal reception. The most important consideration in selecting a
position for the antenna is the presence of objects which obscure the sky or horizon. Where possible,
54
there should be no obstruction to a full view of the sky. Overhead wires and other very narrow
obstructions may be considered as invisible to the signals, provided that they are a few meters.
Be especially wary about mounting the antenna directly onto the fascia of a flat roof. To overcome this
situation, elevate the pole about 1 meter above the flat surface. A satellite prediction program may
usefully be employed to check a potential installation, and also to identify directions in which
obstructions may be a particular source of problems. The antenna is connected to the GPS Receiver
by a coaxial cable fitted with TNC connectors at each end. Where possible, avoid exposing the
cable and connectors to weather and other environmental conditions.
To install the antenna:
1. Insert the antenna cable through the bracket and the tightening pipe.
2. Fasten the tightening pipe to antenna.
3. Insert bolts through the mounting pole and connect to the bracket.
4. Insert flat Washers & Spring Washers & Nuts and close.
Multi-SAT RCV/Antenna (2000-2014)
New 2014 Receiver
55
21. NTS-protect (Extra Surge Protection)
As the antenna is roof mounted (to have a clear view of the sky) it is likely to be exposed to
lightning strikes. Protection against this is afforded by ensuring adequate grounding of the mountings
as described below.
CAUTION! There is no way to provide 100% protection for electronic equipment from direct
strike damage. It is possible however, to reduce the likelihood of damage from near strike
induced fields by ensuring the installation obeys some fundamental rules.
Lightning arrestors are not 100% efficient, a residual attenuated electrical pulse being transmitted
down the antenna cable, may still contain sufficient energy to damage equipment within the building.
Therefore, a second lightning arrestor is required at the equipment end of the cable, preferably where
the antenna cable enters the building.
ENSURING THE ANTENNA MOUNTING BRACKET AND NTS-x0000 ARE PROPERLY
GROUNDED.
This must be achieved by employing a certified, low impedance connection (a broad, flat lightning
conductor strap of sufficient thickness to provide adequate mechanical durability) able to carry the
thousands of amperes which may flow. Attaching the antenna mounting clamp onto a pole which is
correctly grounded is the recommended method. Optionally another lightning arrestor should be
mounted where the antenna cable enters the building and properly grounded to earth termination.
NTS-3000/4000/5000 includes std. industrial overvoltage protectors on all I/O lines including all GNSS
antenna inputs. However GNSS receiver with active antenna located on the building roof can be
connected to a remote NTS-3000/4000/5000 server via extra high performance lightning protector
system from Phoenix Contact (The NTS-protect unit). This system is a unit of surge/overvoltage and
lightning protection preventing the time server from direct and indirect effects of atmospheric
discharges. The NTS-protect system has been designed so to be in compliance with the regulation
(Journal of Laws, No. 75 of June 15, 2002 items 180 and 183) providing that wiring systems should
secure against switching overvoltage and lightning surge, and that voltage limiters shall apply thereto.
The construction of the unit is based upon the rule of voltage compensation in accordance with
PN – IEC 61024-1 standard. It stipulates upholding safe levels of overvoltage that will not damage
the insulation in all protected electrical circuits of the NTS-3000/4000/5000 server.
NTS-protect minimum configuration supports lighting protectors for: 1) GNSS antenna; 2) LAN, 3) 110230V AC single power input.
56
NTS-protect maximum configuration supports all I/O including: 1) 2x GNSS antenna (RS485);
2) 2-6x LAN (both: NTP and PTPv2), 3) 110-230V AC dual redundant power input.
General operational description
All in/out lines of the NTS-3000/4000/5000 server have been conducted through overvoltage limiters
mounted altogether on the steel-made DIN35/7,5mm bus, a standard solution applied to industrial
automatics for rack’19 switchboxes. The height of the solution is 2U and it is mounted inside the
rack’19 switch box, on the back of the NTS-x000 server. Overvoltage limiters are arranged as parallel
systems including non-linear components such as gas spark gaps, semiconductor diodes and voltagedependent resistors. They provide a quick change of resistance leading the current of overvoltage
origin down into the protection circuit (yellow and green wire) of the rack’19 switchbox. All electrical
leads of limiters are in the form of screw terminals.
Phoenix Contact
Limiter type
NTS-3000/4000/5000
Description (general purpose of using)
PT 5-HF
PT 2-PE/S
D-LAN-CAT.5E-U
VAL-MS
12V GNSS (GPS/GLONASS/GALILEO/BEIDOU) protectors
24V Antenna/Receiver power protector
LAN/Ethernet
110-230V AC power protector
57
Description of antenna track protection
The NTS server communicates with
the GNSS antenna module via lowsignal circuits of the voltage levels
not exceeding 12V DC.
The
transmission is carried out through
a special multi-core cable of a core
diameter equaling 0,5 mm. The
cable has two separate 1,00 mm
lines providing power supply to the
antenna. The aforesaid lines are
protected
with
two-component
limiter (3 pcs.) mounted onto a
DIN35/7,5mm bus with a down lead
into the protection circuit. Cramps
holding odd numbers are equipped
with a cable leading into the GNSS
(GPS/GLO/BDS/GAL)
antenna
module (roof direction) whilst
cramps holding even numbers go
with
the
NTS-3000/4000/5000
server. Please refer to GNSS
Receiver & Antenna chapter for
details on connecting antenna via
UTP/STP cable.
Server antennas (RS485)
Ant 1 (Ant 2)
58
Description of Ethernet link protection (2 x LAN Cat. 5).
Protection of the Ethernet lines is provided
due to additional reduction of the risk
resulting from damages that may occur via
LAN/WAN network. The solution has been
designed in compliance with IEC 61643-21
standard. System holds D-class certificate
in accordance with DIN EN 50173-1:2002
standard for LAN network solutions. The
limiter is connected to the NTS-3000
server and LAN/WAN network with
standard Cat. 5 wires. The length of wires
along the “NTS server – lightning
protector” track should be of the least
possible value. The lightning protector is
mounted onto a DIN35/7,5mm bus whilst
its protection wire is linked to the
protection circuit (yellow and green wire)
through a special cramp on the rack.
Protection of the Ethernet lines is provided due to additional reduction of the risk resulting from
damages that may occur via LAN/WAN network. The solution has been designed in compliance with
IEC 61643-21 standard.
The system holds D-class certificate in accordance with DIN EN 50173-1:2002 standard for LAN
network solutions. The limiter is connected to the NTS-3000 server and LAN/WAN network with
standard Cat. 5 wires. The length of wires along the “NTS server – lightning protector” track should be
of the least possible value. The lightning protector is mounted onto a DIN35/7,5mm bus whilst its
protection wire is linked to the protection circuit (yellow and green wire) through a special cramp on
the rack.
Description of power supply system protection (230V AC)
Due to wide scope of applications and high
efficiency as well, the system has been assumed
to be provided with the protection made for the
entire rack’19 switchbox. Then the issue to
discuss is barely the way the power is distributed
inside the rack’19 switchbox (it refers to the
number of internal outlets mounted onto the bus)
and not the way of supplying the power to the
entire rack’19 switchbox along its appropriate
earthing system. So the protection of the 230V
AC power supply system has been handled
through C/II-class limiters in accordance with IEC
61643-1 and E DIN VDE 0675 standards. These
are limiters maintaining the protection level
parallel to D-class (reaching 1m5kV for 20kA at
8/20uS) and allowing for the down lead of the
current up to 3kA (10/350uS), typical for
supplementary safety measures that include
protection of the 230V AC power supply system.
Such solutions are in regular use in the industry,
for rack’19 switchboxes with the industrial
automatics. NTS-protect solution has 2 limiters
of this kind (one in each wire), working in parallel
in the power supply system.
Limiters are
installed onto the DIN35/7,5mm bus.
It is
recommended to provide the discussed system
with supply for devices operating in the same
110-230V AC protector
(single power supply system)
59
rack’19 switchbox
Final information and general supplementary recommendation (NTS-protect)
1. The DIN35/7,5mm bus must be joined to the protection circuit of the electrical terminals
2. All wires (including those of other devices) inside the rack’19 switchbox, that may cause
overvoltage should be grouped so that they stay away from each other. Cores of the wires
should go together and keep a relevant distance.
