Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp

Doug Arnold <doug.arnold@meinberg-usa.com> Mon, 08 March 2021 16:38 UTC

Return-Path: <doug.arnold@meinberg-usa.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 780F53A0E7B for <ntp@ietfa.amsl.com>; Mon, 8 Mar 2021 08:38:17 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=meinbergfunkuhren.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mfYphKatEGnW for <ntp@ietfa.amsl.com>; Mon, 8 Mar 2021 08:38:13 -0800 (PST)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70077.outbound.protection.outlook.com [40.107.7.77]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F0A83A0E4D for <ntp@ietf.org>; Mon, 8 Mar 2021 08:38:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KYjs/oANIIviqp99BvmYlxzcctqGIBoBqAupqMFeU2bKexRMbHEtVhvyljQlPMDDSaxTd/FuXzUZDowOFRrhbfXSDIThodMp9p2maZinsaXiT1iWTUookFkBfl83Uzwn482dVFu+UwVQaDj0KW0HknDrGu6OLVHidDC9VBZHoudddH1Z6J9SkMp3oxrOJRLE1F7umekdaQlsrDiM6ayQ3XYrQQ+vCGrZWvh/7d5yhU4CkaJojK4TOni5zKXf/N4VOkS4US+rMmkpiqGdxJxzxA95RLp6OEqR5FNt0mRs44CAIsEuVXV2Bb07XWlnxpd16Wno9H0M+2GE4xZNtJXGUQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ihFY7Et6VzxjCSi7b30y7QRimMDlwo+W6Re17GFZT2I=; b=aRaTJB9D/CP/JnBNK5cvrwH5u+o8iA7jMH0qS6AsHnFY1ZFI5UrG5PDAZ3pfq3Sn4aJ+ttq4wt0aeI9fpSGpQtysTmW3ImarRGStD6HL3Zdp3i/EFCCCXC9GrM1NZzJD+bcXZ0vXFMXFHE21DZCFQHdeDTfAthqusVwS1Bi6/GdR7A+8Gcgp+0bgcWJQ1Y4upfB5cAxkKOM3CQNpHM03UKtNtCv8B9Euyc5xGLdaLcPDuZIh8SBpUecB7ZB1rl2vRDuuP/8FA0/akFPAcJ8njUxSKZrqZCjgYp5JcV+QZrpTA4b69+OB3g6GNaVm9A2mQBlt/qKX2u4/m0m//AAjuA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=meinberg-usa.com; dmarc=pass action=none header.from=meinberg-usa.com; dkim=pass header.d=meinberg-usa.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=meinbergfunkuhren.onmicrosoft.com; s=selector1-meinbergfunkuhren-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ihFY7Et6VzxjCSi7b30y7QRimMDlwo+W6Re17GFZT2I=; b=Jt6zLm/S2qQOFLm1qTzWWwEXxUFV3r9KWJMVJu82OtnlRoBl/psUZKIJIP/342yQ38dwslGnaU5h92rUq9hh8iBtaLk5qUAaqscdL1dMQIHMAiuHTQ05d4QSiuEw0/cAsArHzAkOiaiW3OGQK7r9zkVGiw1RugWXyrtW7SpOB6c=
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com (2603:10a6:20b:102::15) by AM6PR02MB3925.eurprd02.prod.outlook.com (2603:10a6:20b:48::29) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3890.19; Mon, 8 Mar 2021 16:38:09 +0000
Received: from AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::1904:fe43:fe69:688a]) by AM7PR02MB5765.eurprd02.prod.outlook.com ([fe80::1904:fe43:fe69:688a%6]) with mapi id 15.20.3890.038; Mon, 8 Mar 2021 16:38:09 +0000
