Re: [Ntp] Antw: Re: Calls for Adoption -- NTP Extension Field drafts -- Four separate drafts

Heiko Gerstung <> Mon, 02 September 2019 10:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 7B6C9120103 for <>; Mon, 2 Sep 2019 03:59:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -4.29
X-Spam-Status: No, score=-4.29 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id dGObwNX6QPHY for <>; Mon, 2 Sep 2019 03:59:52 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id A160B120131 for <>; Mon, 2 Sep 2019 03:59:51 -0700 (PDT)
Received: from (unknown []) (using TLSv1.1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPSA id CACEF71C05F5; Mon, 2 Sep 2019 12:59:47 +0200 (CEST)
X-DKIM: Sendmail DKIM Filter v2.8.2 CACEF71C05F5
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=mail201101; t=1567421990; bh=YyAQHq/vCtc42plUpFlAuYII+y+Gfu8SeiImQB5I7d8=; h=Date:Subject:Message-ID:References:In-Reply-To:Mime-version:From: To:Content-Type:Content-Transfer-Encoding; b=o6RgriwfB6EIywdJI4aBNUYJGJd6mGx8WxTmTVgzcIwmdaEKtBUMH/NTkCC0Lh7T4 5diIpaDMn+jAX+pZ7Khat0az5SnGV7C9lzY1Jup7sl36SYt+CMuLXyMcLpOsZys3xu QOxScxTKvrpK2qmVh+oi3j3lf/LUj45N+U2Tb/d4=
X-Kerio-Anti-Spam: Build: [Engines:, Stamp: 3], Multi: [Enabled, t: (0.000006,0.009633)], BW: [Enabled, t: (0.000006)], RTDA: [Enabled, t: (0.036693), Hit: No, Details: v2.7.53; Id: 15.1i61c1v.1djoq2tg5.2ol4i], total: 0(700)
X-Footer: bWVpbmJlcmcuZGU=
User-Agent: Microsoft-MacOutlook/10.1c.0.190812
Date: Mon, 2 Sep 2019 12:59:45 +0200
Message-ID: <>
Thread-Topic: [Ntp] Antw: Re: Calls for Adoption -- NTP Extension Field drafts -- Four separate drafts
References: <> <> <> <> <20190828103752.GI24761@localhost> <> <20190828111458.GJ24761@localhost> <> <> <> <>
In-Reply-To: <>
Mime-version: 1.0
Importance: Normal
X-Priority: 3
Thread-Index: AZ2x3tU+MDNjYzVhNjFjMDY4OWQ0MA==
From: Heiko Gerstung <>
To: Harlan Stenn <>, "" <>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Virus-Scanned: clamav-milter 0.100.3 at server1a
X-Virus-Status: Clean
Archived-At: <>
Subject: Re: [Ntp] Antw: Re: Calls for Adoption -- NTP Extension Field drafts -- Four separate drafts
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 02 Sep 2019 10:59:55 -0000


I am not sure I understand you correctly. My point was that we can change the base format of an NTP packet because we mark it as version=5. If someone sends a request with version=4, he should get a version=4 response with the v4 packet format. If someone sends a version=5 request, they will get a version=5 response with the new packet format, because the v5 request indicated that the client wants and understands a v5 response.

Maybe we both agree on this one here and just misunderstand each other? ;-)

Again, the loop detection algorithm for degree-n-loops would be one benefit from a chain of refids that are passed on from top to down. It would also allow to identify if two or three of my stratum 3 sources get their time from the same stratum 1 source. If we add a flag to the chain that indicates that this InstanceID contributed to the chain using an NTS protected connection, a client could reject any source that is not providing a fully protected chain. Or it prefers a source that can come up with such a chain.

Best Regards,

Heiko Gerstung 
Managing Director

MEINBERG® Funkuhren GmbH & Co. KG
Lange Wand 9
D-31812 Bad Pyrmont, Germany
Phone:    +49 (0)5281 9309-404
Fax:        +49 (0)5281 9309-9404

Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung


Do not miss our Time Synchronization Blog: 

Connect via LinkedIn:

On 02.09.19, 12:48 "ntp im Auftrag von Harlan Stenn" < im Auftrag von> wrote:

    On 8/28/2019 4:30 AM, Magnus Danielson wrote:
    > I agree. If someone knocks on the door with v5 packets, reply in v5
    > form, if someone knocks on the door with v4 packets, reply in v4 form.
    > As people migrate to v5, they can start using all the benefits from it.
    So what's the value and purpose of the version field in the packet if we
    decide it no longer identifies the structure/content of the fields in
    the packet?
    An implementation that speaks "version N" MUST understand version N
    packet formats, and SHOULD understand versions <N.
    If there is a blanket requirement that if we understand version N and we
    get a packet that is version >N, then if we respond with that same
    version instead of responding with a version N packet, then we are
    effectively saying we MUST NOT ever change the layout and meaning of the
    content of the base packet.
    What I'm seeing in this thread is that folks disagree with the above,
    and in that case I'm wondering if folks understand what they think
    they're advocating for.
    Please see Heiko's last comment below, and understand it in this context.
    > For loop-protection, keeping a list of nodes from the source is a very
    > easy base condition to avoid routing loops, since as an announcement
    > comes in, if none of the nodes in the list is oneself, you may use it,
    > where as if any of the nodes is oneself, a loop is for sure detected.
    The recipient has NO KNOWLEDGE of what the incoming refid means.
    It's SOLE PURPOSE in this is degree-one loop detection, and that happens
    at the "top" of the local tree.
    > While the trace loop detection mechanism is sufficient in theory, it
    > does not completely solve all loop problems, as transient loops may
    > occur, but it at least avoids problems in the long term.
    I don't believe there is any current way to communicate this knowledge,
    so larger trace loop detection seems impossible without a way to
    communicate this information.  It also begs the question of *where* this
    detection should happen.
    I think Heiko mentioned a loop they saw and I would be very interested
    in seeing the details there, as such a loop should break as soon as any of:
    - the stratum in the loop devolves to 16
    - the root distance grows
    - possibly something else
    The point being that the important thing is that if a loop happens there
    is an automatic recovery path.  If we never get a loop that's better,
    but it won't be fatal to a properly configured setup if a loop happens
    and the loop is then broken.
    > If I only had time to describe all the things I would do to enhance NTP,
    > it has a number of built-in assumptions which is not useful or correct.
    How about a list of at least some of the built-in assumptions that you
    think are not useful or correct?
    > Cheers,
    > Magnus
    > On 2019-08-28 13:23, Heiko Gerstung wrote:
    >> Why not define a method in v5 that not only protects against degree 1 loops but maybe also against degree 2,3 or n? 
    >> This is what I meant when trying to explain that we should not stick to the existing packet format with its shortcomings.
    >> Regards,
    >>    Heiko
    > _______________________________________________
    > ntp mailing list
    Harlan Stenn, Network Time Foundation - be a Member!
    ntp mailing list