Re: [Ntp] NTP over PTP

Heiko Gerstung <heiko.gerstung@meinberg.de> Tue, 29 June 2021 07:15 UTC

Return-Path: <heiko.gerstung@meinberg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 85BE63A2904 for <ntp@ietfa.amsl.com>; Tue, 29 Jun 2021 00:15:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.399
X-Spam-Level:
X-Spam-Status: No, score=-4.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=meinberg.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v6dP57mr4DLF for <ntp@ietfa.amsl.com>; Tue, 29 Jun 2021 00:15:27 -0700 (PDT)
Received: from server1a.meinberg.de (server1a.meinberg.de [176.9.44.212]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B4C883A2901 for <ntp@ietf.org>; Tue, 29 Jun 2021 00:15:26 -0700 (PDT)
Received: from seppmail.py.meinberg.de (unknown [193.158.22.2]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server1a.meinberg.de (Postfix) with ESMTPSA id D4C1471C0399; Tue, 29 Jun 2021 09:15:23 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinberg.de; s=d2021; t=1624950923; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=/QAFaSWmsPdBha5kfpUkwtO5JLCHp8lrDUSuKJ1Pz7I=; b=RswS5YXM3kVQHULi/4GY5I833eVyEZhOLAaK8Pc8WA07Tt/kwOaPLU7oeAPhBEi0Qhgvmc Ttey91xjUKDEyBoQpXeFztb4HWRe8Yezps3KcqUgFRS2636t8Jzc+lFDilEgV3w68sDDDY pf1iaiWT8rgr8CE5YodF2ZHzeL/bLj+MlNxdTzY2CWzxo66ZVqSLkxAHYfq3guUQLWx+1W 6RyPTwQN3kE13P3bR/YEXzlTHIm0vM9lrc/v9BJtt5Lu2IFE8LIDhmr0B/H2i3qEMg2LE6 H7u6jkQoObh8abxpLPYZOyZ81lJ/Kgsq1qGFbudakpFym29gl7TeWyaob+3QzA==
Received: from srv-kerioconnect.py.meinberg.de (srv-kerioconnect.py.meinberg.de [172.16.3.65]) (using TLSv1.3 with cipher AEAD-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by seppmail.py.meinberg.de (Postfix) with ESMTPS; Tue, 29 Jun 2021 09:15:23 +0200 (CEST)
X-Footer: bWVpbmJlcmcuZGU=
User-Agent: Microsoft-MacOutlook/16.50.21061301
Date: Tue, 29 Jun 2021 09:15:22 +0200
Message-ID: <C5D99A22-84B8-4D27-BE74-D8267FB1DCB0@meinberg.de>
Thread-Topic: [Ntp] NTP over PTP
References: <YNRtXhduDjU4/0T9@localhost> <36AAC858-BFED-40CE-A7F7-8C49C7E6782C@meinberg.de> <YNnSj8eXSyJ89Hwv@localhost> <D32FAF20-F529-496C-B673-354C0D60A5AF@meinberg.de> <YNrDGy2M2hpLz9zc@localhost>
In-Reply-To: <YNrDGy2M2hpLz9zc@localhost>
Importance: Normal
X-Priority: 3
Thread-Index: AZ2x3tU+NDJhN2EyODFjMTJjOGIyYg==
From: Heiko Gerstung <heiko.gerstung@meinberg.de>
To: Miroslav Lichvar <mlichvar@redhat.com>
Cc: "ntp@ietf.org" <ntp@ietf.org>
X-SM-outgoing: yes
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="----0192AF519314EE6420C2FB9B580AEB5D"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/fUItKgXhkFAHJnVpfzwIuoHBMgE>
Subject: Re: [Ntp] NTP over PTP
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jun 2021 07:15:33 -0000

> On Mon, Jun 28, 2021 at 05:02:43PM +0200, Heiko Gerstung wrote:
>> > The unicast mode seems to be intended for networks with partial
>> > on-path hardware support, where requirements on accuracy are less
>> > strict, and I think this might already be better supported by NTP.
>> They might be less strict but that does not mean they are worse/equal
>> compared to NTP.
> 
> How so?
Because of the removal of jitter/delay variation in the network stack and OS layer (kernel) of the server and the client. 

> You said unicast transparent clocks don't really exist. That would be
> the only advantage of unicast PTP. Boundary clocks could fully support
> hardware-timestamped NTP if someone was actually interested in
> implementing that.
I was wrong, or better: my knowledge was outdated. Arista for example supports unicast in their switches now.

> Without full on-path support NTP should generally perform better than
> PTP as it doesn't assume network has a constant delay.
Why do you think PTP assumes a constant network delay? PTP is measuring the delay constantly in both directions and calculates the round trip. Its delay measurement mechanism is definitely inferior to the one NTP uses (in regards to the concept) but it is good enough to allow (unicast) PTP to reliably achieve sub microsecond accuracy when used in networks with partial or full on-path support. That would not be possible in a packet switched network without proper delay compensation.

