IETF Logo Mail Archive

Re: [Ntp] I-D Action: draft-ietf-ntp-using-nts-for-ntp-27.txt

Ragnar Sundblad <ragge@netnod.se> Thu, 26 March 2020 13:01 UTC

Return-Path: <ragge@netnod.se>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 979423A0CF6 for <ntp@ietfa.amsl.com>; Thu, 26 Mar 2020 06:01:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=netnod-se.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0OlL3E80ldTX for <ntp@ietfa.amsl.com>; Thu, 26 Mar 2020 06:01:22 -0700 (PDT)
Received: from mail-lj1-x22c.google.com (mail-lj1-x22c.google.com [IPv6:2a00:1450:4864:20::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67E6E3A0CEC for <ntp@ietf.org>; Thu, 26 Mar 2020 06:01:22 -0700 (PDT)
Received: by mail-lj1-x22c.google.com with SMTP id n17so6283343lji.8 for <ntp@ietf.org>; Thu, 26 Mar 2020 06:01:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netnod-se.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LQCXzNLFD5HoLfXGnvWOEpdoEy1VOSfy1Cl+HD/qBmM=; b=KoU/bOBIpxJvRGDVbW4fie357zfOGadjA+MsB5CMwLq+XrG4TWGx8pjm+aMgT1fvp7 /4sTU9Sp54M0r5KxfguUsj3IFK/F1t2gqhwkltU7ZVRt6AAn5O134NeJMQ1wLuh1QPsd XnSg5atHOwn9g9CV0Zurg9a+dwFQI5WmigpCYy5NMBVa1oXDrHrkR1gLiG+vjSlDmJV/ 27RFtlQWhzvevpnLEuteWW5uHExPZnQNuYxUUyummCF1h5MA/HORpOVamecl2uWpAG9n U/UhqlZA56Z6X2rT9dkPp0LHw+MqR5V+xy3Ux4iKKV+r8oeoi8C2IanVXEH0d3iDFvNs 5XxQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=LQCXzNLFD5HoLfXGnvWOEpdoEy1VOSfy1Cl+HD/qBmM=; b=M0perv5u86joSX2niPmk/HiwEk6k7v/I/vBOKacLu9KVDmazq7UOVnHiFwdYZ4BJSX 5JuqzFsbl440cmuxg4+Efnu1RvL/MPXxT9KAFE+yCr6PStQ8k5AZhP0EVwrhvrd2KSNd XEYY3vSUreX0xTbOdffwU00n6q9l8Q6hUpV180gxcdxVESaTQSPPGvQrHel6qZ4+Xluh GmIYJoYZtSZzer3+ZirVwRcKzls2q43Sqb9s7cTEbBBY2EzGCkutTc2/Dipnbi8zfy6J u2Bfc1yFht1yLS2jCyJMTsxvikZ9SYQXSsAJytBCx/AoJjFqte8lvyRaPwHUeK/1AIx9 PHIQ==
X-Gm-Message-State: ANhLgQ2ZYU6/3VrCQMGBnfRbMNZMbqjEQ6u+u9WY2Dt6e043U1oqnpms gWsOtHBz8GYkN6qklQSHUnHLBw==
X-Google-Smtp-Source: APiQypKVkzrKUUzOO8BUDfAKxMjcoyuEJS/l5QjFWh3PUZYZVtm7PhFz8siUhDM9rxc3ilIN2DUClQ==
X-Received: by 2002:a2e:85c6:: with SMTP id h6mr4979054ljj.218.1585227679520; Thu, 26 Mar 2020 06:01:19 -0700 (PDT)
Received: from [10.0.1.14] (h-122-211.A530.priv.bahnhof.se. [213.80.122.211]) by smtp.gmail.com with ESMTPSA id a19sm1413505ljm.48.2020.03.26.06.01.16 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 26 Mar 2020 06:01:17 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\))
From: Ragnar Sundblad <ragge@netnod.se>
In-Reply-To: <20200326113745.GC9039@localhost>
Date: Thu, 26 Mar 2020 14:01:16 +0100
Cc: ntp@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <97BDCE6D-205D-4727-A585-602AD141B245@netnod.se>
References: <158507294813.11622.18159158243943940302@ietfa.amsl.com> <20200325115834.GC25803@localhost> <74B1B8F5-5762-4AB1-B3F2-D5AC2BC325C1@netnod.se> <20200325145956.GF25803@localhost> <400E7210-ABB7-48F7-B52D-A69A96968255@netnod.se> <20200326095602.GB9039@localhost> <842BEA8F-35F7-41B7-8FEC-30515F88A60D@netnod.se> <20200326113745.GC9039@localhost>
To: Miroslav Lichvar <mlichvar@redhat.com>
X-Mailer: Apple Mail (2.3608.80.23.2.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/J0ILMH0RVN9UrV9Hm-SV07DAnXw>
Subject: Re: [Ntp] I-D Action: draft-ietf-ntp-using-nts-for-ntp-27.txt
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Mar 2020 13:01:25 -0000


