Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alternative‑port‑01

Watson Ladd <watsonbladd@gmail.com> Sat, 31 July 2021 17:00 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8E9E3A0E4A for <ntp@ietfa.amsl.com>; Sat, 31 Jul 2021 10:00:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mqXJIttdLQfG for <ntp@ietfa.amsl.com>; Sat, 31 Jul 2021 10:00:13 -0700 (PDT)
Received: from mail-ed1-x52c.google.com (mail-ed1-x52c.google.com [IPv6:2a00:1450:4864:20::52c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9185B3A0E43 for <ntp@ietf.org>; Sat, 31 Jul 2021 10:00:13 -0700 (PDT)
Received: by mail-ed1-x52c.google.com with SMTP id f13so18049991edq.13 for <ntp@ietf.org>; Sat, 31 Jul 2021 10:00:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=iU9lUzniMjS2KotjVE81AZrqXRho/ph0wQTUOdUDhAs=; b=aLxKbHcVX4YIiUtuhimai973p5vSFz1VbgtpSy4ciD4PDPW36e58b+VB2s3uPPtezl ziNuvaqJReFdSAItRBlilti2ajKh4UfQ4tsapKlLoZYkG1tfv7q6gUj/Ajx9MFObQInu cPVZBkqW0NLOWeVhUsPM9+Vhz7QK8dk1roP0ks1Y1DIXxBIgnIY+/NeR3fieWSjYrzek HNtJd4Ym/y33xaNlpz50bJA1sg3OrlWSL3uNDCNjkFc+vB2F46dsTZ6344Y5rG6RNF9D DE9Qp8doDBNIoVEdxeW5RVdJ6vrTuhDefOWzOga74Il4PDCYJmIB/3HFTaQSpMP8wmfi oe3w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=iU9lUzniMjS2KotjVE81AZrqXRho/ph0wQTUOdUDhAs=; b=DFQ9OBTXFMBepwt74AVs/oR+OduMcfu07+5xsyhPdID1xOswuGnzv0iq5KRENW7DvM yDhuzI8S5GsE28/HTuLePv1fYRvXwGXM9wP1PPdCBHMeP2iyxgeAGo0TGGfqUAzkEpOF Y5lzxBIz7Dbk/Q0SLecXcx4lg3wFaCKKPQ6JRMt/sTo2q3XmSj6ZuU1kFgz90pqlUsn1 JjqJGSXLoOdBpil2QOAv/pf+Pr0QiFLZTNhUUK8SiZCpIcR8N9KlIqyN29GRhOQkaYdh FqhsLv2UVhveeYRkrqTuAjmz2ZK22L0hyk66QU55eEBPZjGXvViHVlktE5q76jsuH5zH HrsA==
X-Gm-Message-State: AOAM532qIpjO5iEhywdJMhcNV5X6ZbO3pFVPrkVAoW1Fimt/sMTtvf60 elOaI+EnuFqdSS0B+iyYZrcN3ADht9K725BRU9w=
X-Google-Smtp-Source: ABdhPJy3wAyucP5XjnOKcnbBBRq0tTyKTsLcCkLxUInEHaTL1mDeO672Xe1vKtM1g6ZtH7KGz8QAtu911MBS67Ka+rs=
X-Received: by 2002:aa7:d607:: with SMTP id c7mr10154257edr.140.1627750810945; Sat, 31 Jul 2021 10:00:10 -0700 (PDT)
MIME-Version: 1.0
References: <PH0PR06MB7061EF8C35B67CDE520E60F2C2349@PH0PR06MB7061.namprd06.prod.outlook.com> <YNMbMd+3dDjAnIDP@localhost> <CACsn0cnMR=E13wd06+=Jdr++s5hqvSt7VitE8euUzc2dF_SjtQ@mail.gmail.com> <a39454b6-31b2-a8f5-1070-3d1b3c155297@pdmconsulting.net> <492BFE65-30FD-42AC-8891-B9A7D007BC03@gmail.com> <ac4aa859-7d26-17ba-a33b-dec781258b52@pdmconsulting.net> <YP562akF+CL/9R5s@localhost> <CACsn0ckn+-MTrnd7KLVQCjyGnDPAPhPYYZm6W-w92vtd0PEAgQ@mail.gmail.com> <610253DA020000A100042C8B@gwsmtp.uni-regensburg.de> <61025C79020000A100042C9B@gwsmtp.uni-regensburg.de> <CACsn0c=2iV01P+gNLXU-NcmsCyUcsO1QAgKfyQcUg8Ci4R+3Dg@mail.gmail.com> <315bacee-255f-b517-a149-dc37ae9e0999@pdmconsulting.net>
In-Reply-To: <315bacee-255f-b517-a149-dc37ae9e0999@pdmconsulting.net>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sat, 31 Jul 2021 09:59:59 -0700
Message-ID: <CACsn0c=aD3UsuMczgwzEvC5WPtrynG6LfnPxf30Muzt4vjDp8A@mail.gmail.com>
To: Danny Mayer <mayer@pdmconsulting.net>
Cc: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, Miroslav Lichvar <mlichvar@redhat.com>, Dieter Sibold <dsibold.ietf@gmail.com>, NTP WG <ntp@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/9hP-D_JpOSVxEhL06HXWeJjR6U0>
Subject: Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alternative‑port‑01
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Jul 2021 17:00:19 -0000

On Thu, Jul 29, 2021, 12:12 PM Danny Mayer <mayer@pdmconsulting.net> wrote:
>
>
> On 7/29/21 11:01 AM, Watson Ladd wrote:
> > On Thu, Jul 29, 2021, 12:45 AM Ulrich Windl
> > <Ulrich.Windl@rz.uni-regensburg.de> wrote:
> > <snip>
> >>>> We see issues at Cloudflare with packet delivery on port 123. ISP
> >>>> middleboxes are going to police by length, and an alternative port is
> >>>> the way forward. There is much less policing on the alternative ports.
> >>> Actually I'd think teching cloudflare would be better than changing the
> >> I had meant to write "teaching"...
> > It's not our devices: it's middleboxes in ISP networks. We only find
> > out from customer pcaps where one in four NTS packets makes it
> > through. The policing is by length because that is what these boxes
> > support.
> >
> So how would using an alternative port make a difference?

The other port is not policed now. We use it, and take care to not
massively deploy amplifiers on it, so it does not get policed.  This
issue is not about opening firewalls that are under people's control.
This is about firewalls on ISP networks to protect the ability of the
network to function, that break and do things like take NIST offline
in the Western US for a month.

Sincerely,
Watson

>
>
> Danny
>