Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03 / Extension fields
Miroslav Lichvar <mlichvar@redhat.com> Mon, 29 November 2021 09:58 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 06EC93A101D for <ntp@ietfa.amsl.com>; Mon, 29 Nov 2021 01:58:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.802
X-Spam-Level:
X-Spam-Status: No, score=-2.802 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ko9xEa2Bgh5q for <ntp@ietfa.amsl.com>; Mon, 29 Nov 2021 01:58:11 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6450B3A0595 for <ntp@ietf.org>; Mon, 29 Nov 2021 01:58:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1638179890; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=US3X5Rl7gczR+z1/gHonTS4Lp+JsTo8AA8G2XpE45sQ=; b=carSHnucBjORCVvGqk0GhL3W+kEJ4peVJ7Sqj/Y1E2qQqa2w6yYCJhH12CA51HgcQ/Sd7Q PPZh571lBYLOmW+xjTAu9qMyPewxU5Lb6YnQxCFSRLY3qXyvR/9XXubntpNFoTVuJaiHuQ /UA+jBmYoj+rYgba4PnyrsguhNUjEcM=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-44-CBcAeOeUMam58ZgpcDkddg-1; Mon, 29 Nov 2021 04:58:06 -0500
X-MC-Unique: CBcAeOeUMam58ZgpcDkddg-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 0A7C31023F4D; Mon, 29 Nov 2021 09:58:06 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5288C794A1; Mon, 29 Nov 2021 09:58:04 +0000 (UTC)
Date: Mon, 29 Nov 2021 10:58:02 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Dan Drown <dan-ntp@drown.org>
Cc: ntp@ietf.org
Message-ID: <YaSkKrfdgJmOfKyJ@localhost>
References: <20211123131501.Horde.ErUH7VWw3Nr2PFkAGzGIEuI@mail.drown.org> <20211125214748.Horde.K2Fa5qir5iPLYRvfQJBMx8m@mail.drown.org> <20211126214820.Horde.ErbRZcjuVf-yEn55FGUhEZP@mail.drown.org>
MIME-Version: 1.0
In-Reply-To: <20211126214820.Horde.ErbRZcjuVf-yEn55FGUhEZP@mail.drown.org>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/DTUztUvJQvhGUpf_B2fxtJkiI-c>
Subject: Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03 / Extension fields
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Nov 2021 09:58:13 -0000
On Fri, Nov 26, 2021 at 09:48:20PM -0600, Dan Drown wrote: > After a day of thinking about my proposal above, I have the following > concerns: > > * The added packet size, 20+4 bytes is very large for NTP What would you consider the maximum acceptable size? Please note that only clients serving time to other servers would need to use it. Clients that don't serve time, which I think is the most common case, don't need to care about loops. As you pointed out, it should be even much larger if we want a lower false positive rate. But it doesn't have to be transmitted all at once. The client could get it in multiple parts over multiple requests (e.g. 4 or 8). This would add a delay to the loop detection. > * I need to consider compatibility between NTPv4 refid and v5 extension. > Specifically, what translations happen when switching between versions Most of the information would be lost if an NTPv4 server was in the chain. This would be common in the beginning. For NTPv4->NTPv5 compatibility, we could specify a mapping of the 32-bit refids to the bloom filter. > * The 1% false positive rate would be a problem when you have a set of > servers each with 10,000+ clients Right. It needs to be much lower. > * Packet logging for monitoring and management would be challenging You mean manually checking whether a server is in the filter? > * Operators would probably want some way to make this more deterministic, > maybe a configured local ref id It could be saved to disk to not change across service restarts. > I'm doubting if a bloom filter is the right choice for NTP loop detection. Are there any other reasonable options? Maybe a combined approach using 32-bit or 64-bit IDs for detecting loops between two servers and a slowly updated bloom filter to detect loops over a larger number of servers? -- Miroslav Lichvar
- [Ntp] comments on draft-mlichvar-ntp-ntpv5-03 Dan Drown
- [Ntp] Antw: [EXT] comments on draft‑mlichvar‑ntp‑… Ulrich Windl
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03 Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] comments on draft‑mlichvar‑… Miroslav Lichvar
- [Ntp] Antw: Re: Antw: [EXT] comments on draft‑mli… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] comments on draft… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: [EXT] comments on draft… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] comments on draft… Miroslav Lichvar
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Miroslav Lichvar
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Miroslav Lichvar
- Re: [Ntp] comments on draft‑mlichvar‑ntp‑ntpv5‑03 Dan Drown
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Dan Drown
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Harlan Stenn
- Re: [Ntp] comments on draft‑mlichvar‑ntp‑ntpv5‑03 Steven Sommars
- Re: [Ntp] comments on draft‑mlichvar‑ntp‑ntpv5‑03 Dan Drown
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Dan Drown
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Dan Drown
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Dan Drown
- [Ntp] Antw: [EXT] Re: comments on draft‑mlichvar‑… Ulrich Windl
- [Ntp] Antw: [EXT] Re: comments on draft‑mlichvar‑… Ulrich Windl
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Dan Drown
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Miroslav Lichvar
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Miroslav Lichvar
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Dan Drown
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Dan Drown
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Miroslav Lichvar
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Miroslav Lichvar
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Miroslav Lichvar
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Danny Mayer
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Dan Drown
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Dan Drown
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Dan Drown
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Miroslav Lichvar
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Danny Mayer
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Doug Arnold
- Re: [Ntp] comments on draft-mlichvar-ntp-ntpv5-03… Miroslav Lichvar