From: Doug Arnold <doug.arnold@meinberg-usa.com>
To: Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org>, Dieter Sibold <dsibold.ietf@gmail.com>, Miroslav Lichvar <mlichvar@redhat.com>
CC: Watson Ladd <watsonbladd@gmail.com>, NTP WG <ntp@ietf.org>, "Langer, Martin" <mart.langer@ostfalia.de>
Thread-Topic: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
Thread-Index: AQHXEfmJtNaN0VzHCUaO5mbZJT9fA6p4xFKAgAEne4CAAAi0AIAAEEoAgABIUICAAAB2vw==
Date: Mon, 8 Mar 2021 16:38:09 +0000
Message-ID: <AM7PR02MB5765CC7A3E0335C0A7828E50CF939@AM7PR02MB5765.eurprd02.prod.outlook.com>
References: <CACsn0cnz1GfKUKn6q61qmAbs=VPgTGFZnP=kEeQHk9CUxLACXg@mail.gmail.com> <f51dfb1db7c843ecaf58efac526d30ef@ostfalia.de> <6C614D22-A00E-432E-A65E-9A21F8B4476E@meinberg.de> <YEYHHhIrYv4ZhTkl@localhost> <675BBD71-AEE4-4DA5-A64F-40C86BB9755C@gmail.com>, <A069DFA5-ABBE-433A-8811-62CE860374BF@meinberg.de>
In-Reply-To: <A069DFA5-ABBE-433A-8811-62CE860374BF@meinberg.de>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=meinberg-usa.com;
x-originating-ip: [64.30.82.72]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 5243ac52-8a43-4cee-16f1-08d8e2508f12
x-ms-traffictypediagnostic: AM6PR02MB3925:
x-microsoft-antispam-prvs: <AM6PR02MB392538EAB9AA06049F7BD837CF939@AM6PR02MB3925.eurprd02.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: tqZ0bOl5+2JOKPRRGuiL9Y+KuA0CqYcne2MBoBe6rQqD/dcuBE+RiMsJFd3gzn1RtiXKwmHx+QU41M3N6R63cpm3vnXhm9VBEoy3dgDz2jW8UMwFQ4g3tD5addvW2AX7t9PE5s4JznPaYuxZjZc1a3MhQb3Z5+mgd1rSbA2+4Dd3zholXkYWZQHLT9/pzuoHU/t4S7hPrpYHmCtB3B873ZcT19KR3pbdOMMTCk6be3hFziE6Xtj1b/yc6SzFvrpCIEKrqvOEiuL9DH9BnPKQgM3lYMKigftujy/2MQtRB8XDZP5LE4sF+dnwMU/KUfT50Sndvnjq77gVRAEcDj9eBxghHL8GO+LOVVF5U4EMPeopEy1u/6cPkZ+5G5M1halG3NEEJlpVbRhI9CwsECGfx7Xk2Ti22hx+jZTsfWQaYaFBTvwY1matF/BXZLmruOZegfUWYWSjAyEcaCj+fEVtKe7KPjyZoqj/SkQMdZv4RDYegIPETsWvfvEHTcAYlBWfQ/HO5UrJ/GdE08xcFiAaWKTVhmurShKAHuxMhmU1ezgHanIZItDD7hBtELVc8Ov5wP+6rjFIEyPw/81255DYRkY6OD6ahaAdPXz5TbvBv0M=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM7PR02MB5765.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(396003)(39830400003)(366004)(376002)(346002)(136003)(64756008)(6506007)(9686003)(66556008)(8936002)(83380400001)(5660300002)(478600001)(66476007)(66574015)(55016002)(86362001)(76116006)(91956017)(45080400002)(7696005)(66446008)(71200400001)(66946007)(2906002)(186003)(52536014)(54906003)(166002)(33656002)(110136005)(26005)(316002)(53546011)(44832011)(8676002)(966005)(4326008); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?YW05Y3hJaUM2aS9WR0xZMlJRZUN1L1VObVcxRUhZaElYU29sRnlLTDkrTjVE?