Re: [Ntp] NTP over PTP
Heiko Gerstung <heiko.gerstung@meinberg.de> Tue, 29 June 2021 07:15 UTC
Return-Path: <heiko.gerstung@meinberg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85BE63A2904 for <ntp@ietfa.amsl.com>; Tue, 29 Jun 2021 00:15:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level:
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meinberg.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v6dP57mr4DLF for <ntp@ietfa.amsl.com>; Tue, 29 Jun 2021 00:15:27 -0700 (PDT)
Received: from server1a.meinberg.de (server1a.meinberg.de [176.9.44.212]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4C883A2901 for <ntp@ietf.org>; Tue, 29 Jun 2021 00:15:26 -0700 (PDT)
Received: from seppmail.py.meinberg.de (unknown [193.158.22.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server1a.meinberg.de (Postfix) with ESMTPSA id D4C1471C0399; Tue, 29 Jun 2021 09:15:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinberg.de; s=d2021; t=1624950923; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/QAFaSWmsPdBha5kfpUkwtO5JLCHp8lrDUSuKJ1Pz7I=; b=RswS5YXM3kVQHULi/4GY5I833eVyEZhOLAaK8Pc8WA07Tt/kwOaPLU7oeAPhBEi0Qhgvmc Ttey91xjUKDEyBoQpXeFztb4HWRe8Yezps3KcqUgFRS2636t8Jzc+lFDilEgV3w68sDDDY pf1iaiWT8rgr8CE5YodF2ZHzeL/bLj+MlNxdTzY2CWzxo66ZVqSLkxAHYfq3guUQLWx+1W 6RyPTwQN3kE13P3bR/YEXzlTHIm0vM9lrc/v9BJtt5Lu2IFE8LIDhmr0B/H2i3qEMg2LE6 H7u6jkQoObh8abxpLPYZOyZ81lJ/Kgsq1qGFbudakpFym29gl7TeWyaob+3QzA==
Received: from srv-kerioconnect.py.meinberg.de (srv-kerioconnect.py.meinberg.de [172.16.3.65]) (using TLSv1.3 with cipher AEAD-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by seppmail.py.meinberg.de (Postfix) with ESMTPS; Tue, 29 Jun 2021 09:15:23 +0200 (CEST)
X-Footer: bWVpbmJlcmcuZGU=
User-Agent: Microsoft-MacOutlook/16.50.21061301
Date: Tue, 29 Jun 2021 09:15:22 +0200
Message-ID: <C5D99A22-84B8-4D27-BE74-D8267FB1DCB0@meinberg.de>
Thread-Topic: [Ntp] NTP over PTP
References: <YNRtXhduDjU4/0T9@localhost> <36AAC858-BFED-40CE-A7F7-8C49C7E6782C@meinberg.de> <YNnSj8eXSyJ89Hwv@localhost> <D32FAF20-F529-496C-B673-354C0D60A5AF@meinberg.de> <YNrDGy2M2hpLz9zc@localhost>
In-Reply-To: <YNrDGy2M2hpLz9zc@localhost>
Importance: Normal
X-Priority: 3
Thread-Index: AZ2x3tU+NDJhN2EyODFjMTJjOGIyYg==
From: Heiko Gerstung <heiko.gerstung@meinberg.de>
To: Miroslav Lichvar <mlichvar@redhat.com>
Cc: "ntp@ietf.org" <ntp@ietf.org>
X-SM-outgoing: yes
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----0192AF519314EE6420C2FB9B580AEB5D"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/fUItKgXhkFAHJnVpfzwIuoHBMgE>
Subject: Re: [Ntp] NTP over PTP
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jun 2021 07:15:33 -0000
> On Mon, Jun 28, 2021 at 05:02:43PM +0200, Heiko Gerstung wrote: >> > The unicast mode seems to be intended for networks with partial >> > on-path hardware support, where requirements on accuracy are less >> > strict, and I think this might already be better supported by NTP. >> They might be less strict but that does not mean they are worse/equal >> compared to NTP. > > How so? Because of the removal of jitter/delay variation in the network stack and OS layer (kernel) of the server and the client. > You said unicast transparent clocks don't really exist. That would be > the only advantage of unicast PTP. Boundary clocks could fully support > hardware-timestamped NTP if someone was actually interested in > implementing that. I was wrong, or better: my knowledge was outdated. Arista for example supports unicast in their switches now. > Without full on-path support NTP should generally perform better than > PTP as it doesn't assume network has a constant delay. Why do you think PTP assumes a constant network delay? PTP is measuring the delay constantly in both directions and calculates the round trip. Its delay measurement mechanism is definitely inferior to the one NTP uses (in regards to the concept) but it is good enough to allow (unicast) PTP to reliably achieve sub microsecond accuracy when used in networks with partial or full on-path support. That would not be possible in a packet switched network without proper delay compensation. > In the context of the drafts we are discussing here, I think it might > be easier for an existing PTP implementation to add support for > NTP+NTS than add NTS4UPTP. We are maintaining three different PTP implementations here at Meinberg and I can tell you that this is not true. >> > If there is some hardware that can timestamp only fixed-length PTP >> > messages with no TLVs, then that will not work with any form of >> > NTS4UPTP either, right? There has to be some TLV to authenticate the >> > message and the hardware needs to accept that. >> >> No, that's not correct. The hardware timestamping is only required during >> phase 3 (packet transmission), which does not require an NTS TLV as it relies >> completely on the AUTHENTICATION_TLV and the integrated PTP security. See 3.3 >> of my draft. The NTS TLV is required in phase 2 where client and server only >> exchange messages to negotiate the transmission, and those are not hw >> timestamped. > > I don't see how that is relevant to hardware not timestamping PTP > messages with TLVs. If a TLV present in an event message breaks the > timestamping, the hardware is unusable for any security mechanism > discussed here, except the Daniel's idea to protect unauthenticated > PTP by authenticated NTP. I did not say that hardware is not timestamping PTP event messages that carry a TLV. I just pointed out that some of the hardware timestampers might look at the length of a packet and do not timestamp anything that is longer then X bytes. A sync message is 44 bytes plus maybe 26 bytes for the AUTENTICATION_TLV. If you remove the requirement for the AUTHENTICATION_TLV because you want to run NTS over PTP, your PTP "header" is 44 bytes + 48 bytes for the NTP header + anything that NTS adds (Unique Identifier EF, NTS Authentication and Encrypted Extension Fields EF, at least one NTS Cookie EF). It is a bit complicated (for me) to calculate the total maximum size of such an NTS over PTP packet, but I am guessing that you will end up with more than 128 bytes, which might be a limit packet matching algorithms have for quickly identifying if this can be a PTP event message. The idea might still be worth to discuss and investigate. But it is not the answer to the question how we can secure unicast PTP IMHO. Regards, Heiko -- Heiko Gerstung Managing Director MEINBERG® Funkuhren GmbH & Co. KG Lange Wand 9 D-31812 Bad Pyrmont, Germany Phone: +49 (0)5281 9309-404 Fax: +49 (0)5281 9309-9404 Amtsgericht Hannover 17HRA 100322 Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung Email: heiko.gerstung@meinberg.de Web: Deutsch https://www.meinberg.de English https://www.meinbergglobal.com Do not miss our Time Synchronization Blog: https://blog.meinbergglobal.com Connect via LinkedIn: https://www.linkedin.com/in/heikogerstung Am 29.06.21, 08:52 schrieb "Miroslav Lichvar" <mlichvar@redhat.com>: On Mon, Jun 28, 2021 at 05:02:43PM +0200, Heiko Gerstung wrote: > > The unicast mode seems to be intended for networks with partial > > on-path hardware support, where requirements on accuracy are less > > strict, and I think this might already be better supported by NTP. > They might be less strict but that does not mean they are worse/equal compared to NTP. How so? You said unicast transparent clocks don't really exist. That would be the only advantage of unicast PTP. Boundary clocks could fully support hardware-timestamped NTP if someone was actually interested in implementing that. Without full on-path support NTP should generally perform better than PTP as it doesn't assume network has a constant delay. In the context of the drafts we are discussing here, I think it might be easier for an existing PTP implementation to add support for NTP+NTS than add NTS4UPTP. > > If there is some hardware that can timestamp only fixed-length PTP > > messages with no TLVs, then that will not work with any form of > > NTS4UPTP either, right? There has to be some TLV to authenticate the > > message and the hardware needs to accept that. > > No, that's not correct. The hardware timestamping is only required during phase 3 (packet transmission), which does not require an NTS TLV as it relies completely on the AUTHENTICATION_TLV and the integrated PTP security. See 3.3 of my draft. The NTS TLV is required in phase 2 where client and server only exchange messages to negotiate the transmission, and those are not hw timestamped. I don't see how that is relevant to hardware not timestamping PTP messages with TLVs. If a TLV present in an event message breaks the timestamping, the hardware is unusable for any security mechanism discussed here, except the Daniel's idea to protect unauthenticated PTP by authenticated NTP. -- Miroslav Lichvar
- [Ntp] NTP over PTP Miroslav Lichvar
- Re: [Ntp] NTP over PTP Heiko Gerstung
- Re: [Ntp] NTP over PTP Miroslav Lichvar
- Re: [Ntp] NTP over PTP Heiko Gerstung
- Re: [Ntp] NTP over PTP Doug Arnold
- Re: [Ntp] NTP over PTP Miroslav Lichvar
- Re: [Ntp] NTP over PTP Heiko Gerstung
- Re: [Ntp] NTP over PTP Miroslav Lichvar
- Re: [Ntp] NTP over PTP Heiko Gerstung
- Re: [Ntp] NTP over PTP Doug Arnold
- Re: [Ntp] NTP over PTP Miroslav Lichvar
- Re: [Ntp] NTP over PTP Miroslav Lichvar
- Re: [Ntp] NTP over PTP Heiko Gerstung
- Re: [Ntp] NTP over PTP Doug Arnold
- Re: [Ntp] NTP over PTP Miroslav Lichvar
- Re: [Ntp] NTP over PTP Heiko Gerstung
- [Ntp] RFC 8633 (NTP BCP), Appendix A: "restrict s… Ulrich Windl
- [Ntp] Antw: [EXT] RFC 8633 (NTP BCP), Appendix A:… Ulrich Windl
- Re: [Ntp] RFC 8633 (NTP BCP), Appendix A: "restri… Martin Burnicki
- [Ntp] Antw: [EXT] Re: RFC 8633 (NTP BCP), Appendi… Ulrich Windl
- Re: [Ntp] RFC 8633 (NTP BCP), Appendix A: "restri… Harlan Stenn