IETF Logo Mail Archive

Re: [Ntp] I-D Action: draft-ietf-ntp-using-nts-for-ntp-27.txt

Ragnar Sundblad <ragge@netnod.se> Thu, 26 March 2020 15:21 UTC

Return-Path: <ragge@netnod.se>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CDA983A0867 for <ntp@ietfa.amsl.com>; Thu, 26 Mar 2020 08:21:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netnod-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ScqguLuEcCoo for <ntp@ietfa.amsl.com>; Thu, 26 Mar 2020 08:21:04 -0700 (PDT)
Received: from mail-lf1-x133.google.com (mail-lf1-x133.google.com [IPv6:2a00:1450:4864:20::133]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0615E3A05A6 for <ntp@ietf.org>; Thu, 26 Mar 2020 08:21:03 -0700 (PDT)
Received: by mail-lf1-x133.google.com with SMTP id j188so5157878lfj.11 for <ntp@ietf.org>; Thu, 26 Mar 2020 08:21:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netnod-se.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PUFNNZcJTDveJwJRiEFUIFYgIhuIBeFFP31lB/xpATw=; b=WxlMbxP8kfBYdTxI7eqmOPP2C9ApvkrlarVCMkUEfPM5KmR0ecJP4ZBxV3MBKxSlCR kux8l/aJ4Ur5769QUzndz5vorQYCDHoflsCdIHgKtVHQwGdGi6Nok5ujYbfpNpKQzXZH sOmSmnwYFbQc8ptcC4H0OjSigudDk3/ssAIMEhIwi08vr/mPI2Z7NZmnHKsGFnLOtvpW nLvRdg2sH7NbobF8socnLyt8yPo26iK+bYSg1HhA8I633seOOHlk3GuWWyLhJopOEumy M6sB+Rs1zIE5eWcEcX/AYi5FBbjN4RexJ9l3fxYgTNnDc3H/nCOTk+7FZ8lmnRgJXzxU gwMA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=PUFNNZcJTDveJwJRiEFUIFYgIhuIBeFFP31lB/xpATw=; b=DJSR3uzgjZQrdwh0ZJDkcSjtNgmg6/s8oeFeG91+Db7z+L1xaBgC2gqoUZDqbcIV3I 30er1Of7f6oMdX+UEIOTHyZezP56aRZiZdUysu6d8isPEQZRTMr9bP9xLr+5Nn9Jj6w1 wjGmcQykLqkcKTYOhv36d3Tb5+3l7KNFDIY9bI/fEJOY12Y6Xbd123RILksH3GfKt9Va jLsmANVTLR18CpaH7iHRtiv9DhjlFCV+dUNm4a5tQhG3LOgKSIqo6jCqKSlVOrRcwtB/ To3/mV6Qi8EmEbLU19XynsjqS+pokndSZkpU/arffkyHeOFKFHqPs/ggtvKEiB2XFlGM ISmg==
X-Gm-Message-State: ANhLgQ2kTkuWV9m39w73ZgrDgXCvU2SWilgzrL5fjb8eLz7PErBvaWbP klamJSbFFuRd8ltmdlMBCU3auQ==
X-Google-Smtp-Source: ADFU+vtEj+MWRHKbZwc7khcdVNelkEbd390uwzEVWPl4m3YkjAuZp6ak48mS/rmhjvg4Ga/sa1TS8A==
X-Received: by 2002:ac2:57c5:: with SMTP id k5mr6121616lfo.207.1585236056887; Thu, 26 Mar 2020 08:20:56 -0700 (PDT)
Received: from [10.0.1.14] (h-122-211.A530.priv.bahnhof.se. [213.80.122.211]) by smtp.gmail.com with ESMTPSA id f7sm1607078ljj.4.2020.03.26.08.20.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Mar 2020 08:20:54 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Ragnar Sundblad <ragge@netnod.se>
In-Reply-To: <20200326140143.GD9039@localhost>
Date: Thu, 26 Mar 2020 16:20:53 +0100
Cc: ntp@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <88EE1336-C5BA-4E95-B770-D27C0ED956FC@netnod.se>
References: <158507294813.11622.18159158243943940302@ietfa.amsl.com> <20200325115834.GC25803@localhost> <74B1B8F5-5762-4AB1-B3F2-D5AC2BC325C1@netnod.se> <20200325145956.GF25803@localhost> <400E7210-ABB7-48F7-B52D-A69A96968255@netnod.se> <20200326095602.GB9039@localhost> <842BEA8F-35F7-41B7-8FEC-30515F88A60D@netnod.se> <20200326113745.GC9039@localhost> <97BDCE6D-205D-4727-A585-602AD141B245@netnod.se> <20200326140143.GD9039@localhost>
To: Miroslav Lichvar <mlichvar@redhat.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/FYEeUKF4lYYLSkf-bdRFcQNz9HY>
Subject: Re: [Ntp] I-D Action: draft-ietf-ntp-using-nts-for-ntp-27.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2020 15:21:07 -0000


> On 26 Mar 2020, at 15:01, Miroslav Lichvar <mlichvar@redhat.com> wrote:
> 
> On Thu, Mar 26, 2020 at 02:01:16PM +0100, Ragnar Sundblad wrote:
>> Oh, so you think there is a risk that both the KE negotiation works
>> and at least one NTP requests works, and soon thereafter the
>> connection breaks, frequently?
>> I am not sure why that would happen very often, but if it did, there
>> Should at least be 8 NTP requests (until the client has exhausted its
>> cookies) until it contacts the KE server again.
> 
> Rate limiting of NTP packets in some networks is a major issue, which
> was discussed on this list. I sometimes see over 90% packet loss. The
> client would need to reuse cookies to operate reasonably well in such
> conditions. I agree the 8 polling intervals from NTP helps here
> (assuming the interval is not reset to the minimum after NTS-KE and
> it's not using a burst).
> 
>>> No, clients may switch between servers when they become unreachable
>>> (e.g. due to rate limiting). I see this often with my mini-pool of NTS
>>> servers.
>> 
>> Oh really, I didn’t know. So chrony does that? (Nice!)
> 
> I think most NTP and SNTP clients do that.

Right, SNTP most likely.
But NTP? Oh well.

>>> Well, as I said above, there are many reasons why NTS-KE or NTS-NTP
>>> may be consistently failing. For example, an ISP may have a firewall
>>> that blocks large NTP packets. NTS-KE will work as expected, but
>>> no NTS-NTP reply will be ever received, so the clients will be
>>> constantly restarting NTS-KE. If the clients were restarted once per
>>> day and used the 1024*2^(n - 1) retry interval I suggested, the number
>>> of NTS-KE requests would drop to 30%.
>> 
>> Ok - in this case too, there should be 8 NTP requests before it contacts
>> the KE server again, and it will increase the retry interval each time
>> since it has not completed a full cycle of getting cookies and succeeded
>> in using them.
> 
> You are right. Good point. Maybe a bug or incompatibility between
> different implementations would be a better example.

Yes, bugs could cause almost any behaviour, but it is a very specific
and narrow class of bugs that we would fix by changing those constants.

Ragnar

v2.23.0 | Report a Bug | By Email