69Mode Working process Principle Application scenarioBroadcastA server periodically sends clocksynchronization messages to thebroadcast address255.255.255.255. Clients listento the broadcast messages fromthe servers to synchronize to theserver according to the broadcastmessages.When a client receives the firstbroadcast message, the client andthe server start to exchangemessages to calculate the networkdelay between them. Then, onlythe broadcast server sends clocksynchronization messages.A broadcast client cansynchronize to abroadcast server, but abroadcast server cannotsynchronize to abroadcast client.A broadcast server sendsclock synchronizationmessages to synchronizeclients in the same subnet.As Figure 27 shows,broadcast mode isintended for configurationsinvolving one or a fewservers and a potentiallylarge client population.The broadcast mode has alower time accuracy thanthe client/server andsymmetric active/passivemodes because only thebroadcast servers sendclock synchronizationmessages.MulticastA multicast server periodicallysends clock synchronizationmessages to the user-configuredmulticast address. Clients listen tothe multicast messages fromservers and synchronize to theserver according to the receivedmessages.A multicast client cansynchronize to amulticast server, but amulticast server cannotsynchronize to amulticast client.A multicast server canprovide timesynchronization for clientsin the same subnet or indifferent subnets.The multicast mode has alower time accuracy thanthe client/server andsymmetric active/passivemodes.In this document, an "NTP server" or a "server" refers to a device that operates as an NTP server inclient/server mode. Time servers refer to all the devices that can provide time synchronization, includingNTP servers, NTP symmetric peers, broadcast servers, and multicast servers.NTP securityTo improve time synchronization security, NTP provides the access control and authentication functions.NTP access controlYou can control NTP access by using an ACL. The access rights are in the following order, from leastrestrictive to most restrictive:• Peer—Allows time requests and NTP control queries (such as alarms, authentication status, and timeserver information) and allows the local device to synchronize itself to a peer device.• Server—Allows time requests and NTP control queries, but does not allow the local device tosynchronize itself to a peer device.• Synchronization—Allows only time requests from a system whose address passes the access listcriteria.• Query—Allows only NTP control queries from a peer device to the local device.The device processes an NTP request, as follows: