IETF Logo Mail Archive

Re: [Ntp] Antw: [EXT] Re: Quick review of WGLC for status change for draft‑ietf‑ntp‑update‑registries

Martin Burnicki <martin.burnicki@meinberg.de> Tue, 09 August 2022 10:17 UTC

Return-Path: <martin.burnicki@meinberg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 190E0C15C525 for <ntp@ietfa.amsl.com>; Tue, 9 Aug 2022 03:17:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meinberg.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wi7NwLjI_01J for <ntp@ietfa.amsl.com>; Tue, 9 Aug 2022 03:17:16 -0700 (PDT)
Received: from server1a.meinberg.de (server1a.meinberg.de [176.9.44.212]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F33CEC13CCC5 for <ntp@ietf.org>; Tue, 9 Aug 2022 03:17:11 -0700 (PDT)
Received: from seppmail.py.meinberg.de (unknown [193.158.22.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server1a.meinberg.de (Postfix) with ESMTPSA id 3361271C0065; Tue, 9 Aug 2022 12:17:09 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinberg.de; s=d2021; t=1660040229; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=6l6IRObmTi22A4qMbSnnM6ba3Wpzm5pgPvI6Pkm7Bcs=; b=WxTvTCU8z8w9e5cjbFp9SzOVlcKUyYxtmMVtnrzGYdlgiwaXrI5Djux6OaR1JtdXEDZvVM R1id4vumkjgTyyTaGkCIMkK/a3l3qXEW7g3s/EQLj0nqHxgo2mYUGmymQ7iPZAT5iZE/ZT a+DQ6bnHAqFofFnaBWO/tveHvcVZYhudUzn0a9kCcriISWuUFnnZ5pLuquDa9ODy9gC3nY mGxlD5tDHQoPcfWXfP8ASWYh4IbPH/+YKdx5P5J9PFs6iby0rwoC06MBq/0XWU0Mg88wjv /acMeIO8pDKpgInKl2cFHHzo/sTU7e53ImlaFbqSA1G51bKGH/D1RXKC8q9MmQ==
Received: from srv-kerioconnect.py.meinberg.de (srv-kerioconnect.py.meinberg.de [172.16.3.65]) (using TLSv1.3 with cipher AEAD-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by seppmail.py.meinberg.de (Postfix) with ESMTPS; Tue, 9 Aug 2022 12:17:08 +0200 (CEST)
X-Footer: bWVpbmJlcmcuZGU=
Received: from localhost ([127.0.0.1]) by srv-kerioconnect.py.meinberg.de with ESMTPSA (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256 bits)); Tue, 9 Aug 2022 12:17:06 +0200
Message-ID: <7eef9a6f-a115-b009-24e5-2b96a8bc02ae@meinberg.de>
Date: Tue, 09 Aug 2022 12:17:06 +0200
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.9.0
Content-Language: en-US
To: "ntp@ietf.org" <ntp@ietf.org>
Cc: Hal Murray <halmurray@sonic.net>, Harlan Stenn <stenn@nwtime.org>
References: <20220809030711.F00DC28C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
From: Martin Burnicki <martin.burnicki@meinberg.de>
Organization: Meinberg Funkuhren GmbH & Co. KG, Bad Pyrmont, Germany
In-Reply-To: <20220809030711.F00DC28C1CA@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------nTCdNAZl0hpHR61aVjbP03FZ"
X-SM-outgoing: yes
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/KMExa1lBRC_V4ekvGnA373LxCxU>
Subject: Re: [Ntp] Antw: [EXT] Re: Quick review of WGLC for status change for draft‑ietf‑ntp‑update‑registries
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2022 10:17:21 -0000

Hal Murray wrote:
>> Really?  What % of the traffic that you see is still NTPv3?
> 
> Client requests to a pool server:
> 
> San Francisco
>    0.480%  NTPv1
> 16.376%  NTPv3
> 82.744%  NTPv4
> 
> London:
>    1.339%  NTPv1
> 17.939%  NTPv3
> 80.136%  NTPv4

Interesting. In all the years I'm working with NTP I've never seen a 
real (x)ntpd v1 in the wild.

What I've seen several times, however, are simple/dumb client 
implementations that use the NTPv3 packet format but put v1 into the 
request packets they send to servers. So these are not real v1 clients.

>> How long do you think it will be before updated NTPv4 servers are
>> "generally" deployed?
> 
> The problem is not the generally deployed, the problem is the long tail.
> 
> NIST servers respond to NTPV4 requests with NTPv3.

As far as I know, the original ntpd copies the version number of the 
client request to the version number of the response packet, except if 
the client version is higher than the real server version.

That means:

- if a v4 server gets v3 request, it should respond with v3
- if a v4 server gets v4 request, it should respond with v4
- if a v4 server gets v5 request, it should respond with v4

The latter should only work if a v5 base packet is compatible with a v4 
base packet. Otherwise a v4 server wouldn't even recognize and accept a 
request from a v5 client.


Concerning the usage of extension fields:

I think it doesn't make much sense to have a client that supports the 
old ones (e.g. autokey) and the new ones.

Existing implementations may use symmetric keys, autokey, or none of 
them, but probably don't even know about the new EFs.

For *clients* that supports the new EFs, there should be no need to use 
the old EFS. They can only support the new ones.


What does make sense, IMO, is a server which can handle *both* types of 
extension fields, to be able to serve time to both old and new clients.

So the server implementation could

- check whether a request has extension fields at all
- if there are, check for plausibility of a chain of new EFs
- if check of the new EFs fails, try the old EFs
- use the new or old EF formats in responses to clients

So new server implementations can keep or drop support for old EFs, as 
appropriate for the overall time synchronization network.

Using a mixture of old and new EFs either at the client or at the server 
side would be the worst case and result in lots of confusion.

Martin
-- 
Martin Burnicki

Senior Software Engineer

MEINBERG Funkuhren GmbH & Co. KG
Email: martin.burnicki@meinberg.de
Phone: +49 5281 9309-414
Linkedin: https://www.linkedin.com/in/martinburnicki/

Lange Wand 9, 31812 Bad Pyrmont, Germany
Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Managing Directors: Günter Meinberg, Werner Meinberg, 
Andre Hartmann, Heiko Gerstung
Websites: https://www.meinberg.de  https://www.meinbergglobal.com

v2.23.0 | Report a Bug | By Email