IETF Logo Mail Archive

Re: [Ntp] I-D Action: draft-ietf-ntp-alternative-port-00.txt

Steven Sommars <stevesommarsntp@gmail.com> Sat, 24 October 2020 16:41 UTC

Return-Path: <stevesommarsntp@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DD8B3A0EBC for <ntp@ietfa.amsl.com>; Sat, 24 Oct 2020 09:41:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GQvX5oY66LS7 for <ntp@ietfa.amsl.com>; Sat, 24 Oct 2020 09:41:09 -0700 (PDT)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF4013A0EB7 for <ntp@ietf.org>; Sat, 24 Oct 2020 09:41:08 -0700 (PDT)
Received: by mail-io1-xd29.google.com with SMTP id q25so5643134ioh.4 for <ntp@ietf.org>; Sat, 24 Oct 2020 09:41:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=yq7ug9Ed1SVB5fn4cP8GtRMe1vqmPAMpcF+3+odcxnY=; b=V8wiy9CuCvY8NlsQtmatOEA6VoHPI0JdOWuLgfIj0XgIOSqM+sZL0oyv4S9fqAwTJx yC/flRFMs5x47YRizS/fCmX6LMRyl5T6ETeZZ2XaVOoyNYSe/AFLQ8vqNI8IV2dAZveI AdKxljj+xrQrZBlnsMaaCftSzgCUDllq4CcokU0ArSYtk+6p2NU2YIm+BU8EQNNrRXJM HZjflu6yT2V9Tg6W8pUwtuavSfKVddpNJPPvcqwUEvoKpciFCp32I7K5aKjrAkFOKldu DV5qV76dF2DVr5IjP0HxKybKcMPSdjCum07eG6I7yq1+a6hCYKDfcfbl8opKd7/q+XkR lNkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=yq7ug9Ed1SVB5fn4cP8GtRMe1vqmPAMpcF+3+odcxnY=; b=RfPvUrh0rrijq2VSwselO2uwDMgzAcM50nf6Qd16VxckxEMxh6FvyOK19+cuJFN0Am p+7glEJ552rz+KhOLaE3q2HZ7xXY95XdCQx4Qj8RV/pzMXKnK2Frfp+iJEPiluAP7T5u vzV/1bH00peb/6LBAbF93vUZlLCFsrXu9Yml5fy8dFWpUOieWl4A5f1PvUT+wdiklgbe IOH6lj7IqcokmU18r4g19/iWEoFD/zTrNthWQ1m9umYoXHHDQR2h3pc3GfVoGp6X6Jha Iq2Y+eU6NhXu3tcYImXyGBYkPvNOpt+XtteOhSbOOwGpVt0sNkCBTbXuSMj75B8tLQ0T b6uA==
X-Gm-Message-State: AOAM5324Sz5ZyIOTkcrktBG4mCTGnRn/QvEWpcmW1j1IKKOXC12Uy0O3 2vlT0lv4l5utYujhf+Dr4J206mjirKW2vzkK1lnaK3zzplE=
X-Google-Smtp-Source: ABdhPJyWEb+5vTb0G2E4UxF7Zec5z07gXHKlpNajA5KAPTS1pmC9c39ql0PVsp4toVARfFXvMv4gISbqK0fmwi8IvJU=
X-Received: by 2002:a5d:8e0a:: with SMTP id e10mr5649959iod.169.1603557667695; Sat, 24 Oct 2020 09:41:07 -0700 (PDT)
MIME-Version: 1.0
References: <160251475240.1475.18009830719976625294@ietfa.amsl.com>
In-Reply-To: <160251475240.1475.18009830719976625294@ietfa.amsl.com>
From: Steven Sommars <stevesommarsntp@gmail.com>
Date: Sat, 24 Oct 2020 11:40:56 -0500
Message-ID: <CAD4huA5UiS+yAjASKcj9FjWDuSCiVF4rEajZfkyzBSF61-yfvw@mail.gmail.com>
To: NTP WG <ntp@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000028f1d405b26d5dab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/6GO8y22P49LZwQCrzPYL-c2D4GY>
Subject: Re: [Ntp] I-D Action: draft-ietf-ntp-alternative-port-00.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Oct 2020 16:41:11 -0000

My comments on
https://datatracker.ietf.org/doc/html/draft-ietf-ntp-alternative-port-00

This draft is important since eliminating UDP port 123 filtering is
unlikely.   The parties responsible for NTP filtering seem reluctant to
even discuss the subject; I've tried.

This note provides some NTP filtering field experience:
https://weberblog.net/ntp-filtering-delay-blockage-in-the-internet/

(comment) The ALTPORT could be used for NTS only (my preference). However I
don't object to ALTPORT being used for both NTS and RFC5905 as described in
this draft.

Abstract:  "in order to make NTP safe for the Internet."
NTP behavior is improved, but since it is UDP based there is still
opportunity for abuse.

Section 1.  "Over time, network operators have been observed to implement
the following mitigations"
- The mitigations are undocumented, path/operator dependent and may change
over time.
- (comment) On some paths I've observed NTP-specific delay.  This may be a
side effect of rate limiting.

Section 1. "The number of public servers in the pool.ntp.org project has
dropped  in large part due to the mitigations (citation?)."
I am unaware of a good citation.  Several threads in
https://community.ntppool.org/ describe problems with NTP Pool monitoring,
i.e., unexpected low monitoring scores.
Some incidents resulted in machines being temporarily or permanently
removed from the NTP pool.
I doubt there is data to back up the "in large part" comment.

Section 2.
  "The client SHOULD be switching between the two ports until a valid
response is received."
to
   The client SHOULD alternate between the two ports until a valid response
is received.

Are there any issues with an NTP server keeping state information for both
clients at both (IP, port 123) and (IP,ALTPORT)?
E.g., Client sends queries on the two ports, server receives both.  Does
the server consider these to be two clients or one?




Steve Sommars

v2.23.0 | Report a Bug | By Email