Re: [Ntp] WGLC on draft-ietf-alternative-port-01
Miroslav Lichvar <mlichvar@redhat.com> Mon, 26 July 2021 09:05 UTC
Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F2C23A21E0 for <ntp@ietfa.amsl.com>; Mon, 26 Jul 2021 02:05:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.55
X-Spam-Level:
X-Spam-Status: No, score=-2.55 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id m-qtzKRDJQXi for <ntp@ietfa.amsl.com>; Mon, 26 Jul 2021 02:05:39 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6B5713A21DC for <ntp@ietf.org>; Mon, 26 Jul 2021 02:05:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1627290337; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=Vu5QZo24Q6nwEgmA3TAXr1hVk1lLcdEgzNCJ5W5MksU=; b=T4HM8Hb++IGkV/ACfo6Z6wbkFXQF8/OMq9K4cLnIZeRf3dzgHav+idnLln57p21PhUJOFz sw/q+1mK9RlYHvfK9F20NPmmd7ce6DdIUuvSR6XuNKV70CnzeIP5VrFJNdtDtIPW/nYwfD wsvK/W7k+MF+5bwQK3Nqlt2PYZtB1U4=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-46-4txY5PEkPlm_HvPi-Pd55A-1; Mon, 26 Jul 2021 05:05:33 -0400
X-MC-Unique: 4txY5PEkPlm_HvPi-Pd55A-1
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id E0BF0800493; Mon, 26 Jul 2021 09:05:32 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id ECDC073DA1; Mon, 26 Jul 2021 09:05:30 +0000 (UTC)
Date: Mon, 26 Jul 2021 11:05:29 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Danny Mayer <mayer@pdmconsulting.net>
Cc: Dieter Sibold <dsibold.ietf@gmail.com>, Watson Ladd <watsonbladd@gmail.com>, NTP WG <ntp@ietf.org>
Message-ID: <YP562akF+CL/9R5s@localhost>
References: <PH0PR06MB7061EF8C35B67CDE520E60F2C2349@PH0PR06MB7061.namprd06.prod.outlook.com> <YNMbMd+3dDjAnIDP@localhost> <CACsn0cnMR=E13wd06+=Jdr++s5hqvSt7VitE8euUzc2dF_SjtQ@mail.gmail.com> <a39454b6-31b2-a8f5-1070-3d1b3c155297@pdmconsulting.net> <492BFE65-30FD-42AC-8891-B9A7D007BC03@gmail.com> <ac4aa859-7d26-17ba-a33b-dec781258b52@pdmconsulting.net>
MIME-Version: 1.0
In-Reply-To: <ac4aa859-7d26-17ba-a33b-dec781258b52@pdmconsulting.net>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/jM_R8T4Sw-8OofY2-Whe0WDWNuI>
Subject: Re: [Ntp] WGLC on draft-ietf-alternative-port-01
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Jul 2021 09:05:45 -0000
On Sun, Jul 25, 2021 at 07:46:28PM -0400, Danny Mayer wrote: > I have now come to the conclusion that this should NOT be accepted. Based on > a conversation I had recently something like 70% of all traffic is still NTP > V3 so this would not have any effect on them. Millions of firewalls would > need to be changed. While the idea is generally good, it's not practical. The draft is not specific to NTPv4. NTPv3 clients can be updated to use the alternative port too. On the public servers I'm running, with one exception (India), the observed NTPv3 share is below 10% anyway. > An easier and more practical proposal would be to remove mode 6 and 7 > packets from the existing protocol and require that those types of packets > and information be done on a separate port or even use TCP. I don't see how would that be better. If you write a new document that forbids mode 6/7 on port 123, how will that fix the existing devices that still respond to it? It's now over 7 years since the large-scale DDoS attacks started. If everyone fixed configuration of their devices to not respond to the modes, ISPs wouldn't be using the NTP rate-limiting middleboxes and we wouldn't have this discussion. Port 123 seems to be doomed, at least for the near future. The alternative port gives us a way forward. Yes, the adoption on the global scale will probably take a long time, but at least people who are most impacted will be able to do something to fix it (update their NTP servers and clients). -- Miroslav Lichvar
- [Ntp] WGLC on draft-ietf-alternative-port-01 Karen O'Donoghue
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Miroslav Lichvar
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Watson Ladd
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Danny Mayer
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Erik Kline
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Dieter Sibold
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Dieter Sibold
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Danny Mayer
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Miroslav Lichvar
- [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alternat… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Miroslav Lichvar
- Re: [Ntp] WGLC on draft-ietf-alternative-port-01 Watson Ladd
- [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alternat… Ulrich Windl
- [Ntp] Antw: Antw: [EXT] Re: WGLC on draft‑ietf‑al… Ulrich Windl
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Watson Ladd
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Danny Mayer
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Hal Murray
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Watson Ladd
- Re: [Ntp] Antw: [EXT] Re: WGLC on draft‑ietf‑alte… Danny Mayer
- [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft‑iet… Ulrich Windl
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft… Harlan Stenn
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft… Miroslav Lichvar
- Re: [Ntp] Antw: Re: Antw: [EXT] Re: WGLC on draft… Doug Arnold