IETF Logo Mail Archive

Re: [Ntp] NTPv5 Loop Detection without Stratum - Why do we want this?

Miroslav Lichvar <mlichvar@redhat.com> Tue, 06 September 2022 11:32 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21055C15271D for <ntp@ietfa.amsl.com>; Tue, 6 Sep 2022 04:32:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.678
X-Spam-Level:
X-Spam-Status: No, score=-7.678 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y1eJ2UAyxYIl for <ntp@ietfa.amsl.com>; Tue, 6 Sep 2022 04:32:19 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4825BC15256F for <ntp@ietf.org>; Tue, 6 Sep 2022 04:32:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1662463938; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=3gLE33xrrQDYtUCtDFv/lpTsk36TWPQxLPBtHwRVPMo=; b=X+jZIsOW0vBcvNoFwFeMwqcPVNoRbOGS6B01CKGrojeN8HOAes8aQLFYaa9+xo2q/hk78t 1OlnJq2ir18htiiJenLLc54NPRxlMUBDKaidEBuOCBjCvIt/qWmeirK5thEYgfzlNhU160 zMelj8JKAPxwdyPrBXEmxBZQHa17px0=
Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-653-Pk1YpOyWMWaBjZxatvsCVg-1; Tue, 06 Sep 2022 07:32:07 -0400
X-MC-Unique: Pk1YpOyWMWaBjZxatvsCVg-1
Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.rdu2.redhat.com [10.11.54.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 8569438149A6; Tue, 6 Sep 2022 11:32:07 +0000 (UTC)
Received: from localhost (unknown [10.43.135.229]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 136FD2166B26; Tue, 6 Sep 2022 11:32:06 +0000 (UTC)
Date: Tue, 06 Sep 2022 13:32:05 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: kristof.teichel@ptb.de
Cc: "ntp@ietf.org" <ntp@ietf.org>
Message-ID: <YxcvtXtbHZ63Nwbv@localhost>
References: <DA1F1664-8A84-4197-844A-CA7E8DAA36B8@meinberg.de> <OF43150191.DABAA331-ONC12588B5.00362DC0-C12588B5.003861AF@ptb.de> <YxckOm2+TD3tTPN4@localhost> <OF1362448A.7EA1A3B9-ONC12588B5.003B48EF-C12588B5.003BE499@ptb.de>
MIME-Version: 1.0
In-Reply-To: <OF1362448A.7EA1A3B9-ONC12588B5.003B48EF-C12588B5.003BE499@ptb.de>
X-Scanned-By: MIMEDefang 2.78 on 10.11.54.6
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/c21keeel6V3Xw5MvIC1GoWsxgxs>
Subject: Re: [Ntp] NTPv5 Loop Detection without Stratum - Why do we want this?
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Sep 2022 11:32:20 -0000

On Tue, Sep 06, 2022 at 12:54:07PM +0200, kristof.teichel@ptb.de wrote:
> > Von: "Miroslav Lichvar" <mlichvar@redhat.com>
> > Stratum cannot prevent loops unless we don't allow clients to select a
> > server with a higher stratum (as it was in NTPv3).
> 
> Excuse me, I was naively assuming we were doing that (because otherwise, 
> why even use strata?).

I think we were doing that until NTPv4. In RFC1305 the test 7 checks
if the stratum is acceptable:
	pkt.stratum ≤ sys.stratum and pkt.stratum < NTP.MAXSTRATUM

I don't see that in RFC5905. Stratum is only included in the source
selection as an additional weight for sorting the sources. In current
implementations that weight is very small.

There is a paragraph indicating root dispersion was supposed to
prevent loops between peers at the same stratum:

   There is an important detail not shown.  The dispersion increment
   (p.epsilon + p.psi + PHI * (s.t - p.t) + |THETA|) is bounded from
   below by MINDISP.  In subnets with very fast processors and networks
   and very small delay and dispersion this forces a monotone-definite
   increase in s.rootdisp (EPSILON), which avoids loops between peers
   operating at the same stratum.

That doesn't seem to be working, because the client doesn't ignore
sources with a higher root dispersion and its own dispersion is based
only on the best source (not the highest dispersion from all of its
selected sources).

This is similar to the stratum issue.

At least this gives us a hint that even the NTPv4 authors thought that
loops should be avoided.

-- 
Miroslav Lichvar

v2.23.0 | Report a Bug | By Email