> On 26 Mar 2020, at 12:37, Miroslav Lichvar <mlichvar@redhat.com> wrote:
> 
> On Thu, Mar 26, 2020 at 11:49:57AM +0100, Ragnar Sundblad wrote:
>>> On 26 Mar 2020, at 10:56, Miroslav Lichvar <mlichvar@redhat.com> wrote:
>>> But it seems we don't agree on how long actually will be the NTS
>>> sessions. You seem to be saying that a short initial interval in the
>>> exponential backoff is ok (in the name of simplicity), because the NTS
>>> sessions will be so long that the average rate will be insignificant
>>> over those long periods. Is that correct?
>> 
>> Hmm, I don’t think so. Also, do you mean one KE negotiation is one session,
>> or from one KE negotiation to the next one, if the clients reboots runs out
>> of cookies is one session?
> 
> By session I mean how long the client is using or trying to use the
> server, including all NTS-KE and NTS-NTP requests.

Ok! Yes, then I think you could say so.

>> I did mean, that the initial 10 seconds will only be 10 seconds if the server
>> is up but will not accept the TCP connection, if for example the listener
>> has not started, or is so overloaded that the TCP connection queue is full
>> (and this will be very cheap for the server, handled by TCP).
>> If the server is not up or not reachable, TCP will retry for a while before
>> giving up. (This will of course not cost the server anything.)
>> If the server accepts the TCP connection but is overloaded and slow to
>> respond, the client will just wait for the request to be handled (and could,
>> likely should, timeout after a while). There is no extra cost for the
>> server for this, really.
> 
> Yes, but I'm concerned with the cases where something breaks after the
> connection is made and when much more resources are wasted per
> request.

Oh, so you think there is a risk that both the KE negotiation works
and at least one NTP requests works, and soon thereafter the
connection breaks, frequently?
I am not sure why that would happen very often, but if it did, there
Should at least be 8 NTP requests (until the client has exhausted its
cookies) until it contacts the KE server again.

>>> Computers
>>> are shut down or suspended frequently.
>> 
>> If they are suspended, there is no need to renegotiate.
> 
> Usually, but the system may need to restart the NTP client due to a
> different DHCP configuration for example.

(If it is implemented like that, persistent cookies could be a nice
addition.)
But this is also something that isn’t affected by the retry timer
constants - it should work on the first attempt anyways.

>>> Clients are switching between
>>> different servers of a pool.
>> 
>> Only when the ntp client is restarted, right (at least with the clients
>> of today).
> 
> No, clients may switch between servers when they become unreachable
> (e.g. due to rate limiting). I see this often with my mini-pool of NTS
> servers.

Oh really, I didn’t know. So chrony does that? (Nice!)

>>> I think it will take only a small portion of NTS clients to be
>>> consistently failing in NTS-KE or NTS-NTP after the TLS handshake
>>> (e.g. due to a network issue, bug, or incompatibility) and overwhelm
>>> the server with their short retry intervals.
>> 
>> They should not fail with a working server, why would they?
>> And if they do, they will very quickly get to long retry intervals,
>> and there is likely something broken with the server anyway.
> 
> Well, as I said above, there are many reasons why NTS-KE or NTS-NTP
> may be consistently failing. For example, an ISP may have a firewall
> that blocks large NTP packets. NTS-KE will work as expected, but
> no NTS-NTP reply will be ever received, so the clients will be
> constantly restarting NTS-KE. If the clients were restarted once per
> day and used the 1024*2^(n - 1) retry interval I suggested, the number
> of NTS-KE requests would drop to 30%.

Ok - in this case too, there should be 8 NTP requests before it contacts
the KE server again, and it will increase the retry interval each time
since it has not completed a full cycle of getting cookies and succeeded
in using them.

Ragnar

v2.23.0 | Report a Bug | By Email