Re: [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft‑ietf‑alternative‑port‑01
Doug Arnold <doug.arnold@meinberg-usa.com> Thu, 05 August 2021 14:26 UTC
Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9CA223A1413 for <ntp@ietfa.amsl.com>; Thu, 5 Aug 2021 07:26:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meinberg-usa.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fkn0iMAoEZXh for <ntp@ietfa.amsl.com>; Thu, 5 Aug 2021 07:26:41 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2041.outbound.protection.outlook.com [40.107.22.41]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1AD943A1415 for <ntp@ietf.org>; Thu, 5 Aug 2021 07:26:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RQ3vyPimwUfxyQ4Khyf+/ZMSL6YEpYst10V7IXlefNyPCgywRKDPNWGHU2ELrxN+WMjQvPsnLlKk/JdwA5SPBLskzwySeP5wFbStWspBxfYmiDbS1fXacApNHnGmZCWXb3bq/EK6IVvUm/wQvVBzyk1gseyzH9Gb6hpQ0YdRIam/Itm9grIuxzb2MpHyS8HMLfWQCJ4hLyIaCxp7kKmO13d6Hev0y+i5BwvK6xcS8PyB2f1Fjnse9HpqsdI6DTon/lwI/XZ6mEx2WiesZMSfFogUM3oq77i6OXAGFovdK2kJQa0u5c1QRDg69ueuW1UI3pIOngMWanExAfqnyk8AuQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9K4wRJrkMzSK1O8gwVPW65mpdTo/jGIn0Tn0+umLgeo=; b=P+yEH01l6E+JEshxLeEU2qW2WcNncD9L3OsGLKdrEgdMVKwho6GWjeae1ShEvXdi3pkfuz0zMwAiN0hCDLqwv3pvJWrOMKYxHlTi+Dtuphvw3Di+2C45Q0DGez8oyC3coWWGFrBFl7s4KiMmNTivUcx5zFzWL7GbbXPPAyCrpaGZNJ7d+DmJq52zEE6DU90TIbzFuYlfc5jzyCBVJhh+wy4LtOVPs8VAHR917R3BT2bv5S0sVfRWzHLW2sFG7t9bs4ZI+c8YWcAvOoydPx/rNC74wY3HdaR0J009l5ylhBkNXXNa68rUEDZLWcvyFvWdbmrjG82wWTUhJbmf11J1Kw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinberg-usa.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9K4wRJrkMzSK1O8gwVPW65mpdTo/jGIn0Tn0+umLgeo=; b=M/FpvVCLnBp8LilRCNyKKn/DhZZD2vJWM2DOQ9hVsZUPLir1DfvGs3y1IsQbcWQWVGUevFWknye7Zj1ajNlgr7pMzjH6ETy0qf4E4tIuAQk2fRCJ4ESHsmm+xB8r2DGfP1AnunI0P7kEJBcre2lcUyZRYSkq20HTognvrscUj/g0ZEwUYit+5cYA9UbD10JBQZPyy0FtYhUFVrs5CDXOS/auV0HglzZLQ/0l+K6JJFO+di7hlXEQOUZUx8TAITr4fe5ijYQjORkcXIHSpZDlO2v/idBjZTjgqpOFAwfEmh5eeXaeKVyJNB8US/vz56C3sT2AMokd+lQy66w22WM3zA==
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com (2603:10a6:20b:102::15) by AM6PR02MB4630.eurprd02.prod.outlook.com (2603:10a6:20b:64::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4373.26; Thu, 5 Aug 2021 14:26:35 +0000
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::a8da:813a:9ad2:f3c5]) by AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::a8da:813a:9ad2:f3c5%2]) with mapi id 15.20.4394.017; Thu, 5 Aug 2021 14:26:35 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: Miroslav Lichvar <mlichvar@redhat.com>, Harlan Stenn <stenn@nwtime.org>
CC: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, "ntp@ietf.org" <ntp@ietf.org>, "halmurray+ietf@sonic.net" <halmurray+ietf@sonic.net>
Thread-Topic: [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft‑ietf‑alternative‑port‑01
Thread-Index: AQHXiQTjpPxFsfWS0UyenqgjMNL5katkeyQAgAB9Yx4=
Date: Thu, 05 Aug 2021 14:26:35 +0000
Message-ID: <AM7PR02MB5765DF53FC8FB21D59DE4A49CFF29@AM7PR02MB5765.eurprd02.prod.outlook.com>
References: <9C21DF1F020000EB6A6A8CFC@gwsmtp.uni-regensburg.de> <D9104F8D020000FEAB59E961@gwsmtp.uni-regensburg.de> <610253DA020000A100042C8B@gwsmtp.uni-regensburg.de> <61025C79020000A100042C9B@gwsmtp.uni-regensburg.de> <2FCD5C39020000B9AB59E961@gwsmtp.uni-regensburg.de> <1E89B79A020000F55AEBDC6A@gwsmtp.uni-regensburg.de> <32C7A15902000060FDA5B133@gwsmtp.uni-regensburg.de> <61078A68020000A100042DD7@gwsmtp.uni-regensburg.de> <YQegwC/8qioEWJ/P@localhost> <c8e4130c-cd44-e426-4346-31ffb879e289@nwtime.org>, <YQuK5gqaxay/xR93@localhost>
In-Reply-To: <YQuK5gqaxay/xR93@localhost>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: redhat.com; dkim=none (message not signed) header.d=none;redhat.com; dmarc=none action=none header.from=meinberg-usa.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 2040f399-3f31-43a7-f2a2-08d9581d077c
x-ms-traffictypediagnostic: AM6PR02MB4630:
x-microsoft-antispam-prvs: <AM6PR02MB4630614115CF7BF80445637FCFF29@AM6PR02MB4630.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: fX+zn2CwNPjQW/znoPTL6BVfEL3f8H97o7whEnYC5py6AWpACEfQocFSVXqVrVZM3uCb8Kg8+JzS+707Vf/ldTpo9c6czegebtEH+9HPsUzodu10rrYWwqM3FN63DlS8ib2SHezPsZ99TGyzH7mpFTlsUV1qqxBfyw4tC0CwhNF1srO09+ntUc9OXEi2ktu6tYuE61vu5G7xBu7xSW5E73RXja5VyunJuGP+ueR1z258eYyiSev3IXZGlfn/KrKRSqQkjnUn66zGU82aiuRz0RaD4Yn6U/TtfO4b1XCUg2wtyu/W/g2z9adavmrt+i1IX+jn4xoS2GkRb32+kucsEKLsKCIJAkSnbGmwCc9g9VUK9LoLacTjsxhyAIstQ6hvonWphX4yvxO9G8XlZfO60faG3ULKQEy+lvx7IZqA5U/KKU9iyLs5ddm+AHIrch0MShqgfXfd+/Wai9QdLJu8kJHB8rSUK0MRjSVD92xxbknFbAF3ogMAdaBpPhB+evTPwnzD2wV3nIkV0gQymYuUEIAkho2wyXN8SbQfhv+q61bUYzbtIbCdfQ59glGWbArKW+NrpMpIPI2VK+t+LfLJ+6gvWM57uoAFHRDYo3Uo9HitNvx0pmODbdFA6sTVpaaN+Wi4F0YHLPNZ6TK2146eQ65ZsI/Uvj3OPMqxYdwKyO9xPmQP3Yv//hAgYfP6fc5IWrOGHnUDniwmMDmcKqCGe9HyhZ1SsYCBHqS7HDeQkLcKRVxmrgZ+fBh2s29OmT3lOq3ls/ZEFOx0Rz8gYmIchkPipcft6A5JsdKvr4Gmvds=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR02MB5765.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(376002)(366004)(136003)(346002)(396003)(39830400003)(76116006)(66446008)(2906002)(5660300002)(54906003)(64756008)(44832011)(66556008)(110136005)(86362001)(66476007)(122000001)(91956017)(83380400001)(508600001)(966005)(26005)(53546011)(52536014)(38100700002)(66946007)(7696005)(9686003)(186003)(8936002)(166002)(71200400001)(6506007)(4326008)(33656002)(316002)(55016002)(38070700005); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 5MnE8rCZXdplLv9YqH7H9S571Q9ITvfeQ7yMCUWyeR29YHyu6MTtZCzlBdi4eLcao3zYD93rjhIMxvUcTBaTnPAb6jcrsz9i1vZoSwLg4f+uzfm6k3Tiw6Xh1ptLSNA0G9HPifodm0xTu21zKhIHvoKNX7sZtQfly9ekbsrc77OOoCxZl2NWkXFDx+ibNfMT7Hd5fqDOCtoJ3m5Sw4BScRmtArdckBtg5FZtyCeJXtkszDUsPHNEeTEuRfHZGoAc5Cd15nPQh3hwNzVoc2Qf9U+4Pehm6MnDKyC4QuZUolyj+TqE98ehmqCo5nK/NmL8Ag/RtbI7LxtwAk4xiIPZ8wDJNnze5PPAJoJlQnzv8FgnLg4XepPB669sCmkyWBRxJtdF+wkUnMkNUi9ygL93E+Y3CtgW/VjMKws+3CVQKE5oinXkwo6FmWeNDLL3C3zE39jvNiBYafQ939ss0UvusIthhLV2mtBJCqPBPAv9VkIpAsHzNiTYL2bvJymiIK02OlyjZZM7lRBEWlqFoZPB9CJ8lLpJOhxRjR4OOudMLyxA//hQGc8IYSaLbPIGvVeOcWx3i8t7ylal1ZSNwsrhL6RuLkalaP9PCaTlodhNlYEMbrjGjebq/9DFY8ICU1CwaIwiKue1EwvMvk/TgxVM3fNjSOjJiJ0gWbme3rXnwEqBMWtjmYpNfy5edOoUQyuOKG7j4Dqhc3qiU63b4IettOa9k4T14POzjwjbGIAjWNmuFf2jI4rP/UVgqjsWPpYIdWuGFkp+abhrD1Gkp6eIQtww1/HSJvcVHBjplyVVmJM6KrLk4EiEfmSNsex8nTijvmSX5LSANtpbfiwmaLUewQD39zXkqpAXWWd+t9MKPhxPepCv8zNkmgLOVYOmA78GWQrMAibwob2Za/WicHjLcqNWi5tZV2nMxWDSsPMTzXQLbfBUaQtjTdnH8HNWDab7I83PaJ6IG4VtZxmR6uQOFN5wFJbOCMsIq8QFXLnf/bGgbUczPAstSAE5V79qZpDcKuENNtHXmX4tQbHjXyptEM/hhabf8777k/O0gr8UHMf0Zbnk1Y9kbjw797WBLgko/PiXEN1GqnQB+uHvimvjn3JX0i7KbL5+gfNqXl3C2PT8Fdx2q7A7hhQX5CUkJMXv4Avv7nNBDEQ0bNrG1QGpxTRBl5JPqLBnEj0E0NaCJAs9butGI+6i+CY2OFm2zXVSCV1LyTVFR6bsaVnzs903D8cZUqL5vRwNtNZLpq+tuhaGNQQ5o+SNJUnBpgNVuFhiPOBrIzc6TqyHcYhScG+vkVz7fyue5ZSK2KfB5WILqQHJCGM7w3PQ0n7DL4ijDcxQ
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM7PR02MB5765DF53FC8FB21D59DE4A49CFF29AM7PR02MB5765eurp_"
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR02MB5765.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 2040f399-3f31-43a7-f2a2-08d9581d077c
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Aug 2021 14:26:35.1326 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Tc4tHOJZPlwtBNJKJxLv5Ef14sTqWVVmpmTnsY10Ch0T4sEd4cpTPFdh6Mv8dbk66Pvdf+BbemfrvpOL+1H1SM78tvYAkKC102Ya3Rg++EU=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR02MB4630
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/PLEQe2o9zGVYyVBO3JhpN-2Fams>
Subject: Re: [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft‑ietf‑alternative‑port‑01
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Aug 2021 14:26:47 -0000
