[Ntp] Antw: [EXT] NTPv5 Loop Detection without Stratum
Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Wed, 24 August 2022 05:54 UTC
Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 63602C1522BE for <ntp@ietfa.amsl.com>; Tue, 23 Aug 2022 22:54:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xMn_wohara-N for <ntp@ietfa.amsl.com>; Tue, 23 Aug 2022 22:54:16 -0700 (PDT)
Received: from mx1.uni-regensburg.de (mx1.uni-regensburg.de [194.94.157.146]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0A795C1522CA for <ntp@ietf.org>; Tue, 23 Aug 2022 22:54:14 -0700 (PDT)
Received: from mx1.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id 592216000055 for <ntp@ietf.org>; Wed, 24 Aug 2022 07:54:11 +0200 (CEST)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx1.uni-regensburg.de (Postfix) with ESMTP id 27F5D600004D for <ntp@ietf.org>; Wed, 24 Aug 2022 07:54:07 +0200 (CEST)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Wed, 24 Aug 2022 07:54:08 +0200
Message-Id: <6305BCFE020000A10004CA27@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.4.1
Date: Wed, 24 Aug 2022 07:54:06 +0200
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: Heiko Gerstung <heiko.gerstung@meinberg.de>, mlichvar@redhat.com
Cc: "ntp@ietf.org" <ntp@ietf.org>
References: <DA1F1664-8A84-4197-844A-CA7E8DAA36B8@meinberg.de>
In-Reply-To: <DA1F1664-8A84-4197-844A-CA7E8DAA36B8@meinberg.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/UN_uKZWH0e7zudzKCjLZCgijeKE>
Subject: [Ntp] Antw: [EXT] NTPv5 Loop Detection without Stratum
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2022 05:54:21 -0000
>>> Heiko Gerstung <heiko.gerstung@meinberg.de> schrieb am 23.08.2022 um 12:21 in Nachricht <DA1F1664-8A84-4197-844A-CA7E8DAA36B8@meinberg.de>: > One way of avoiding/detecting loops: > - upon startup, an NTPv5 instance creates a random 64bit ID > - we add a loop detection EF that can include n IDs (or we use n EFs) > - a stratum one server, when ask for his "sync trace", responds with only > his ID Considering that a stratum-1 server may have more than one reference clock (say m) to pick, I think a stratum-1 server should actually prepare one ID per reference clock. It's a design issue whether to return one ID that is different for each clock (see below), or two IDs (server's + clock's). > - a stratum two server would add its own ID to the ID of its upstream > server, responding with a sync trace of two IDs So would it still be a loop if you find the same server, but the server itself is syncing from a different source now? I mean: What if sending one ID that is the conceptual concatenation of all "upstream IDs" (like SHA-ing the concatenation for to form a new ID) instead of several? You would need to calculate the new ID only if the reference changes. The other thing is: Return or concatenate only the reference ID, or even the selected IDs? > - a stratum 1+n server would respond with the sync trace of its upstream > source(s) plus its own ID > - if you use more than one upstream source, you can respond with a list of > all IDs from the sync trace of all your upstream sources (removing > duplicates) > - by checking if your own ID is in the sync trace of your upstream > source(s), you can find out if there is a loop > > Maybe smaller IDs (32 bit, 16 bit) would be OK as well. 10 IDs would be 80 > octets on the wire. No question that we would have to find a way to avoid I think it's rather commonsense that 64-bit is enough for global. Considering that the number of NTP setrvers at the moment is "rather small" 48 or 32 bits might do, but remember that those IDs are _not_ unique; they are random, so there may be collisions even when being used by just a few hundreds of servers. > amplification attacks (hello monlist!). Maybe by making it mandatory to send > a request (with padding bytes) that is as big as the worst case response. Amplification by replay attack? If not, then authentication might help. Regards, Ulrich > > Regards, > Heiko > > -- > Heiko Gerstung | Managing Director > T: +49 (0)5281 9309-404 | LinkedIn Profile > <https://www.linkedin.com/in/heikogerstung/> | Twitter > <https://twitter.com/hgerstung> > heiko.gerstung@meinberg.de > > MEINBERG® The Synchronization Experts > > Meinberg Funkuhren GmbH & Co. KG > Lange Wand 9 | 31812 Bad Pyrmont | Germany > Web: http://www.meinberg.de | http://www.meinbergglobal.com | LinkedIn > <https://www.linkedin.com/company/meinberg-funkuhren-gmbh-&-co--kg> > > Amtsgericht Hannover 17HRA 100322 > Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre > Hartmann, Heiko Gerstung > > Do not miss our Time Synchronization Blog: > http://blog.meinbergglobal.com > > > > Am 23.08.22, 12:07 schrieb "ntp im Auftrag von Miroslav Lichvar" > <ntp-bounces@ietf.org im Auftrag von mlichvar@redhat.com>: > > On Tue, Aug 23, 2022 at 11:30:44AM +0200, Ulrich Windl wrote: > > So my conclusion still is that the "ping pong" style of time exchange > between > > peers is in accordance with the protocol specification. > > If the protocol cannot prevent the loop, there is no other option :). > > If NTPv5 can detect all loops, the client can decide to ignore the > measurements of the source to avoid the loop. > > > (However if those peer have no other time source, the quality should > become > > worse over time, eventually declaring them unsynchronized) > > If they have no other time source, the protocol will block the > synchronization by ignoring sources with larger stratum (NTPv3) or > ignoring sources with matching refid (NTPv4). > > > > It causes oscillations, which has a negative impact on stability of > > > the clocks. If you remove the symmetric associations, it performs > > > better. You can easily verify that. > > > > It may be, but would it be in the spirit of the protocol specification? > > I'm not sure what you mean by this. > > -- > Miroslav Lichvar > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] NTPv5 Loop Detection without Stratum Heiko Gerstung
- Re: [Ntp] NTPv5 Loop Detection without Stratum Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum Paul Gear
- [Ntp] Antw: [EXT] NTPv5 Loop Detection without St… Ulrich Windl
- Re: [Ntp] NTPv5 Loop Detection without Stratum Harlan Stenn
- Re: [Ntp] NTPv5 Loop Detection without Stratum Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum Heiko Gerstung
- [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection withou… Ulrich Windl
- Re: [Ntp] NTPv5 Loop Detection without Stratum Danny Mayer
- Re: [Ntp] Antw: [EXT] NTPv5 Loop Detection withou… Danny Mayer
- [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detection … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… David Venhoek
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Hal Murray
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Miroslav Lichvar
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Heiko Gerstung
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Hal Murray
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Danny Mayer
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Harlan Stenn
- Re: [Ntp] Antw: Re: Antw: [EXT] NTPv5 Loop Detect… Harlan Stenn
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Harlan Stenn
- [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 Loop … Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Hal Murray
- Re: [Ntp] Antw: Re: Antw: Re: Antw: [EXT] NTPv5 L… Miroslav Lichvar
- [Ntp] Antw: Re: Antw: Re: Antw: Re: Antw: [EXT] N… Ulrich Windl
- [Ntp] SNTP and extension fields (WAS: Re: Antw: R… kristof.teichel
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … kristof.teichel
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … kristof.teichel
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- Re: [Ntp] SNTP and extension fields (WAS: Re: Ant… Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- [Ntp] Antw: Re: SNTP and extension fields (WAS: R… Ulrich Windl
- [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection withou… Ulrich Windl
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection wi… Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection withou… Ulrich Windl
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] NTPv5 Loop Detection without Stratum - … Danny Mayer
- Re: [Ntp] Symmetric mode Danny Mayer
- [Ntp] Antwort: Re: Symmetric mode kristof.teichel
- Re: [Ntp] Symmetric mode Hal Murray
- [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection withou… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: NTPv5 Loop Detection wi… Harlan Stenn
- [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 Loop Detect… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: NTPv5 Loop De… Harlan Stenn
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Harlan Stenn
- Re: [Ntp] Symmetric mode Hal Murray
- [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric mode Ulrich Windl
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Antwort: Re: Symmetric mode Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Hal Murray
- [Ntp] Antw: Re: Antw: [EXT] Re: Antwort: Re: Symm… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Miroslav Lichvar
- Re: [Ntp] Antw: [EXT] Re: Antwort: Re: Symmetric … Ulrich Windl
- Re: [Ntp] Antwort: Re: Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: Antwort: Re: … Danny Mayer
- Re: [Ntp] Symmetric mode Hal Murray
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: Symmetric mode Harlan Stenn
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] Antwort: Re: Symmetric mode Miroslav Lichvar
- Re: [Ntp] Symmetric mode Danny Mayer
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Antwort: Re: Symmetric mode Miroslav Lichvar
- Re: [Ntp] Symmetric mode Hal Murray
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl
- Re: [Ntp] Symmetric mode Doug Arnold
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Harlan Stenn
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Antwort: Re: Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Doug Arnold
- Re: [Ntp] Symmetric mode David Venhoek
- Re: [Ntp] Antwort: Re: Symmetric mode Miroslav Lichvar
- Re: [Ntp] Symmetric mode Miroslav Lichvar
- Re: [Ntp] Symmetric mode Hal Murray
- Re: [Ntp] Symmetric mode Danny Mayer
- Re: [Ntp] Antwort: Re: Symmetric mode Danny Mayer
- Re: [Ntp] Symmetric mode Danny Mayer
- [Ntp] Antw: [EXT] Re: Symmetric mode Ulrich Windl