3. All wires connected to the protection systems should be of the least possible length.
Remember that the NTS-3000/4000/5000 unit only minimizes the probability of damages resulting
from overvoltage and arising directly or indirectly as a consequence of atmospheric discharges,
however, it provides no absolute warranty against overvoltage.
Rack’19 back panel with NTS-protect
60
22. FO-converter (Fiber Optic Converter)
Electric signal side
Fibber Optic side
The FO converter can be used to connected GNSS MulitSAT receiver to NTS3000/4000/5000
Timeserver. The max. connection distance is 1.5 km (1 mile). Single antenna (A/B) requires 2
converters connected on each side of :
•
•
GNSS Mulit-SAT Receiver/Antenna (via RJ45)
NTS-3000/4000/500 Time Server (via RF45)
Connection scheme for single GNSS-Timeserver communication
61
Connection scheme for double redundant GNSS-Timeserver communication
Quick installation:
ST single-mode fiber optic (conv2conv)
1. Prepare 2pcs of FO-conv for each
MultiSAT antenna/receiver. For Dual
antenna system (A/B) use 4pcs of
FO-conv (2pcs/antenna).
2. Connect FO-conv using singlemode (ST ended) fiber optic wire
(top side of picture)
3. Connect FO-conv #1 to NTSx000
unit using UTP cat 5. Plug the cable
into RJ45 connector of FO-conv
labelled “Time Server”. Another side
of cable plug into NTS-x000 ANT#1
(or ANT#2).
NTS-x000 (RJ45)
24VDC
Ant/Rcv (RJ45)
62
4. Connect FO-conv #2 to GNSS
Ant/Rcv using STP cat 5. Plug the
cable into RJ45 connector of FOconv labelled “MultiSAT Antenna”.
Another side of cable plug into NTSx000 ANT#1 (or ANT#2).
Powering fiber optic converter (FO-conv)
FO-conv requires 24VDC. Unit #1 can be powered directly from NTS timeserver antenna connector
(RJ45) located at back panel (label ANT1 or ANT2). Unit #2 is connected to GNSS MultiSAT Ant/Rcv
and it is requiring external power supply.
GNSS receiver connected to electric circuit #2 does not interfere IT electric circuit #1 when surge
It is strongly recommended to use separated from main IT hardware 110/230V AC electric circuit.
Since fiber optic is not caring electricity, using separate 110/230V AC powering (or solar panels) for
GNSS MultiSAT Ant/Rcv makes solution 100% resistance for surge and overvoltage.
63
23. Robust Sync - Application Notes
Following GNSS antenna installations are bed practice and do not appoint robust synchronization
standards:
Examples of bed practice GPS antenna installations
When considering robust installation please consider risk of GPS jamming/spoofing too. There are
various of Internet shops offering professional dimmers in reasonable inexpensive price. Some of
technical reports provides information on cyber-attacks to Stock Exchange GNSS receiver systems.
Jammers are inexpensive and public available
64
65
24. Powering Up
If both the antenna and the power supply have been connected the system is ready to operate. You
can turn on a power switch located on the back panel of NTS server.
Typically, time duration of NTS server power-up is enough for the GNSS MultiSAT antenna/receiver
box to start to operate with the required accuracy. If the GNSS MultiSAT antenna/receiver finds valid
almanac and ephemeris data in its battery burred memory (and the receiver position has not changed
significantly since its last operation) the receiver can find out which satellites are in its view at that
now.
At least 4 satellites must be found to synchronize and generate output 1PPS pulses. Typical systems
work in configuration they have constant view of 12-32 GNSS satellites.
If the receiver position has changed by some kilometres (since the last operation), the satellites real
elevation and Doppler might not match the values expected by the receiver thus forcing the receiver to
start scanning for satellites. When the receiver has found four satellites in its view it can update its
new position and switch to Normal Operation. If the almanac has been lost because of battery
disconnection the receiver has to scan for a satellite and read in the current almanacs. When antenna
has clear view of the sky it takes up to 30 minutes until the new almanacs is completed and the
system starts to operate. For this time NTS server will operate from its internal quartz time clocks
(NTS-3000) or OCXO (NTS-4000), or Rubidium oscillator (NTS-5000).
After starting up the system the network function is initiated and the program for communication
between GNSS and NTP (Network Time Protocol) becomes to be active. The following screen
appears on LCD display while starting.
03-05-2014
12:01:00 sat
ERRsync
A= 2/32
From the left side there are: date and time, error status, UTC time, number of satellites reached per
total amount of visible satellites.
Important Note!
The NTP starts max. 5-10 minutes after powering ON it does
not matter what status of time sources actually are (if they
are connected, GPS is synchronized etc.). During this
approx. 5 minutes long start time NTP searches for best
available source and builds statistic information in order to be
able to detect corrupted sources (false tickers in NTP
notification). After approx. 5-10 minutes period NTP selects
best source as currently used and other sources (also
correct but less accurate) as backup sources.
It is possible to setup much shorter start-up time of NTP (about 1 minute) by selecting a special “Fast”
option in “Misc” menu of SETUP. This can be helpful for environments with a high risk of unexpected
power down. Using this option results in less accurate (approx. 1s error of time information provided
by NTP service during first 3-4 minutes of operation).
The OK status is displayed if system tracks satellites and synchronisation is pending. For single
antenna system only one receiver status is displayed. For double GNSS antenna/receiver
configuration each receiver shows it’s own status - one after another one.
03-05-2014
12:01:00 sat
OK
A= 18/32
03-05-2014
12:01:00 sat
66
OK
B= 16/32
25. LCD Messages
If no antennas are currently connected to NTS devices following error screen will be shown:
17-02-2015 ERRsats
18:02:21 ANT ERROR
Error: all antennas disconnected
The NTS servers require minimum 5 satellites to be reached continuously in order to get time from
GNSS (GPS) properly. This figure is not constant and it is changing in non-regular way. If satellite
communication is lost the following message appears:
17-02-2014 ERRsats
8:02:21 sat A=1/12
Error: missing GNSS statellites
17-02-2014 ERRsats
8:02:21 sat A=1/12
Error: bad GNSS geometry (min 5 sat)
This requires finding better GNSS antenna location otherwise NTS servers cannot obtain time
information from GNSS antenna. The unit will still work properly but will provide time according to RTC
which time need to be setup manually through console and its accuracy is poor.
The LCD shows only a status of the GNSS antennas. It does not show status of the other time
sources as I/O time interfaces (1PPS, IRIG-B etc.). However other time sources can be monitored and
traced by a remote software utility ntpq (cl num command of ntpq utility, where num can be guessed
from as command).
There another error message “Err sync” is possible to be displayed. It indicates that internal
phase/frequency loop is not yet locked or temporary not working, because of 1PPS jitter or too much
offset from GPS time.
17-02-2014 ERRsync
8:02:21 sat A=5/12
Error: GNSS is not in sync
Last possible error message is “Error call service” message. It means that device is not operating
properly (message will show up approx. 30 sec after rebooting). Please contact service in this situation
for further instructions.
Error call service
+48 (22) 7517680
Error: Device out of order
67
26. Keyboard Setup
After first power up, at least basic configuration should be performed in order to setup proper
interfaces IP configuration. This can be done using front panel keyboard.
Front panel Keyboard
To enter setup mode press and hold “OK” button. Now you can configure LAN1 interface. Following
screens will appear on LCD:
LAN1 IP address:
192.168.000.210
LAN1 netmask:
255.255.255.000
LAN1 gateway:
192.168.000.001
To navigate through digits, use “←” and “→” keys. To increase values, use “↑” key, to decrease use “↓”
key. One can instantly clear currently edited parameter to zeros by pressing “C” key. Pressing “OK”
button switches to next parameter. After configuring LAN1 interface, LAN2 interface screens are
shown. After configuring all parameters following screen is shown:
Are you sure?
[OK]-Yes [Cancel]No
Configuration
confirmation screen
In order to save configuration press “OK” button. NTS server will reboot and operate with new setting.
If you want to keep old configuration simply press “C” button and no changes will be made. In order to
exit from configuration mode just press “OK” button as many times as needed to obtain confirmation
screen and then press “C” button. This operation must be done with caution in order to avoid saving
bad settings.
