BestHub
Sign in
Operations 10 min read

How Chrony Achieves Millisecond‑Level Time Sync: Theory and Practical Setup

This article explains the core components and advantages of Chrony, compares it with ntpd, and provides step‑by‑step configuration and verification commands for deploying Chrony as both NTP client and server on Linux systems.

Ops Community
Ops Community
Ops Community
How Chrony Achieves Millisecond‑Level Time Sync: Theory and Practical Setup

Chrony is an open‑source time‑synchronization tool for Linux that implements high‑precision NTP client and server functions. Compared with the traditional ntpd, Chrony is more flexible and efficient, especially in unstable network environments such as mobile devices, virtual machines, or intermittent connections.

1. Introduction

Core components

chronyd (daemon) – responsible for time synchronization and can run in client or server mode; supports dynamic clock frequency adjustment and adapts to network latency.

chronyc (command‑line tool) – monitors and configures chronyd, providing interactive commands to view or modify synchronization status.

Main advantages

Fast synchronization on system boot, faster than ntpd.

Low resource consumption, suitable for embedded devices or VMs.

Handles unstable networks and high latency gracefully.

Supports hardware timestamps for sub‑millisecond accuracy on LAN.

Provides NTP authentication mechanisms (e.g., keyfile).

Typical use cases

As an NTP client pulling time from public servers (e.g., pool.ntp.org).

As an NTP server providing time to internal devices.

In offline environments using a local hardware clock (RTC).

2. Configuration

Verify NTP server availability

<code>|   |   |
|---|---|
|   | # Check network connectivity |
|   | ping 192.168.31.110 |
|   | # Check NTP port 123 |
|   | nc -zv 192.168.31.110 123 |
|   | # Open port 123 if blocked |
|   | sudo iptables -A INPUT -p tcp --dport 123 -j ACCEPT |
|   | # Save firewall rules |
|   | sudo service iptables save |
</code>

If ping succeeds but nc fails, the NTP service may be stopped or blocked by a firewall.

Set the system time zone

<code>|   |   |
|---|---|
|   | # List all time zones |
|   | timedatectl list-timezones |
|   | # Set time zone |
|   | sudo timedatectl set-timezone Asia/Shanghai |
|   | # Verify |
|   | timedatectl |
</code>

Basic configuration (/etc/chrony.conf)

<code>|   |   |
|---|---|
|   | # Use Alibaba Cloud NTP pool |
|   | pool ntp.aliyun.com iburst maxsources 3 prefer |
|   | # Local hardware clock as fallback |
|   | server 127.127.1.0 iburst |
|   | local stratum 10 |
|   | # Allow internal subnet |
|   | allow 192.168.31.0/24 |
|   | # Record drift file |
|   | driftfile /var/lib/chrony/drift |
|   | # Step adjustment if offset large |
|   | makestep 1.0 3 |
|   | # Enable RTC sync |
|   | rtcsync |
|   | # Log directory |
|   | logdir /var/log/chrony |
</code>

NTP defines the special address range 127.127.x.x for local hardware clocks; 127.127.1.0 is the most common.

server

specifies a single NTP source; multiple lines provide redundancy.

pool

points to a DNS‑resolved set of servers, offering load balancing and high availability.

maxsources

limits the number of servers used from a pool.

iburst

accelerates initial synchronization.

prefer

marks a source as preferred.

offline

marks a server as unavailable.

Common commands

<code>|   |   |
|---|---|
|   | # Show system time and zone |
|   | timedatectl |
|   | # Add a temporary preferred server |
|   | sudo chronyc add server 192.168.31.110 iburst |
|   | # Force a burst sync |
|   | sudo chronyc burst 2/2 |
|   | # Manual step adjustment |
|   | chronyc makestep |
|   | # List sources with details |
|   | chronyc sources -v |
|   | # Show tracking statistics |
|   | chronyc tracking |
|   | # List connected clients (server mode) |
|   | sudo chronyc clients |
|   | # Restart chronyd |
|   | sudo systemctl restart chronyd |
</code>

3. Example Deployment

Scenario: four servers – s1 (192.168.31.110), s2 (192.168.31.111) as primary/backup NTP servers, and c1 (192.168.31.112), c2 (192.168.31.113) as clients.

Configure primary server s1

<code>|   |   |
|---|---|
|   | pool ntp.aliyun.com iburst maxsources 3 |
|   | server 127.127.1.0 iburst |
|   | local stratum 10 |
|   | allow 192.168.31.0/24 |
|   | driftfile /var/lib/chrony/drift |
|   | makestep 1.0 3 |
|   | rtcsync |
|   | logdir /var/log/chrony |
</code>

Configure backup server s2

<code>|   |   |
|---|---|
|   | pool ntp.aliyun.com iburst maxsources 3 |
|   | server 192.168.31.110 iburst prefer |
|   | server 127.127.1.0 iburst |
|   | local stratum 10 |
|   | allow 192.168.31.0/24 |
|   | driftfile /var/lib/chrony/drift |
|   | makestep 1.0 3 |
|   | rtcsync |
|   | logdir /var/log/chrony |
</code>

Configure clients c1 and c2

<code>|   |   |
|---|---|
|   | server 192.168.31.110 iburst prefer |
|   | server 192.168.31.111 iburst |
|   | driftfile /var/lib/chrony/drift |
|   | makestep 1.0 3 |
|   | rtcsync |
|   | logdir /var/log/chrony |
</code>

Restart Chrony to apply changes

sudo systemctl restart chronyd

Verify synchronization

On the NTP server:

sudo chronyc clients

to list connected clients.

On any host:

chronyc sources -v

to see the current best source (marked with ^*).

LinuxSystem AdministrationNTPtime synchronizationChronychronycchronyd
Ops Community
Written by

Ops Community

A leading IT operations community where professionals share and grow together.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment