IETF Logo Mail Archive

Re: [Ntp] NTPv5 Loop Detection without Stratum

Heiko Gerstung <heiko.gerstung@meinberg.de> Wed, 24 August 2022 14:39 UTC

Return-Path: <heiko.gerstung@meinberg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F045C15258B for <ntp@ietfa.amsl.com>; Wed, 24 Aug 2022 07:39:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meinberg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 956rn5ZW0IAP for <ntp@ietfa.amsl.com>; Wed, 24 Aug 2022 07:39:35 -0700 (PDT)
Received: from server1a.meinberg.de (server1a.meinberg.de [176.9.44.212]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D1559C1526EE for <ntp@ietf.org>; Wed, 24 Aug 2022 07:39:33 -0700 (PDT)
Received: from seppmail.py.meinberg.de (unknown [193.158.22.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server1a.meinberg.de (Postfix) with ESMTPSA id 9D2C571C0234; Wed, 24 Aug 2022 16:39:30 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinberg.de; s=d2021; t=1661351970; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=HveH/E9seADmYB05EEz8sQ893qoiz9+k0SJSlLSnW48=; b=opZSQqCv5XEagvc0uhX/LsmCyFiIWWUBIaAI+DNS3ycggjMFJScq1a1/TwL66FbxZT0YiC wMZI6IvuYqPJzQ+FFqRT7zBaTmsL90gktXsOPTnQSFvg3pW/t8IBTI9Q+0HSQM/Dl7OYTR vRVv/8iSIU/Jl35BVL7rdy2fl3lzU8k5usz5fHNnb8+8z9CSED5+J8v3nSEbaocaB/vuHi v/GJFgctPAJSSPEmZkdBbZ1bIgANW26CLRCJ8c8JFyFM0h8CMie44qUxkmy5O/ahfZYO25 dqUany5/PN5bQJF6yhhq/9WIazR7zbD1S/6SR4cX66MqakS9BeCxxaE8v4Zb3Q==
Received: from srv-kerioconnect.py.meinberg.de (srv-kerioconnect.py.meinberg.de [172.16.3.65]) (using TLSv1.3 with cipher AEAD-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by seppmail.py.meinberg.de (Postfix) with ESMTPS; Wed, 24 Aug 2022 16:39:30 +0200 (CEST)
X-Footer: bWVpbmJlcmcuZGU=
User-Agent: Microsoft-MacOutlook/16.63.22070801
Date: Wed, 24 Aug 2022 16:39:27 +0200
Message-ID: <29C1BB8D-6200-4868-8D01-83370D43E1F3@meinberg.de>
Thread-Topic: [Ntp] NTPv5 Loop Detection without Stratum
References: <DA1F1664-8A84-4197-844A-CA7E8DAA36B8@meinberg.de> <4c3306fc-4a44-6cb1-57b7-895a543d51dc@nwtime.org>
In-Reply-To: <4c3306fc-4a44-6cb1-57b7-895a543d51dc@nwtime.org>
Importance: Normal
X-Priority: 3
Thread-Index: AZ2x3tU+NGMwNDNhMzYxMDA0YWQxZg==
From: Heiko Gerstung <heiko.gerstung@meinberg.de>
To: Harlan Stenn <stenn@nwtime.org>, "ntp@ietf.org" <ntp@ietf.org>
X-SM-outgoing: yes
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----E67D0415AC37F81FC88E6072F84FD641"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/09wCOkBY4Bp2CD0USmSgHZ1jdT0>
Subject: Re: [Ntp] NTPv5 Loop Detection without Stratum
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2022 14:39:40 -0000

>     Are timing loops an actual, real problem?
Yes. 

>     If so, what are the significant considerations?
Not sure what that means (sorry). 

>    What core variables are in play?  Root distance?  Root/peer dispersion?
I do not know. I would say that timing loops are having a negativ impact independent from what core variables are involved. 

>    What are the root causes of these loops?
In most cases I would say "configuration errors".

Regards,
  Heiko


Am 24.08.22, 10:43 schrieb "ntp im Auftrag von Harlan Stenn" <ntp-bounces@ietf.org im Auftrag von stenn@nwtime.org>:

    Are timing loops an actual, real problem?

    If so, what are the significant considerations?

    What core variables are in play?  Root distance?  Root/peer dispersion?

    What are the root causes of these loops?

    H

    On 8/23/2022 3:21 AM, Heiko Gerstung wrote:
    > One way of avoiding/detecting loops:
    > - upon startup, an NTPv5 instance creates a random 64bit ID
    > - we add a loop detection EF that can include n IDs (or we use n EFs)
    > - a stratum one server, when ask for his "sync trace", responds with only his ID
    > - a stratum two server would add its own ID to the ID of its upstream server, responding with a sync trace of two IDs
    > - a stratum 1+n server would respond with the sync trace of its upstream source(s) plus its own ID
    > - if you use more than one upstream source, you can respond with a list of all IDs from the sync trace of all your upstream sources (removing duplicates)
    > - by checking if your own ID is in the sync trace of your upstream source(s), you can find out if there is a loop
    > 
    > Maybe smaller IDs (32 bit, 16 bit) would be OK as well. 10 IDs would be 80 octets on the wire. No question that we would have to find a way to avoid amplification attacks (hello monlist!). Maybe by making it mandatory to send a request (with padding bytes) that is as big as the worst case response.
    > 
    > Regards,
    >    Heiko
    > 
    > --
    > Heiko Gerstung | Managing Director
    > T: +49 (0)5281 9309-404 | LinkedIn Profile <https://www.linkedin.com/in/heikogerstung/> | Twitter <https://twitter.com/hgerstung>
    > heiko.gerstung@meinberg.de
    > 
    > MEINBERG® The Synchronization Experts
    >   
    > Meinberg Funkuhren GmbH & Co. KG
    > Lange Wand 9 | 31812 Bad Pyrmont | Germany
    > Web: http://www.meinberg.de | http://www.meinbergglobal.com | LinkedIn  <https://www.linkedin.com/company/meinberg-funkuhren-gmbh-&-co--kg>
    > 
    > Amtsgericht Hannover 17HRA 100322
    > Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung
    > 
    > Do not miss our Time Synchronization Blog:
    > http://blog.meinbergglobal.com
    >   
    >   
    > 
    > Am 23.08.22, 12:07 schrieb "ntp im Auftrag von Miroslav Lichvar" <ntp-bounces@ietf.org im Auftrag von mlichvar@redhat.com>:
    > 
    >      On Tue, Aug 23, 2022 at 11:30:44AM +0200, Ulrich Windl wrote:
    >      > So my conclusion still is that the "ping pong" style of time exchange between
    >      > peers is in accordance with the protocol specification.
    > 
    >      If the protocol cannot prevent the loop, there is no other option :).
    > 
    >      If NTPv5 can detect all loops, the client can decide to ignore the
    >      measurements of the source to avoid the loop.
    > 
    >      > (However if those peer have no other time source, the quality should become
    >      > worse over time, eventually declaring them unsynchronized)
    > 
    >      If they have no other time source, the protocol will block the
    >      synchronization by ignoring sources with larger stratum (NTPv3) or
    >      ignoring sources with matching refid (NTPv4).
    > 
    >      > > It causes oscillations, which has a negative impact on stability of
    >      > > the clocks. If you remove the symmetric associations, it performs
    >      > > better. You can easily verify that.
    >      >
    >      > It may be, but would it be in the spirit of the protocol specification?
    > 
    >      I'm not sure what you mean by this.
    > 
    >      --
    >      Miroslav Lichvar
    > 
    >      _______________________________________________
    >      ntp mailing list
    >      ntp@ietf.org
    >      https://www.ietf.org/mailman/listinfo/ntp
    > 
    > 
    > _______________________________________________
    > ntp mailing list
    > ntp@ietf.org
    > https://www.ietf.org/mailman/listinfo/ntp

    -- 
    Harlan Stenn <stenn@nwtime.org>
    http://networktimefoundation.org - be a member!

    _______________________________________________
    ntp mailing list
    ntp@ietf.org
    https://www.ietf.org/mailman/listinfo/ntp

v2.23.0 | Report a Bug | By Email