This method allows only base LAN1 & LAN2 interfaces configuration. In order to change other NTS
server settings console (incl. LAN3-LAN6 options) software configuration option is available via HTTP,
HTTPS, SSH or TELNET. For quick SETUP details please ref. to Chapter 1 of this manual.
68
27. Restoring Factory Defaults
NTS-3000/4000/5000 (Factory Default Setting)
Standard LAN defaults:
LAN1: 10.0.0.210
LAN2: 192.168.0.210
MASK: 255.255.0.0
MASK: 255.255.255.0
GATEWAY: 10.0.0.1
GATEWAY: 192.168.0.1
Optional LAN component settings:
LAN3: 192.168.3.210
LAN4: 192.168.4.210
LAN5: 192.168.5.210
LAN6: 192.168.6.210
MASK: 255.255.255.0
MASK: 255.255.255.0
MASK: 255.255.255.0
MASK: 255.255.255.0
GATEWAY: <no value>
GATEWAY: <no value>
GATEWAY: <no value>
GATEWAY: <no value>
Factory default user and password:
Username: admin
Password: 12345
SETUP services defaults:
HTTP
HTTPS
SSH
TELNET
ON
ON
ON
OFF
Std. product supports:
Custom product supports:
GNSS (GPS/GLONASS)
GNSS (GPS/GLONASS/GALILEO/BEIDOU)
Interfaces:
Ant1 (Antenna “A”)
Defaults
INPUT
Available
INPUT
OUTPUT
DISABLE
NTS-x000 modes
(all)
(NTS-4000 & NTS-5000 only)
(NTS-4000 & NTS-5000 only)
rs485
RJ45
RJ45
Ant2 (Antenna “B”)
INPUT
INPUT
OUTPUT
DISABLE
(all)
(NTS-4000 & NTS-5000 only)
(NTS-4000 & NTS-5000 only)
RJ45
RJ45
Restoring Factory Defaults
Press & hold (at the same time) “OK” and “C” buttons, until following below message will be displayed on LCD.
Press “OK” one more time to RESET product and RESTORE factory defaults, or press “C” to abort the operation.
Following below message will be displaced on LCD and needs to be confirmed [OK] “Yes”
Are you sure?
[OK]-Yes [Cancel]-No
You need to confirm before restoring to factory defaults
69
28. UTC Multisource Inputs of NTS
NTS-x000 supports simultaneously several UTC sources. The inputs UTC groups are:
•
•
•
GNSS satellite systems
(GPS, GLONASS, GALIELO, BEIDOU via: RS485 or LAN)
Remote TIME SERVERS
(NTP, PTP/IEEE1588:2008, IBM SYSPLEX, IRIG-B)
Local external atomic clocks (IRIG-B, 1PPS, 10MHz, RS-232)
Simultaneously supported ref. UTC inputs
The UTC sources are:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
GPS
GLONASS
GALIELO* (option)
BEIDOU* (option – not available in Europe)
NTP – Network Time Protocol (max. 2)
PTP/IEEE1588:2008 – Precision Time Protocol (max. 4)
IBM SYSPLEX (SYS)
IRIG-B in
1PPS in (EXT)
10MHz in
RS-232 in
Multisource concept. NTS-5000 Time Server simultaneously receives time from all available UTC time sources
70
29. Maintaining Holdover mode (NTS-5000)
This chapter is limited to NTS-5000 only. Once server is installed and powered up, the NTS-5000
continuously receives UTC from available sources simultaneously. This is done by Grand Master
Clock (GMC) submodule – the central hart of NTS-5000 server.
After starting NTS-5000 it synchronizes its internal oscillators (Rubidium and OCXO)
The GMC is analysing all input UTC references simultaneously watching for best performance one,
and switching into it (1PPS+ToD). At the same time GMC is providing UTC ref. to local oscillators OSC
(Rubidium, OCXO).
This process takes 15-30 minutes, but preliminary output UTC is available via LAN1/ LAN2 supporting
NTP (Network Time Protocol) with accuracy of milliseconds. The NTP is available already 1 minute
after switching power ON of NTS-5000 and it takes another 4 hours to improve accuracy of NTP (Lan1
and Lan2) to level of microseconds.
Once OSC (Rubidium, OCXO) oscillators are synchronized to UTC ref. input (e.g. GNSS) the NTS5000 GMC is ready to serve PTP interfaces and also it is able to support HOLDOVER mode.
The holdover mode is autonomous GNSS less operation, where ref. UTC is drown locally from
oscillators (Rubidium, OCXO). Independently, outputs as PTP 1-4 or NTP includes own local-holdover
mode that extends autonomous interface operation in case if internal synchronization signals remind
temporary unstable (e.g. because of EMC impacts from other devices etc). This technology warranties
high quality and performance of NTS-5000 that is able to operate GNSS less for many weeks.
71
Time arrow
Server Activity
Time on outputs
Accuracy
ZERO
Power up (switchin-ON)
None
N/A
0-1
min
Booting
None
N/A
1-15
min
GMC is receiving GNSS
LAN1-LAN2
LAN3-LAN6
millisecond
N/A
LAN1-LAN2
LAN3-LAN6
1PPS+ToD
millisecond
microsecond
LAN1-LAN2
LAN3-LAN6
1PPS+ToD
1PPS+ToD
sub-millisecond
sub-microsecond
LAN1-LAN2
LAN3-LAN6
1PPS+ToD
1PPS+ToD
sub-millisecond
sub-microsecond
LAN1-LAN2
LAN3-LAN6
1PPS+ToD
1PPS+ToD
microseconds
nanoseconds
GMS is syncing OCXO
15-30
min
GMC is receiving GNSS
OCXO synced by GMC
GMS is syncing Rubidium
30-60
min
GMC is receiving GNSS
OCXO synced
GMS synced
30-60
min
GMC is receiving GNSS
OCXO synced
GMS synced
Ready for holdover
60-240 min
GMC is receiving GNSS
OCXO synced
GMS synced
Ready for holdover
Note!
Best performance NTS-5000 server is reaching after 4 hours since powering ON. Therefore NTS-5000
is supplied with dual redundant power supply and it should be installed with 2 redundant GNSS
receivers.
The 1-4 PTP modules as well as NTP module can be independently be equipped with local TCXO
oscillators that provides additional holdover operation for this specific module. It is useful in case if
NTS-5000 operates in noisy environments where there is a risk of EMC interferences. For more
information, please ref. to PTP/IEEE1588:2008 section later in this documentation.
72
30. Software setup for std. LAN1-LAN2
This chapter will let you configure std. LAN1 and LAN2 interfaces (100/10 Mbps) of NTS-x000 family
products. All below presented operations of configuration are similar NTS-3000, NTS-4000, NTS-5000
but this chapter will describe details based on example of server NTS-5000.
The factory default (user and password) is:
Username: admin
Password: 12345
To start configuration, please configure all LAN interfaces by simply placing:
IP
MASK
DEFAULT GETEWAY
In addition, you can specify what mode you want to work on specific LAN interface. You can enable
extra broadcast and multicast modes running in the background of standard client/server mode, but
we suggest to finish basic configuration first before you go to more advanced options. Therefore,
please leave those options for the moment now by simply filling fields 0.
Now it’s time to decide what other
access each LAN separately:
•
•
•
•
•
remote services you like to keep active for future accessing. You
Enable/Disable access via Telnet
Enable/Disable access via SSH
Enable/Disable access via HTTP
Enable/Disable access via HTTPS
Enable/Disable access via SNMP (MIB2)
73
Now you should repeat above steps for LAN2. It is strongly recommended to use only 1 of 2 (LAN1 or
LAN2) GATEWAYS. So, if you have chosen GATEWAY for LAN1, please do not use GATEWAY for
LAN2, and vice versa. It is because using 2 GATEWAYS simultaneously might cause risk of
redirecting IP return packages to wrong GATEWAY output. This is well known problem for Unix and
FreeBSD. To prevent such unexpected behave we recommend setting static routing.
A static routing is useful when considering stub network, or pocket network. This is a somewhat
casual term describing a computer network, or part of an internetwork with no knowledge of other
networks, that will typically send much or all of its non-local traffic out via a single path, with the
74
network aware only of a default route to non-local destinations. As a practical analogy, think of an
island which is connected to the rest of the world through a bridge and no other path is available either
through air or sea. Continuing this analogy, the island might have more than one physical bridge to the
mainland, but the set of bridges still represents only one logical path.
NTS-x000 can use VLAN’s when linked to CISCO (for information contact ELPROMA).
You can also specify SYSLOG server for future tracing functionality. You can configure facility and
verbosity of NTS server messages, to ease log segregation on your syslog server. Please read syslog
documentation for details about logs gathering.
75
If your network supports SNMP, you can configure special MIB2 traps to implement exceptional facts
you can be interesting in. It is very easy to set traps on such way that you will be informed by mail or
mobile phone (SMS) on any unexpected situation may occur inside NTS server like e.g. losing GNSS
antenna signal etc. Also you can trace all IP statistics using your favourite SNMP client (ie. Mrtg)
Another step is to define up to 10x NTP backup servers for single NTS server unit. In this mode NTS
server reminds Stratum 1 if GPS antenna works fine or any other time source (PPS_IN,
Rubidium/NTS-5000only, OCXO). But in case of missing accurate time source NTS server checks
backup servers list. If NTP accepts any of them the NTS server reduce its stratum to N-1 (where N is a
Stratum of approved server taken out of backup list). We advise to specify only Stratum 1 servers on
NTS server backup list. This does not let reduce NTS server Stratum below 2. The backup NTP
servers should be configured for authorized NTP transmission. For this reason, there is another field
key pointing position in encryption list with MD5 keys. But in this step we still advice to continuous
Setup without encrypted associations. Safety and protection will be discussed shortly in this manual.
76
Setting DATE/TIME is a tool to pre-set LOCAL clocks time. It always use to be UTC however some
customers use this option to maintaining other than UTC timescales (GPS). This can be useful option
to maintain local zone time too.
Time Zone service lets set LCD time to local time. It has information meaning only and timeserver
works and supports universal UTC timescale.
AUTH includes set of settings related to security and authentication including MD5 and SSH/SSL
keys.
77
Upgrade. To perform firmware upgrade you should put USB memory stick with new firmware into port
on front panel and then activate this option. GPS. With this function you can monitor GNSS receiver
messages on line, just as they came. You can check receiver location and GPS status bits. ANT A/B
DIR. This functions give you ability to send time signal in NMEA/PPS format to another NTS series
unit. Just configure one antenna socket as an output (O) and connect it with 1 to 1 twisted pair cable
with RJ-45 TIA-568B connectors to antenna input (I) of second NTS.
78
Once setup is done you have to exit with save option. Do not turn off power when NTS is saving
settings (appropriate message appear on LCD). The NTS–5000 supports SETUP available via SSH
and TELNET service or serial console port located on front panel (DTE configuration, 9600 baud, 8
data bits, no parity, 1 stop bit).
79
80
31. PTPv2 Setup of PTP1-LAN4 (LAN3-LAN6)
As NTS-5000 low-level hardware (HW) implementation of Precision Time Protocol (PTP) aspires to
deliver a full and faithful PTPv2 experience, the original documentation of PTP/IEEE1588:2008 is valid
and does not need to be repeated. We strongly recommend original IEEE release documents, and
restrict this documentation to help some topics to get you started quickly with PTP.
This chapter includes information exclusively dedicated to NTS-5000 PTP hardware extensions.
The NTS-5000 must be equipped with 1-4 optional hardware PTP interfaces located at back panel of
server. NTS-5000 is delivered with built-in (mounted) and recalibrated PTP interfaces. All hardware
PTP interfaces must be ordered and assembled at factory due to internal latency calibration necessary
to achieve high nanosecond accuracy of PTP. If you have ordered less that required PTP interfaces,
please contact Elproma technical support.
PTP #1
PTP #2
PTP #3
PTP #4
NTS-5000 Back Panel w/ high precision x4 interfaces: PTP1, PTP2, PTP3, PTP4
PTP #1
PTP #2
PTP #3
NTS-5000 Back Panel w/ high precision x3 interfaces: PTP1, PTP2, PTP3
PTP #1
PTP #2
NTS-5000 Back Panel w/ high precision x2 interfaces: PTP1, PTP2
PTP #1
NTS-5000 Back Panel w/ high precision single PTP1 interface
81
Ultra-high precision nanosecond [ns] PTP/IEEE1588 extension card
PTP1-PTP4 hardware extension board (top view)
PTP1-PTP4 panel view
PTP1-PTP4 hardware extension cards at NTS-5000 (front view)
PTP1-PTP4 hardware extension cards at NTS-5000 (top view)
82
Back panel view (3 units)
The 1-4 hardware PTP cards must be factory pre-installed. The firmware software setup automatically
recognised them and a new menu item PTP is displayed a last line before Exit item:
The std. UID and Password for setup are:
Username: admin
Password: 12345
83
Depends how many PTP cards are installed the menu will look like:
Please configure each PTP1 (PTP2, PTP3, PTP4) card separately depends on your requirement.
Below, configuration presents typical PTP configuration for financials set to appoint ESMA MiFID II
requirements.
84
The meaning of each line/parameters are:
(1) Reference time
It is a Grand Master Clock UTC time, the central time of NTS-5000 Time Server. At GPW the UTC ref.
time is simultaneously drawn from GNSS receivers (max. 2) and automatically stored to internal clocks
powered by 2 redundant oscillators: Rubidium and OCXO. This time is centrally redistributed to all
time related interfaces incl. PTP, NTP, IRIG-B, SYSPLEX, 1PPS-out, 10MHz-out etc. This time is
internally distributed to 1-4x PTP-Masters cards using 1PPS/ToD hardware signals.
Grand Master Clock interfacing – general scheme (GPW configuration)
The Reference Time is maintained automatically with nanosecond accuracy and resolution, and it is
displayed no real time at software setup level. It has general information purpose meaning due to
NTS-5000 is a multi-clock instrument.
85
Reference Time Input – list of all possible UTC sources of NTS-5000 served simultaneously.
Light grey colour indicates inactive ref. sources for GPW; Black Colour indicates active one at GPW
Reference Time Outputs – list of all possible UTC outputs of NTS-5000 (served simultaneously)
Light grey colour indicates inactive ref. sources for GPW; Black Colour indicates active one at GPW.
86
(2) PTP UTC Time
This is UTC time at PTP BUS (hardware level) PTP modules inputs. It is the same time as GMC
(Grand Master Clock) sent, but on another side of the bus – at arrive to PTP module hardware. This is
common time delivered to each of 1-4 PTP modules. Since it is common time (shared by bus: 1PPS +
ToD serial communication) it is represented by single field value.
PTP UTC Time – input UTC time at PTP hardware modules (1-4)
87
(3) The PTP Time (PTP UTC Offset)
UTC time at PTP (Precision Time Protocol) is represented by formula:
UTC= TAI - #LEAP_SEOCONDS
Therefore, it must be disassembled from 1PPS+ToD information that arrives to PTP hardware first.
The PTP time field points the time in TAI (Atomic Time Scale), and the next line field PTP UTC Offset
st
provides UTC to TAI offset information. Before December 31 of 2016 the LEAP_SECOND=36s, and
st
th
on midnight of UTC the January the 1 2017 New Year begins and new 37 LEAP SECOND will be
added automatically. Above information is stored to Ethernet PTP-Master outputs at PHY stamping
and with very high accuracy of hundreds of nanoseconds.
88
(4) Time Transfer Bus: PPS input, TOD input, PPS source
The Time Transfer Bus (TTB) supports following
synchronization signals and dataflow:
Internal Timing Bus redistributes UTC time from
GMC to all 1-4 PTP autonomous op. modules
•
1PPS (Pulse Per Second) high accuracy
frequency reference. Built-in 1:4 signal
splitter share this single GMC reference
to all 1-4 PTP modules.
•
ToD (Time of Day) UTC phase data
information. It tightly corresponds to
1PPS above data. It is sent via serial
communication to all 1-4 PTP modules.
•
Extended info package of data includes
additional information from GMC incl.
LEAP_SECOND and ERROR BUDGET.
Unless several unexpected factors are in the account, in broad outline it can be assumed rightness
that Reference Time is equal PTP Time. Those factors are:
a)
b)
c)
d)
Latency if I/O at GMC module output and PTP module input
Latency of time transfer at TB (Internal Time Transfer Bus between GMC and PTP module)
Time scale computing algorithms TAI-UTC
Others minor factors
elements
some differences can be observed in the future. This might require recalibration.
A furthermore, NTS-5000 provides self-audit monitoring. It gives additional information about stability
The NTS-5000 unit arrives factory pre-calibrated. However, because of aging of electronic
of internal synchronization signals (1PPS, ToD) at the time they arrive from TTB to PTP.
89
Those parameters are:
ToD input: <value>
PPS input: <value>
Value:
•
•
•
Stable
Unstable
- when TTB signals are examined by PTP module to be stable
- when TTB signals are examined by PTP module to be unstable
The PTP modules switches then to local holdover (HO) mode TCXO/OCXO driven
Unknown - when PTP cannot examine the quality of TTB input signals to be stable/unstable
There are several possible scenarios of action when other than Stable status is reach. This manual is
not providing details on such algorithms. Nevertheless, the USER should assume NTS-5000 unit is
trying to resolve the problem automatically at GMC level, by eg. changing output referential signals
sent by TMC to TTB.
The PPS source can be:
•
•
•
•
•
•
•
Rubidium (GMC level)
OCXO
(GMC level)
PPSa
(GNSS #1)
PPSb
(GNSS #2)
EXT
(1PPS-in EXT)
SYS
(SYSPLEX)
IRIG
(IRIG-B IN)
Note! After both internal oscillators (Rubidium
and OCXO) are synchronized to GNSS, the
NTS-5000 users mostly observe status of PPS
source:
•
•
PPS source: Rubidium
PPS source: OCXO
Time Synchronization Bus GMC-PTP(1-4)
Before Rubidium/OCXO are synchronized, other values like PPSa (GNSS#1) or PPSb (GNSS#2) can
be observed too. Once NTS-5000 unit has been switched ON and GMC synchronizes its Rubidium
and OCXO oscillators the TOD/PPS input source mostly displays values as Rubidium and OCXO.
This enables another level of synchronization process – the PTP 1-4 module synchronization
preparing for PTPv2/IEEE1588:2008 generation each.
PTPv2/IEEE1588:2008 output generation 1-4:
Each of 1-4 PTP modules is prepared for
autonomous
operation
–
PTPv2/IEEE1588:2008 standard generation to
Ethernet (SFP or RJ45).
Before modules are operational ready they local
clocks needs to be synchronized first. Each
module includes at least TCSO oscillator for
local holdover operation. Each module includes
autonomous operating Master Clock (MCLK)
too.
The synchronization process of 1-4 PTP
modules can be traced via variables:
1-4 PTPv2/IEEE1588:2008 autonomous operating
modules- each with own local TCXO oscillator and
90
Clk sates: Syncing
Clk sync : Yes
clock (Master Clock – MCLK)
Above variables are described on next page.
(5) Master Clock PTP modules (Clk states, Clk sync)
Assuming the PPS/ToD input signals (sent via TTB) are stable, the PTP modules are beginning their
local Master Cock (MCLK) synchronization. Each of max. clocks are synchronized separately to let
PTP modules operate autonomous and independent on each other. Each 1-4 module includes own
operating system with own IP stack (IPv4/IPv6) to support RJ45 or SFP (one in time only). The PTP
modules separation is essential for security at financial business (HFT) and it is regulated by ESMA
MiFID II regarding synchronization accuracy and UTC time resolution.
PTP1-PTP4 hardware MCLK (Master Clock PTP) modules in NTS-5000. Each with HW low-level time stamping
Clk states variable provides information of local MCLK (Master Clock) synchronization process of
PTP module.
Clk states: <status>
status:
Syncing
HOLDOVER
FREE
unknown
Syntonizing
– when MC is synchronizing to GMC
– when MC is operating from local TCXO
– when MC is operating FREE RUN mode TCXO
(MC reminds unsynchronized, e.g. after internal RESET)
– shortly after reset of module, or if module is not responding
- when MC intervals are syntonizing to ref. interval definition
91
In addition, the Clk sync information is provided and it can be neither Yes – if MC is synchronized to
GMC, or No – if not synchronized. Together, with Clk states it provides full information on PTP module
operating autonomous. The synchronized and stable operationally unit mostly displays:
Clk states
Clk sync
: Syncing
: Yes
where, MC is synchronized to GMC (TTB signals are stable) but it is consciously synchronizing to
keep best synchronization accuracy and MC performance. In case of getting PPS or ToD input
Unstable, the Clk states transfers to HOLDOVER (assuming the Clk sync was previously Yes).
Similar situation after module (or unit) reset might conclude with data outputs Clk states : FREE or
earlier directly after reset Clk states : unknown (assuming the Clk sync is No). In addition, the
Mode value parameters can be traced for screen for maintenance tracing:
mode: <value>
value:
Master loop
– MC is operating (communication is OK), PTP produces ETH output
Close
– communication PTP module INPUT is close (NO communication)
Connecting
– GMC is trying to lunch connection to PTP module INPUT
Read config – GMC is reading PTP module configuration (communication OK)
Configuration – PTP module configuration is pending
Init
– initializing PTP module
Booting
– PTP module is booting
Cli wait
– PTP module is waiting for command sent by GMC
92
(6) PTP module self-audit (PPS in/out software monitoring)
Each of the PTP modules is operating autonomously. It includes own OS (Unix base), IPv4/IPv6 stack.
PTP module is synchronized to GMC via TTB. The precision input synchronization is 1PPS-in. The
PTP synchronization module also produce output 1PPS-out. The PTP time reminds in range between
<1PPS-in..1PPS-out>. Signal offset difference (HW PPS Offset) can be measured by interval counter
or oscilloscope. In standard operation this offset is counted in hundreds of nanoseconds [ns].
But, each PTP module also includes a self-audit software that can do the same but with much less
accuracy because it basis on software macro-measurement. The variable name is PPS in/out. It
provides information counted in microseconds. This information can be used for general information
purpose only. As far as observed figures are below 100 microseconds the system assumes to operate
93
normally. Observing figures larger than 100 microseconds might cause requirement for additional
hardware measurement and calibration. The top screen presents PPS in/out=17 microseconds.
(7) NIC
Each PTP card provides NIC parameters including MAC and type of Ethernet connection (1GE,
100/10 Mbps).
(8) Network
94
Each ETH interface can be configured for IP, MASK and GETEWAY. Only 1 of 2 available Ethernet
interfaces can be used in time (ETH – RJ45 or SFP adapter).
(9) PTP
Above (red colour) marked block defines PTP Clock parameters described in Precision Time Protocol
standardization IEEE1588:2008 document. This specification is well done, so there are no reasons to
repeat it in this manual. For the std. server operation PTP always claim to work Ordinary. In some
specific cases PTP card can be configured Boundary. The Boundary mode can be selected when
clock is synchronization via PTP/Ethernet and it provides synchronization to PTP/Ethernet. In such
mode the Slave only option should be selected too. We recommend to keep default Two step
<enable> and 128 Priority default set to 128 since those are most std. PTP figures to keep
compatibility close.
95
There are two PTP delay measurement Mechanisms:
End-To-End (E2E - default)
Peer-To-Peer (P2P)
The Peer-To-Peer (P2P) delay measurement mechanism is best in IT engineered network, where all
switches can be guaranteed to be IEEE1588:2008 capable (either transparent clocks or boundary
clocks). If there are going to be any non-PTPv2/IEEE1588 aware switches, or if there is any doubt
about this, then please use End-To-End (E2E) delay measurement mechanism. This is why E2E is
also the default mechanism at NTS-5000.
The Precision Time Protocol (PTPv2/IEEE1588:2008) works by exchanging messages between
master clocks and slave clock.
E2E mechanism
Above (right side) sequence diagram is showing the exchange of messages between a PTP master
clock and a PTP save clock. For NTS-5000 this process is independent for each of max. 4 PTP
masters. The departure and arrival times of the Sync and Delay Request messages are saved as the
four timestamps t1-t4. The Follow Up and Delay Response messages are used to transport the
timestamps recorded at the MCLK to the SCLK. Such information is used to adjust slave clock time on
the end of these exchanges when SCLK has all four t1-t4 timestamps. It can than calculate the offset
of it’s own clock with respect to the master using following delay averaging formula:
Offset = (t2 + t3 – t1 – t4) /2
The equation assumes that the time it takes for messages to go from the MCLK to SCLK, the forward
delay, is the same as the time it takes for messages to go from the slave to the master, the reverse
delay. There is no problem if these delays are large, just so long as they are the same. Any difference
in the forward and reverse delay results in an error in determining the difference between the master
clock and the slave clock.
96
Why would the forward and reverse delays be different? It’s mainly due to all of kind of pesky queues.
There are queues in the routers, there are queues in the switches, there are even queues in the
network stacks at the end devices. Usually messages spend minimal time in the queues, but
sometimes they are waiting for a switch to finish up with other messages on the same port, or for an
operating system to complete what it was doing so it can fetch a timestamp. In some cases, the delay
can be quite long (to long), many microseconds, or even milliseconds. So obviously if this happens in
the one direction, but not the other providing to a big time transfer error.
Basically this is all solved with hardware timestamping when messages depart from or arrive at a
network port, special hardware generates a timestamp from the local clock, usually in the media
independent interface between the data link layer (MAC) and the physical layer (PHY). That removes
the unpredictably slow response of the operating system (OS) and other software (APP, DEV-driver
etc). Switches and routers which are PTP aware also timestamp PTP messages. One type of such
devices, is called a transparent clock works by updating PTP messages to correct for time spent in the
device. Another type, called a boundary clock uses the PTP messages to set its own clock, then
sends its time to PTP slaves which need it. This delay measurement mechanism is known as the
End-to-End delay measurement mechanism. As it turns out PTP has an alternative delay
measurement mechanism known as the Peer-to-Peer mechanism.
In Peer-To-Peer networks the master still sends Sync and Follow Up messages to the slave clock just
as with the end-to-end delay measurement mechanism. With peer-to-peer the slave calculates its
clock offset with respect to the master as follows:
slave time = master time + network delay
No need to combine four timestamps like we did with End-To-End networks. But how did the slave
know the network delay? That is the Peer-To-Peer delay measurement. Instead of sending delay
measurement messages from the slave to the master, as with the end-to-end approach, each device
on the network exchanges peer-delay measurement messages. That way each device can keep track
of the delays between itself and its immediately connected neighbors. Each device periodically
initiates an exchange of peer-delay messages on every connected port. Then each device removes
the peer-delay from Sync messages when it enters the device, by updating the correction field in
either the Sync or Follow Up message. If it is a switch, it doesn’t include the peer-delay in the
outgoing cable, even though it also knows that. The next device in the chain will do that correction,
and we don’t want to double count. The sequence of peer-delay compared to E2E looks:
If in P2P model the SCLK wants to know the delay to MCLK, it sends a Pdelay Req messages, short
for peer-delay request. SCLK also saves the time it sent in t1 message. MCLK saves the time of its
clock, when t2 message arrives. Then the MCLK sends a PDelay Resp message, short for peerdelay response, and a Pdelay Resp Follow Up. The Follow Up message contains the departure
time for the Pdelay Resp, t3. SCLK also saves the arrival time of the Pdelay Resp, t4, so it has all of
four timestamps and can calculate the delay between the clocks. Here, as with the end-to-end
97
mechanism, the assumption is made that the time it takes for the peer-delay messages to get from
one clock to the other is the same in each direction. In the peer-to-peer case we only making that
assumption over a cable, not the whole network, and there are no queues. So unless the cable is very
long, that is a good assumption.
What about the queues in the switches? At the beginning of this post I said that peer-to-peer only
works well when every switch is either a transparent clock or a boundary clock. That way the switch
will take care of its own queuing delays. Another reason that we don’t use peer-delay with ordinary
switches is that the switches don’t know what to do with peer-delay messages, and will not respond to
them.
Although the end-to-end mechanism is more versatile, because it can handle ordinary switches and
routers, the peer-to-peer mechanism has several advantages in networks where it does work:
•
•
•
All links are periodically measured, so delay between the master and slave are already known
when the network path changes. Note that peer-delay messages are exchanged even on
ports blocked to prevent loops, such as by the Rapid Spanning Tree Protocol.
There is no chance of Sync and Delay_Request messages taking different paths, since there
are no Delay_Request messages.
There is no need to worry about the master clocks ability to respond to Delay_Request
messages when there are a lot of slaves, it only has to send the Sync and Follow_Up.
98
SMF (UTC System Monitoring Facility for PTP)
Configuring ultra-high precision PTP the SMF (UTC Time System Monitoring Facility) should be taken
into account in case of providing independent auditor UTC synchronization validation at slave.
To continuously trace slave clock offset to ref. UTC please use selected 1PPS-outputs of:
•
•
•
UTC ref. (GPS receiver or local atomic clock)
NTS-5000 Master 1PPS_output
Slave card 1PPS-Output
In case of HFT Financial Systems such offset report should be stored in data LOG files
cryptographically sealed and timestamped (rfc3161).
More detailed information about precision UTC monitoring facility you can find at www.demetratime.eu
ELPROMA is member of DEMETRA project and consortium.
99
32. Application notes for HFT & MiFID II
Below scheme presents recommendation of UTC time distribution via PTP based on NTS5000 HFT
equipped with 4x PTPv2/IEEE1588 hardware cards. Solution warranties following properties:
1) All traders work in same UTC time domain (robust synchronization)
2) Mulit source time ref. provides robust UTC synchronization. Time is driven simultaneously
from GNSS and NTA (NMI).
3) Each trader has own independent PTPv2/IEEE1588 synchronization line, so traders cannot
interfere each other synchronization (traffic problem and its impact to PTP). Each trader PTP
synchronization creates kind of “synchronization umwelt”. Each PTP Master has own IP stack,
own OS driven. There is no communication between PTP masters inside NTS-5000. The
Grand Master NTS-5000 supports synchronization to all trader “synchronization umwelts” –
and they all work in same UTC time domain powered by robust synchronization.
4) Each trader PTP slave should consider to support:
a) NIC 1PPS-out for hardware monitoring (SDH). 1PPS-output should be considered to be
compared to ref. 1PPS(k). All monitored data, incl. transaction LOG should be
cryptographically timestamped RFC3161
b) Solution can be considered to use software level NTP/PTP monitoring (e.g. FSMlab Time
Keeper). This is independent on NTA 1PPS hardware validation. All output audit data
should be stored in LOG files, cryptographically RFC3161 timestamped, and archved for
future AUDIT.
Example of Stock Exchange HFT synchronization system supporting 4 high speed traders
100
Example of Stock Exchange HFT synchronization system supporting two redundant NTS-5000HFT servers
Example of connecting PTP slave to NTS-5000HFT
101
Above configuration was tested w/ std. M1000 PTP Slave on distance 50km achieving synchronization accuracy
of 60ns with jitter +/- 10ns. Below data presents Time Deviation (TDEV) and Allan Deviation (ADEV) plots from
December/January 2017 testing at London NPL.
102
33. Software setup via www (HTTP/HTTPS)
For security reasons HTTP/HTTPS setup does not include PTP extension cards. This setup is
dedicated to std. LAN1 & LAN2 or special LAN3-LAN6 NTP interface extensions.
Please Execute in your local web browser IP set manually from keyboard or use default IP setting.
Factory default user and password is:
Username: admin
Password: 12345
Login screen (www http/https)
Menu (left side of screen)
103
LAN configuration incl. LAN3-LAN6 (not available at TELNER/SSH config)
104
Sending LOG to SYSLOG server
Syslog is a widely used standard for message logging. It permits separation of the software that
generates messages, the system that stores them, and the software that reports and analyses them.
Computer system designers can use syslog for system management and security auditing as well as
general informational, analysis, and debugging messages. Syslog is a client/server protocol a logging
application transmits a text message to the syslog receiver. The receiver is commonly called syslog
server. Syslog messages may be sent via the UDP or TCP. The data is sent in clear text. Therefore in
some cases port 514 is required to be open.
NTS-3000/4000/5000 supports single syslog server reporting. Multiple syslog server support is
possible intermediately using LOG redistribution between syslog servers. NTS3000/4000/5000 is
providing standard reporting from most to least severe:
- Emergency (factory default),
- Alert,
- Critical,
- Error,
- Warning,
- Notice,
- Info,
- Debug
For more information please ref. to chapter describing SYSLOG operations later in this manual.
105
Simple Network Management Protocol support
106
max. 10 backup Time Servers (with MD5 authentication support)
Manual time & date set for local clock of NTS. This function can be also used to replace UTC by local time.
Time Zone settings will display local time on LCD (at the time NTP server is still working based on UTC)
107
Changing PASSWORD (default password is: 12345)
MD5 keys for autnetication
108
SSH key support
SSL key support
109
RADIUS support
DNS support
110
Redirecting antenna 1 & 2 (input, output NMEA GPS emulation or disable)
Unit can identified from software setup level
111
GNSS (GPS/GLONASS/BEIDOU/GALILEO) sat information
112
34. NTP symmetric authentication (MD5)
Network Time Protocol (NTP) supports authentication method using symmetric keys (MD5). This
functionality is not available for Precision Time Protocol (PTP).
If a packet is sent while using this authentication mode, every packet is provided with a 32-bit key ID
and a cryptographic 64/128 bit checksum of the packet. This checksum is built with MD5. With that
algorithm the receiving NTP clients validate the checksum. Only NTP client and NTP server using the
same pares of MD5 keys will successfully exchange synchronization data and therefore both parties
need to have the same crypto key with the same key ID.
The key file etc/ntp.keys
The user must add the key number and the key value to a key file. The file can have any name and be
located in any directory, but is usually named ntp.keys and is usually located in the same directory as
the NTP software and ntp.conf configuration file. The ntp.keys file includes in each line:
KeyID
EncryptionFormat
KeySequence
#Remarks
The first column holds the key ID (digit in range 0-65000). The second column defines the FORMAT.
The third column is the MD5 (or DES) key. Supported encryption formats are:
FORMAT “M” - MD5 key with up to 31 ASCII characters
/Timeservers NTS-3000, 4000, 5000 only supports M format/
FORMAT “A” - DES key with up to eight 7-bit ASCII characters
/each character is standing for a key octet. This is used by Unix passwords, too./
FORMAT “S” -DES key written in hexadecimal notation,
/where the lowest bit LSB of each octet is used as the odd parity bit/
FORMAT “N” – DES hexadecimal string,
/NTP standard format is using the highest bit (HSB) of each octet used as the odd
parity bit/
Useful remarks:
•
•
•
•
•
Please be aware of the following restrictions of not using “#”, TAB, Newline, and NULL as
ASCII key.
The keyID 0 is reserved for special purposes and should not appear too.
The key value must be entered in upper and lower case on both sides (server/client).
For initial testing purpose please locate ntp.keys file in same directory as ntp.conf file is.
For final production keys file should be owned by root and should not be readable by normal
users
The ntp.keys text ASCII file may look like this:
10
20
14
15
12345
N
M
M
A
M
29233E0461ECD6AE
RIrop8KPPvQvYotM
sundial
sundial
BlahBlahBlah
Following keys are identical:
101
A
SeCReT
101
N
d3e54352e5548080
101
S
a7cb86a4cba80101
# des key in NTP format
# md5 key as an ASCII random string
# md5 key as an ASCII string
# des key as an ASCII string
# key can be any ASCII string and any unique KeyID
# this is ASCII (DES) text
# this is HEX (DES) string HSB notation
# this is HEX (DES) string LSB notation
113
In the authentication mode a party is marked “untrusted” (not suitable for synchronization), whenever
unauthorized packets (or authorized packets with a wrong key) are used. Please note that a server
may recognize a lot of keys but use only a few of them. This allows a time-server to serve a timeclient, who is demanding authenticated time-information, without trusting. Additional parameters are
used to specify the key IDs for validating the authentic of each partner.
Configuring the client NTPD daemon for MD5 authentication
In order to use authentication, the following commands must be added to the ntp.conf configuration
file. These changes should be made after the key has been added to the key file as described above.
The symbol “#” introduces a comment (remark), which continues for the remainder of the line. The
NTP daemon process must be restarted after the file has been edited.
The configuration file ntp.conf of a server using this authentication mode may look like this:
server 10.0.0.210 key 10
server 192.168.0.210 key 10
keys <path>/etc/ntp.keys
# UNIX family OS
keys “<path>\etc\ntp.keys”
# MS-WINDOWS
trustedkey 10 15
requestkey 15
# key (mode 6) for accessing server variables
controlkey 15
# key (mode 7) for accessing server variables
The keys parameter indicates the location of the file, in which all symmetric keys are stored. The
trustedkey line includes all key IDs, which have to be considered (trusted – also called
uncompromised). All other keys defined in the keys are considered as compromised. This allows reusing already owned keys by just adding their respective key ID to the trustedkey parameter. If a key
needs to be switched off, it can be removed from this line without removing it from the system. This
ensures an easy way to re-activate it later without actually transferring the key again.
The line requestkey 15 declares the key ID for mode-6 control messages (as described in rfc for NTP),
which are used by the ntpq utility for example. The controlkey parameter is specifying the key used for
mode-7 private control messages, for example used by the ntpdc utility. These keys protect the ntpd
variables against unauthorized modification.
It is helpful to monitor the performance of the NTP daemon to confirm that the authentication algorithm
is working as expected. The NTP daemon provides a number of monitoring tools that can be used for
this purpose. For example, the peerstats command will provide information on the status of the
connections to the servers that are being used to synchronize the system time. To enable this report,
the following commands would be added to the NTP configuration ntp.conf file:
#
enable auth
enable monitor
enable stats
#
# turn on reporting of the peer statistics
#
statistics peerstats
#
# the file for the report will be named peerstats with
# the date appended. The full name of the file # will be peerstats.yyyymmdd.
# a new file will be created every day at 0 hours UTC.
#
filegen peerstats file peerstats type day
#
# the following command specifies the full name of
# the directory where the files will be located
#
114
statsdir /local/bin/
Testing the keys
1. Any given key can be tested using the utility program ntpdate in debug mode (-d options). Running
in debug mode will print intermediate results on screen and do not adjust the clock (-a option). The
integer specifies the key number ( –k option). The xxx.xxx.xxx.xxx is the IP of NTP server. The
command is:
ntpdate -d -a 12345 -k /local/bin/ntp.keys xxx.xxx.xxx.xxx
The NTP server replay should include confirmation sequence:
authentication passed transmit(xxx.xxx.xxx.xxx) receive(xxx.xxx.xxx.xxx)
If the key number or key value is not correct then the message “authentication passed” will be
replaced with “authentication failed.” If the response shows transmit messages with no corresponding
receive responses then either the IP address is wrong, keyID mismatch or a firewall or network router
is blocking the connection to the timeserver. The ntpdate always require root (admin) rights.
2. Starting from NTP version 4.2.8 there is ntpq new command authinfo available for testing and
statistic. Please type “?” at ntpq prompt command level to see all commands. The ntpq can be also
executed from shell level. The command is:
ntpq –c authinfo
It returns statistic of authentication with following detailed data output:
time since reset:
stored keys:
free keys:
key lookups:
keys not found:
uncached keys:
expired keys:
encryptions:
decryptions:
21483
2
15
2712
0
1
0
1356
1356
Observing in time client “encryptions” and “decryptions” figures ensures that packages are exchanged
encrypted. Both parameters should increase each pool interval, but not necessarily (depends on
ntp.conf configuration and time server availability) both must point the same value.
3. It is helpful to monitor the performance of the NTP daemon to confirm that the authentication
algorithm is working as expected. The NTP daemon provides a number of monitoring tools setup in
ntp.conf :
#monitoring lines add to ntp.conf
enable monitor
enable stats
statistics peerstats
filegen peerstats file peerstats type day
statsdir /local/bin/
The daemon process will add an entry into the peerstats file each time the client queries a server. The
entry will be in the following form:
115
54237 86332.222 132.163.4.107 f624 -0.011106682 0.000251015 0.000953898
0.000073756
The first two parameters give the time of the query as the MJD (Modified Julian Day number) and the
UTC second of the day. The third parameter gives the IP address of the remote system. The fourth
parameter describes the state of the query using the hexadecimal representation of a series of bits.
