Re: [Ntp] I-D Action: draft-ietf-ntp-alternative-port-00.txt
Steven Sommars <stevesommarsntp@gmail.com> Sat, 24 October 2020 16:41 UTC
Return-Path: <stevesommarsntp@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DD8B3A0EBC for <ntp@ietfa.amsl.com>; Sat, 24 Oct 2020 09:41:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GQvX5oY66LS7 for <ntp@ietfa.amsl.com>; Sat, 24 Oct 2020 09:41:09 -0700 (PDT)
Received: from mail-io1-xd29.google.com (mail-io1-xd29.google.com [IPv6:2607:f8b0:4864:20::d29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF4013A0EB7 for <ntp@ietf.org>; Sat, 24 Oct 2020 09:41:08 -0700 (PDT)
Received: by mail-io1-xd29.google.com with SMTP id q25so5643134ioh.4 for <ntp@ietf.org>; Sat, 24 Oct 2020 09:41:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=yq7ug9Ed1SVB5fn4cP8GtRMe1vqmPAMpcF+3+odcxnY=; b=V8wiy9CuCvY8NlsQtmatOEA6VoHPI0JdOWuLgfIj0XgIOSqM+sZL0oyv4S9fqAwTJx yC/flRFMs5x47YRizS/fCmX6LMRyl5T6ETeZZ2XaVOoyNYSe/AFLQ8vqNI8IV2dAZveI AdKxljj+xrQrZBlnsMaaCftSzgCUDllq4CcokU0ArSYtk+6p2NU2YIm+BU8EQNNrRXJM HZjflu6yT2V9Tg6W8pUwtuavSfKVddpNJPPvcqwUEvoKpciFCp32I7K5aKjrAkFOKldu DV5qV76dF2DVr5IjP0HxKybKcMPSdjCum07eG6I7yq1+a6hCYKDfcfbl8opKd7/q+XkR lNkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=yq7ug9Ed1SVB5fn4cP8GtRMe1vqmPAMpcF+3+odcxnY=; b=RfPvUrh0rrijq2VSwselO2uwDMgzAcM50nf6Qd16VxckxEMxh6FvyOK19+cuJFN0Am p+7glEJ552rz+KhOLaE3q2HZ7xXY95XdCQx4Qj8RV/pzMXKnK2Frfp+iJEPiluAP7T5u vzV/1bH00peb/6LBAbF93vUZlLCFsrXu9Yml5fy8dFWpUOieWl4A5f1PvUT+wdiklgbe IOH6lj7IqcokmU18r4g19/iWEoFD/zTrNthWQ1m9umYoXHHDQR2h3pc3GfVoGp6X6Jha Iq2Y+eU6NhXu3tcYImXyGBYkPvNOpt+XtteOhSbOOwGpVt0sNkCBTbXuSMj75B8tLQ0T b6uA==
X-Gm-Message-State: AOAM5324Sz5ZyIOTkcrktBG4mCTGnRn/QvEWpcmW1j1IKKOXC12Uy0O3 2vlT0lv4l5utYujhf+Dr4J206mjirKW2vzkK1lnaK3zzplE=
X-Google-Smtp-Source: ABdhPJyWEb+5vTb0G2E4UxF7Zec5z07gXHKlpNajA5KAPTS1pmC9c39ql0PVsp4toVARfFXvMv4gISbqK0fmwi8IvJU=
X-Received: by 2002:a5d:8e0a:: with SMTP id e10mr5649959iod.169.1603557667695; Sat, 24 Oct 2020 09:41:07 -0700 (PDT)
MIME-Version: 1.0
References: <160251475240.1475.18009830719976625294@ietfa.amsl.com>
In-Reply-To: <160251475240.1475.18009830719976625294@ietfa.amsl.com>
From: Steven Sommars <stevesommarsntp@gmail.com>
Date: Sat, 24 Oct 2020 11:40:56 -0500
Message-ID: <CAD4huA5UiS+yAjASKcj9FjWDuSCiVF4rEajZfkyzBSF61-yfvw@mail.gmail.com>
To: NTP WG <ntp@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000028f1d405b26d5dab"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/6GO8y22P49LZwQCrzPYL-c2D4GY>
Subject: Re: [Ntp] I-D Action: draft-ietf-ntp-alternative-port-00.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Oct 2020 16:41:11 -0000
My comments on https://datatracker.ietf.org/doc/html/draft-ietf-ntp-alternative-port-00 This draft is important since eliminating UDP port 123 filtering is unlikely. The parties responsible for NTP filtering seem reluctant to even discuss the subject; I've tried. This note provides some NTP filtering field experience: https://weberblog.net/ntp-filtering-delay-blockage-in-the-internet/ (comment) The ALTPORT could be used for NTS only (my preference). However I don't object to ALTPORT being used for both NTS and RFC5905 as described in this draft. Abstract: "in order to make NTP safe for the Internet." NTP behavior is improved, but since it is UDP based there is still opportunity for abuse. Section 1. "Over time, network operators have been observed to implement the following mitigations" - The mitigations are undocumented, path/operator dependent and may change over time. - (comment) On some paths I've observed NTP-specific delay. This may be a side effect of rate limiting. Section 1. "The number of public servers in the pool.ntp.org project has dropped in large part due to the mitigations (citation?)." I am unaware of a good citation. Several threads in https://community.ntppool.org/ describe problems with NTP Pool monitoring, i.e., unexpected low monitoring scores. Some incidents resulted in machines being temporarily or permanently removed from the NTP pool. I doubt there is data to back up the "in large part" comment. Section 2. "The client SHOULD be switching between the two ports until a valid response is received." to The client SHOULD alternate between the two ports until a valid response is received. Are there any issues with an NTP server keeping state information for both clients at both (IP, port 123) and (IP,ALTPORT)? E.g., Client sends queries on the two ports, server receives both. Does the server consider these to be two clients or one? Steve Sommars
- [Ntp] I-D Action: draft-ietf-ntp-alternative-port… internet-drafts
- Re: [Ntp] I-D Action: draft-ietf-ntp-alternative-… Steven Sommars
- Re: [Ntp] I-D Action: draft-ietf-ntp-alternative-… Miroslav Lichvar
- Re: [Ntp] I-D Action: draft-ietf-ntp-alternative-… Steven Sommars
- Re: [Ntp] I-D Action: draft-ietf-ntp-alternative-… Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: I-D Action: draft-ietf-ntp-… Ulrich Windl
- Re: [Ntp] [EXT] Re: I-D Action: draft-ietf-ntp-al… Steven Sommars
- Re: [Ntp] [EXT] Re: I-D Action: draft-ietf-ntp-al… Harlan Stenn
- Re: [Ntp] [EXT] Re: I-D Action: draft-ietf-ntp-al… Miroslav Lichvar
- Re: [Ntp] [EXT] Re: I-D Action: draft-ietf-ntp-al… Steven Sommars