IETF Logo Mail Archive

Re: [Ntp] [tsvwg] [Tsv-art] Tsvart early review of draft-ietf-ntp-alternative-port-02

Miroslav Lichvar <mlichvar@redhat.com> Thu, 09 December 2021 08:27 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BBA8A3A0786 for <ntp@ietfa.amsl.com>; Thu, 9 Dec 2021 00:27:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.802
X-Spam-Level:
X-Spam-Status: No, score=-2.802 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.701, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Gr7EQQ0VRyo2 for <ntp@ietfa.amsl.com>; Thu, 9 Dec 2021 00:27:03 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D2473A012C for <ntp@ietf.org>; Thu, 9 Dec 2021 00:27:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1639038421; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=n1MmM40vkIHbN8IjV+WLl9fF70ZXQynw7zeXI3aoXqw=; b=DL+vs0IhVKkWSiWFXhHh4Ee7ivBtny5wohljHGDm3E1lBHOLm87H4kUbKTOQ0Sy2OK70P7 OEjaHUanyiA4awNp3KcSpbSZL5xvDOfYmwP7P6bkxf82Cv66JEmENspI32zjv8ox4opkpw AqQ8ZOsPfR/o1KEbrC3+j5evoTz6g8M=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-278-XO9Ce0TGNPGVBP1xq3aBdg-1; Thu, 09 Dec 2021 03:26:59 -0500
X-MC-Unique: XO9Ce0TGNPGVBP1xq3aBdg-1
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 9182D1853026; Thu, 9 Dec 2021 08:26:58 +0000 (UTC)
Received: from localhost (unknown [10.43.135.229]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B78811B472; Thu, 9 Dec 2021 08:26:56 +0000 (UTC)
Date: Thu, 09 Dec 2021 09:26:55 +0100
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Eliot Lear <lear@lear.ch>
Cc: "touch@strayalpha.com" <touch@strayalpha.com>, Steven Sommars <stevesommarsntp@gmail.com>, NTP WG <ntp@ietf.org>, TSVWG <tsvwg@ietf.org>, Harlan Stenn <stenn@nwtime.org>, Danny Mayer <mayer@pdmconsulting.net>, tsv-art <tsv-art@ietf.org>
Message-ID: <YbG9z3ABJDrJcpzO@localhost>
References: <CACL_3VENkyebRf25W6EpW0yZY6ELYS41A4D_i+RnQE1M21P2hg@mail.gmail.com> <Ya3fLJCHUsm1wE28@localhost> <90723c26-0352-a4d1-f765-eb26b1522954@pdmconsulting.net> <bf78924b-69bc-760e-cc7f-e6896504e194@meinberg.de> <Ya81mYy8/EuH8ilY@localhost> <ABF8072B-C6C0-47F3-BD7B-BAFE927B5DE1@strayalpha.com> <d3d167ee-5a6d-0060-a350-6eb04ba0ae8b@lear.ch> <98f35559-b1ff-be8b-d06e-a034ccd4b610@lear.ch> <EA1F9DA1-6C73-4BA6-9566-BEA09E3C6165@strayalpha.com> <159160c7-e595-349f-aff9-35cc60b02413@lear.ch>
MIME-Version: 1.0
In-Reply-To: <159160c7-e595-349f-aff9-35cc60b02413@lear.ch>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="iso-8859-1"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/KEA0V8wlK1VLQx_tyCaF2GkGMTE>
Subject: Re: [Ntp] [tsvwg] [Tsv-art] Tsvart early review of draft-ietf-ntp-alternative-port-02
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Dec 2021 08:27:08 -0000

On Thu, Dec 09, 2021 at 08:51:41AM +0100, Eliot Lear wrote:
> Yes, as a rule we do not allocate new ports for existing services.  There
> are two reasons for that rule: first, it encourages sloppy design of the
> form ("I'll fix it later") and second and more importantly, we simply don't
> have so many ports to go around.

That's fair enough. I wonder if exceptions could be allowed for old
services. It seems the problematic NTP modes were introduced in
RFC1119 from 1989. Could a protocol be pardoned for its mistakes after
30 years?

> It is simply not reasonable, however, to require that NTP packets comport to
> a particular size in order to evade a combination of broken firewall
> policies and unbending IANA policies

I think we could make the most common case of an NTPv4+NTS packet
shorter to get below that length where the observed filtering starts
and add padding to packets that don't fit there. That would make NTS
more reliable (which is what the WG is now most interested in), but it
would not change anything in those cases where NTP is completely
blocked or rate limited.

> Miroslav, one question I would like to understand is whether those drops
> involve typical packets used to sync clocks or if those are control
> packets.  In other words, are clocks not syncing because of the drops?

The intention is to drop the control packets (NTP modes 6 and 7),
which amplify traffic, but it impacts also the time-synchronization
modes (1, 2, 3, 4), which don't amplify traffic (except when Autokey
is enabled, but that is rarely used).

-- 
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email