The significance of each bit is described in Appendix B of RFC1305. Using the convention that the
most significant bit of the state is bit 0, the first hexadecimal digit of the state should be “f” to indicate
that:
Bit 0: peer is configured
Bit 1: authentication is enabled
Bit 2: authentication is ok
Bit 3: peer is reachable
If authentication is not used, then bits 1 and 2 will be 0, and the first digit will be 9 instead of f. The “6”
in the second digit signals that this server is being used to synchronize the local clock. If the client is
querying more than one server, then the one that is selected to synchronize the clock will have a 6 as
the second digit and the other status words will normally have a 4 in that position. The remaining
parameters describe the offset, delay, dispersion, and jitter of the query.
ntp.conf/ntp.keys examples
Example configuration for testing NTP for Microsoft Windows 8.1 PRO
# file ntp.conf for Windows 8.1 NTP CLINET
driftfile "C:\Program Files (x86)\NTP\etc\ntp.drift"
enable auth
keys "C:\Program Files (x86)\NTP\etc\ntp.keys"
trustedkey 10101 12345 20 101
requestkey 15
controlkey 15
server 10.0.0.245 iburst minpoll 4 maxpoll 4 key 10101
### EOF ###
# file ntp.conf for Windows 8.1 NTP SERVER
driftfile "C:\Program Files (x86)\NTP\etc\ntp.drift"
enable auth
keys "C:\Program Files (x86)\NTP\etc\ntp.keys"
trustedkey 10101 12345 20 101
requestkey 15
controlkey 15
server 127.127.1.0 iburst minpoll 4 maxpoll 4
fudge 127.127.1.0 stratum 5 refid WIN8
### EOF ###
# file ntp.keys – the same file for both: SERVER & CIENT
10
M ElpromaElectronica1
14
M sundial
15
A sundial
20
N 29233E0461ECD6AE
# des key in NTP format
30
M RIrop8KPPvQvYotM
# md5 key as an ASCII random string
12345 M BlahBlahBlah
# key can be any ASCII string and any unique KeyID
101
A SeCReT
# this is ASCII (DES) text
1010 N d3e54352e5548080
# this is HEX (DES) string HSB notation
116
10101 M a7cb86a4cba80101
# this is HEX (DES) string LSB notation
Configuring authentication at NTS-3000/4000/5000
NTS-3000/4000/5000 authentication can be lunch using std, server setup (HTTP, SSH, TELNET).
Timeserver supports MD5 symmetric keys only. Please be sure to save updated configuration and
restart NTP client demon or service. It is also recommended to power down NTS-3000/4000/5000 and
restart unit before using new defined MD5 symmetric keys.
MD5 Setup (WWW)
From left menu please select NTP MD5 Keys and write your MD5 ASCII keys to table. The 1-10
column represents KeyID. If you like to store large number KeyID please use Prev/Next buttons. Once
your MD5 key configuration (servers ntp.keys) is ready, please save it pressing “Save changes” and
wait until confirmation of storing will be displayed. Before using new defined MD5 keys please
perform “Save settings” (and wait for success saving confirmation), and Logout. It is recommended to
restart time server before using new keys.
Configuring symmetric MD5 keys via HTTP (example use server IP 10.0.0.249)
Saved configuration creates automatically ntp.keys file inside NTS-3000/4000/5000. Please note keys
you have defined for NTS and use them at ntp.keys/ntp.conf file of your client. Files may looks like:
# ntp.conf file
enable auth
keys "C:\Program Files (x86)\NTP\etc\ntp.keys"
trustedkey 1 15 16
requestkey 16
controlkey 16
server 10.0.0.249 minpoll 4 maxpoll 4 key 1
#KeyID=1 “SimpleTestKeyMD5”in use
# ntp.keys file
1
M SimpleTestKeyMD5
15 M ElpromaKey2
16 M ClepsydraKey3
117
MD5 Setup (SSH/TELNET)
Below screenshots shows how to configure symmetric MD5 keys using text mode terminal services
SSH and Telnet. For secured network environments, it is strongly recommended to use SSH service
(not HTTP or Telnet).
When defining new or existing MD5 key you will be requested for its KeyID (key number) first.
You can provide new MD5 key text sequence, modify or remove existing one.
118
Stored MD5 keys can be viewed. Please use VIEW from AUTH menu to view all defined MD5 keys.
Once all MD5 keys definitions are complete please use RETURN and EXIT with saving setup. All
operation will be confirmed on TTY display. We thank you for you patience and please follow those
messages until final one. It is recommended to restart your timeserver before using new or modified
MD5 keys. You should also perform to restart your NTP client demon (service) to take effect on
changes. Please test your authenticated synchronization first before using in final production
environment.
119
120
35. SYSLOG
Syslog is a widely used standard for message logging. It permits separation of the software that
generates messages, the system that stores them, and the software that reports and analyses them.
Computer system designers can use syslog for system management and security auditing as well as
general informational, analysis, and debugging messages. Syslog is a client/server protocol a logging
application transmits a text message to the syslog receiver. The receiver is commonly called syslog
server. Syslog messages may be sent via the UDP or TCP. The data is sent in clear text. Therefore in
some cases port 514 is required to be open.
NTS-3000/4000/5000 SETUP page for defining syslog server address, facility and level
NTS-3000/4000/5000 supports single syslog server reporting. Multiple syslog server support is
possible intermediately using LOG redistribution between syslog servers. NTS3000/4000/5000 is
providing standard reporting from most to least severe:
-
Emergency (factory default),
Alert,
Critical,
Error,
Warning,
Notice,
Info,
Debug
A facility level is used to specify what type of NTS-3000/4000/5000 service is logging the message.
This lets the configuration file specify that messages from different facilities will be handled differently.
The possible selection are: Original (factory default – the same as FreeBSD UNIX), demon, syslog,
local use from 0 to 7.
The NTS-3000/4000/5000 sends to syslog following security messages:
•
•
•
entering/exiting SETUP locally from front panel keyboard
entering/exiting SETUP remotely using ssh, www, telnet etc
the new source of UTC faze stamping is selected for synchronization (GNSS-NMEA Ant1,
GNSS-NMEA Ant2, remote backup NTP servers, LOCAL clock)
Note ! Frequency ref. as 1PPS (GNNS, EXT, IRIG-B, SYSPLEX) as well as internal build-in OSC
(OCXO, Rubidium) will not trig LOG message report when synchronized to. It is because 1PPS is just
a frequency std. and it is not providing any UTC time stamping information (UTC date & time). It
121
performs high accuracy frequency tuning possible only once time server is locked (PLL/FLL) to source
as Ant1, Ant2 or remote backup NTP server.
Entering/exiting SETUP locally from front panel keyboard
Accessing SETUP from keyboard (without saving changes)
Accessing SETUP from keyboard (saving changes)
Entering/exiting SETUP remotely using ssh/www/telnet and other protocols or utility
Accessing SETUP from SSH (saving changes)
New NMEA UTC source of time stamping
This message is sent each time NMEA UTC timestamp new source is selected. Message is not generated for frequency tuning std. as 1PSS
Indicating LOCAL clock operation
NTS-3000/4000/5000 is synchronized to NTP LOCAL CLOCK. This situation can periodically (temporary) be noted in LOG when switching
between UTC sources. It is requiring than Admin inspection (eg. via NTP tool “ ntpq.exe –pe”) to check current status of Ant1/Ant2.
122
Missing UTC source for time server
NTS-3000/4000/5000 is missing source of UTC time. This situation might happen when all antennas are disconnected and server
configuration has disabled OSC (OCXO, Rubidium) and LOCAL clock.
Simple LOG sequence after power up timeserver
Good weather conditions
Below screenshot illustrates LOG example when bed weather conditions are and there are
problems in receiving SAT signals.
123
Bad weather conditions (missing SAT signals or GNSS signal is unstable)
Important note ! Each time LOCAL clock message is the last status written to LOG the
inspection via std. NTP tool “ntpq –pe” is recommended to check antennas and internal
oscillators. This situation does not necessary mean emergency call since there is a high
probability server reminds FLL (frequency locked) to 1PPS of NMEA GNSS (Ant1 or Ant2).
If next LOG message confirms new synchronization source to NMEA (see above example on
the top) there are no needs to verify LOCAL clock action.
124
Please visit us at for latest product information:
www.clepsydratime.com
tel.: +48 227517680 fax.: +48227517681
125

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project