Miroslav is correct. Once network appliances are deployed in the field, then some instances that still behave this way with respect to port 123 will be around for many years to come. Doug From: ntp <ntp-bounces@ietf.org> on behalf of Miroslav Lichvar <mlichvar@redhat.com> Date: Thursday, August 5, 2021 at 2:53 AM To: Harlan Stenn <stenn@nwtime.org> Cc: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>, ntp@ietf.org <ntp@ietf.org>, halmurray+ietf@sonic.net <halmurray+ietf@sonic.net> Subject: Re: [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft‑ietf‑alternative‑port‑01 On Wed, Aug 04, 2021 at 12:46:21AM -0700, Harlan Stenn wrote: > On 8/2/2021 12:37 AM, Miroslav Lichvar wrote: > > On Mon, Aug 02, 2021 at 08:02:16AM +0200, Ulrich Windl wrote: > >> I just wonder: Wouldn't rate limiting (or bandwidth limiting) be the correct > >> way to do? > > > > I think that's what they currently do. It effectively causes a DoS on > > NTP. > > I don't understand exactly what you mean here by "causes a DoS on NTP." > Clarify, please? Rate limiting of NTP packets can cause a denial of the NTP service for legitimate clients. They don't get a response to their requests and cannot synchronize their clock. It doesn't matter if the rate limiting is happening on the server or some middlebox in the network. > > See the discussions at community.ntppool.org. Large numbers of > > servers are randomly rejected from the pool due to heavy packet loss > > specific to port 123 on the path to the monitoring system. > > If the target system is receiving too many packets and is dropping them > already the monitoring system needs to know this, and rank the target > accordingly. It's not the server dropping packets. It's major ISPs specifically rate limiting packets on the UDP port 123. If you run mtr in the UDP mode on that port, you will see a huge packet loss on the boundary of their network. If you change the port number, the loss immediately disappears. It's not a congested network or overloaded server. We can speculate if this would have happened if ntpd promptly fixed the mode 6 to not amplify traffic, or at least changed the defaults to not allow remote access. We probably won't ever know. The damage is done. The port is no longer usable on the global scale. We need to move to a different port and restrict it to the non-amplifying subset of the protocol, so this doesn't happen again. That's what this draft is trying to do. -- Miroslav Lichvar _______________________________________________ ntp mailing list ntp@ietf.org https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] WGLC on draft-ietf-alternative-port-01 Karen O'Donoghue
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Miroslav Lichvar
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Watson Ladd
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Danny Mayer
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Erik Kline
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Dieter Sibold
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Dieter Sibold
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Danny Mayer
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alternat… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Miroslav Lichvar
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Watson Ladd
- [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alternat… Ulrich Windl
- [Ntp] Antw: Antw: [EXT] Re: WGLC on draft‑ietf‑al… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Watson Ladd
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Watson Ladd
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Danny Mayer
- [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft‑iet… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft… Harlan Stenn
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft… Doug Arnold