A network administrator has applied the NTP peer statement to a Cisco IOS router. Which additional function is simultaneously being used on this router?
A.
static server
B.
symmetric active mode
C.
NTP broadcast client
D.
static client
Explanation:
Client/Server Mode
Dependent clients and servers normally operate in client/server mode, in which a client or dependent server can be synchronized to a group member, but no group member can synchronize to the client or dependent server. This provides protection against malfunctions or protocol attacks.
Client/server mode is the most common Internet configuration. It operates in the classic remote-procedure-call (RPC) paradigm with stateless servers. In this mode, a client sends a request to the server and expects a reply at some future time. In some contexts, this would be described as a poll operation, in that the client polls the time and authentication data from the server. A client is configured in client mode by using the server command and specifying the domain name server (DNS) name or address. The server requires no prior configuration.
In a common client/server model, a client sends an NTP message to one or more servers and processes the replies as received. The server interchanges addresses and ports, overwrites certain fields in the message, recalculates the checksum, and returns the message immediately. Information included in the NTP message allows the client to determine the server time with respect to local time and adjust the local clock accordingly. In addition, the message includes information to calculate the expected timekeeping accuracy and reliability, as well as select the best server.
Servers that provide synchronization to a sizeable population of clients normally operate as a group of three or more mutually redundant servers, each operating with three or more stratum 1 or stratum 2 servers in client/server modes, as well as all other members of the group in symmetric modes. This provides protection against malfunctions in which one or more servers fail to operate or provide incorrect time. The NTP algorithms are engineered to resist attacks when some fraction of the configured synchronization sources accidentally or purposely provide incorrect time. In these cases, a special voting procedure is used to identify spurious sources and discard their data. In the interest of reliability, selected hosts can be equipped with external clocks and used for backup in case of failure of the primary and/or secondary servers, or communication paths between them.
Configuring an association in client mode, usually indicated by a server declaration in the configuration file, indicates that one wishes to obtain time from the remote server, but that one is not willing to provide time to the remote server.
Symmetric Active/Passive Mode
Symmetric active/passive mode is intended for configurations where a group of low stratum peers operate as mutual backups for each other. Each peer operates with one or more primary reference sources, such as a radio clock, or a subset of reliable secondary servers. Should one of the peers lose all reference sources or simply cease operation, the other peers automatically reconfigure so that time values can flow from the surviving peers to all the others in the clique. In some contexts this is described as a push-pull operation, in that the peer either pulls or pushes the time and values depending on the particular configuration.
Configuring an association in symmetric-active mode, usually indicated by a peer declaration in the configuration file, indicates to the remote server that one wishes to obtain time from the remote server and that one is also willing to supply time to the remote server if necessary. This mode is appropriate in configurations involving a number of redundant time servers interconnected through diverse network paths, which is presently the case for most stratum 1 and stratum 2 servers on the Internet today.
Symmetric modes are most often used between two or more servers operating as a mutually redundant group. In these modes, the servers in the group members arrange the synchronization paths for maximum performance, depending on network jitter and propagation delay. If one or more of the group members fail, the remaining members automatically reconfigure as required.
A peer is configured in symmetric active mode by using the peer command and specifying the DNS name or address of the other peer. The other peer is also configured in symmetric active mode in this way.
Note: If the other peer is not specifically configured in this way, a symmetric passive association is activated upon arrival of a symmetric active message. Since an intruder can impersonate a symmetric active peer and inject false time values, symmetric mode should always be authenticated.
Broadcast and/or Multicast Mode
Where the requirements in accuracy and reliability are modest, clients can be configured to use broadcast and/or multicast modes. Normally, these modes are not utilized by servers with dependent clients. The advantage is that clients do not need to be configured for a specific server, allowing all operating clients to use the same configuration file. Broadcast mode requires a broadcast server on the same subnet. Since broadcast messages are not propagated by routers, only broadcast servers on the same subnet are used.
Broadcast mode is intended for configurations involving one or a few servers and a potentially large client population. A broadcast server is configured using the broadcast command and a local subnet address. A broadcast client is configured using the broadcastclient command, allowing the broadcast client to respond to broadcast messages received on any interface. Since an intruder can impersonate a broadcast server and inject false time values, this mode should always be authenticated.