> In the context of the drafts we are discussing here, I think it might
> be easier for an existing PTP implementation to add support for
> NTP+NTS than add NTS4UPTP.

We are maintaining three different PTP implementations here at Meinberg and I can tell you that this is not true. 

>> > If there is some hardware that can timestamp only fixed-length PTP
>> > messages with no TLVs, then that will not work with any form of
>> > NTS4UPTP either, right? There has to be some TLV to authenticate the
>> > message and the hardware needs to accept that.
>>
>> No, that's not correct. The hardware timestamping is only required during
>> phase 3 (packet transmission), which does not require an NTS TLV as it relies
>> completely on the AUTHENTICATION_TLV and the integrated PTP security. See 3.3
>> of my draft. The NTS TLV is required in phase 2 where client and server only
>> exchange messages to negotiate the transmission, and those are not hw
>> timestamped.
> 
> I don't see how that is relevant to hardware not timestamping PTP
> messages with TLVs. If a TLV present in an event message breaks the
> timestamping, the hardware is unusable for any security mechanism
> discussed here, except the Daniel's idea to protect unauthenticated
> PTP by authenticated NTP.

I did not say that hardware is not timestamping PTP event messages that carry a TLV. I just pointed out that some of the hardware timestampers might look at the length of a packet and do not timestamp anything that is longer then X bytes. A sync message is 44 bytes plus maybe 26 bytes for the AUTENTICATION_TLV.  If you remove the requirement for the AUTHENTICATION_TLV because you want to run NTS over PTP, your PTP "header" is 44 bytes + 48 bytes for the NTP header + anything that NTS adds (Unique Identifier EF, NTS Authentication and Encrypted Extension Fields EF, at least one NTS Cookie EF). It is a bit complicated (for me) to calculate the total maximum size of such an NTS over PTP packet, but I am guessing that you will end up with more than 128 bytes, which might be a limit packet matching algorithms have for quickly identifying if this can be a PTP event message. 

The idea might still be worth to discuss and investigate. But it is not the answer to the question how we can secure unicast PTP IMHO. 

Regards,
   Heiko


-- 
Heiko Gerstung 
Managing Director 
 
MEINBERG® Funkuhren GmbH & Co. KG 
Lange Wand 9 
D-31812 Bad Pyrmont, Germany 
Phone: +49 (0)5281 9309-404 
Fax: +49 (0)5281 9309-9404 
 
Amtsgericht Hannover 17HRA 100322 
Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung 
 
Email: 
heiko.gerstung@meinberg.de
Web: 
Deutsch https://www.meinberg.de
English https://www.meinbergglobal.com
 
Do not miss our Time Synchronization Blog: 
https://blog.meinbergglobal.com
 
Connect via LinkedIn: 
https://www.linkedin.com/in/heikogerstung
 
 

Am 29.06.21, 08:52 schrieb "Miroslav Lichvar" <mlichvar@redhat.com>om>:

    On Mon, Jun 28, 2021 at 05:02:43PM +0200, Heiko Gerstung wrote:
    > > The unicast mode seems to be intended for networks with partial
    > > on-path hardware support, where requirements on accuracy are less
    > > strict, and I think this might already be better supported by NTP.
    > They might be less strict but that does not mean they are worse/equal compared to NTP.

    How so?

    You said unicast transparent clocks don't really exist. That would be
    the only advantage of unicast PTP. Boundary clocks could fully support
    hardware-timestamped NTP if someone was actually interested in
    implementing that.

    Without full on-path support NTP should generally perform better than
    PTP as it doesn't assume network has a constant delay.

    In the context of the drafts we are discussing here, I think it might
    be easier for an existing PTP implementation to add support for
    NTP+NTS than add NTS4UPTP.

    > > If there is some hardware that can timestamp only fixed-length PTP
    > > messages with no TLVs, then that will not work with any form of
    > > NTS4UPTP either, right? There has to be some TLV to authenticate the
    > > message and the hardware needs to accept that.
    > 
    > No, that's not correct. The hardware timestamping is only required during phase 3 (packet transmission), which does not require an NTS TLV as it relies completely on the AUTHENTICATION_TLV and the integrated PTP security. See 3.3 of my draft. The NTS TLV is required in phase 2 where client and server only exchange messages to negotiate the transmission, and those are not hw timestamped. 

    I don't see how that is relevant to hardware not timestamping PTP
    messages with TLVs. If a TLV present in an event message breaks the
    timestamping, the hardware is unusable for any security mechanism
    discussed here, except the Daniel's idea to protect unauthenticated
    PTP by authenticated NTP.

    -- 
    Miroslav Lichvar