= =?utf-8?B?cGNTWVh6bjNraHR6UXVna2Ivc0taZXo3WDlaZ1FWUlBHSFlacXRYUVdtYnhV?= =?utf-8?B?L2FHWkFla1RYQkJkWWo4cVNkdnl3cGduSzNQS2c1SG5tVVVQelNVelNDTTNW?= =?utf-8?B?dmhqU01sMWYxRkd3LzdVMWVuRE1SdEF0d0FzQVlEbGlNSGxhRTVEc2x0TDlI?= =?utf-8?B?QVhXdm1aNmxwN29wa0lZWkR4cVdQUGY2VC9QQUphT3pIQUxkQlc2UDYxZWkz?= =?utf-8?B?NVJnbXlxejBxdzFsTjdyWTFJZTZFR3RTM2FPbkpkOEEwM1luOUYvRkRRaDNm?= =?utf-8?B?Q1NSVGJ5NHU1aGxVZU14eTJ5ZFR0M2dnTXhKZFFML1Bob0owS1ZzalR0a3Iv?= =?utf-8?B?K0JsRnVkZUpCUGpJL2FESkl1OGthQmtKOExVNkN3cFl1T3J2OFhLa0pjOHVj?= =?utf-8?B?Z2JBOFRiUDZIK2JzYTY1RmJlblVqVWs5SVVVLzMzbitua3B6RkdJTzJUa2dX?= =?utf-8?B?ME9sOUR6eG5tYVVzcDNtem9URjl1YllXT3B4NDNxR1g0c3V0TzRZU0xaMlJk?= =?utf-8?B?TGVoUVI0QXcrMmw4N01maVhONWlpQi9vNDhWWmFLaFFBVVRIeWZmc0Q3VXpj?= =?utf-8?B?cjF0WlhnUnJJb1UzOEZmbzhFV3podW1NbjJBVFcrYk5rQk9jc0FibElJWmdS?= =?utf-8?B?SXg5Q016M3FFeFowUTcxb3d0OFBCMnk5eExxYUpYK0xHYmtiazVFUVp5b1ZY?= =?utf-8?B?YmNZSW80L3Y5RDF3NldUK29SSzNJaU5Pb0RuT0wySWltRXE2VlgrTzlrZHZ6?= =?utf-8?B?eGhqYjdHOEdDK0tqU3JzRDR2QmFqTWFjZDY5RDJya2MycGZ1RXRVdWxhb3NH?= =?utf-8?B?NENNb0k5cXMvdnBDQU9xOE1KUWtlMmhOUWpZSzYwb2lhRE5kMHhNS3JLMVJD?= =?utf-8?B?WndVdUp0OWxQZ0g2ZVA4R0UyRFVRMXcxTXVTNUZvYkw2UmlvT1B3UXI3SkNj?= =?utf-8?B?REpMcy83N2Q3NjdTL1J4UzR2eS9hN0EvYStBZ2UyUEkxM0RRQUkrNVFjU2kv?= =?utf-8?B?Y2xLcWVySnlyK0dFdmxVS1JaZ2pvSUJjUkV6T2tLS3VpNisrdXB5b2lTc3Yr?= =?utf-8?B?N3pnTVpnVC85NzIxaUE5MzdEWWM5NFFmTVpLYzEwSGsrNGQ0RzZqU1U2MThX?= =?utf-8?B?TUpoU1NDb3BlNUt6b3pFS2FnOWNsQW9JbndqcUVnTXU4VDh4c2VsZ0xhMzcx?= =?utf-8?B?djNHaG5MNjIxMTRXUDF3djZsSlRDVTk1OGRIcXVFWExSSngwYUxFc3hSMWVx?= =?utf-8?B?VENGSElCajZ0TzEvcUhWK0FGV0tMYVFVdkZacEk0ck0rek9rcTJHdjFLRjhz?= =?utf-8?B?bzRzVzRMQnpUWFNGZG04cmd4MUNQcXJmZXNTNkNBQ0V0ZXRuSUdsSjV1cFJG?= =?utf-8?B?cWVCRkMvNDFYNFNLVkhCdUt4Q0R5cks2V3o4UUNFWVE5Q0ZQaW1TMzBLcHpV?= =?utf-8?B?UFJGMEJjazdKd29uV0lOeEQ2aXUrTExWdzc3MGN6UHRZS0toYlpPZHVYb0hF?= =?utf-8?B?MUdlRmtocTYrQWRwS2luajQrUGo1TkVXUWNnREJSNGpRckJuOEhYanFVU0lG?= =?utf-8?B?K2l2bTVOK1VFdmNzTFhuRWhrbnptZVhlTnoydElGYjVheWwxbHZlTGtWQzZV?= =?utf-8?B?d3J3cmtOdWl3RXB1NTlDSGVwMFZBV2RhUFo0dmsyekJuUTJjWHhCOFZ3U3lC?= =?utf-8?B?R0lLdDlmQWVERFdCSW52TkdMYi9XNSsrcDdCS2Q2WXdXVFUwb2xJNVdVVVZt?= =?utf-8?B?OEsxeHZkUjI4Y0o2cVpGQT09?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM7PR02MB5765CC7A3E0335C0A7828E50CF939AM7PR02MB5765eurp_"
MIME-Version: 1.0
X-OriginatorOrg: meinberg-usa.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM7PR02MB5765.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 5243ac52-8a43-4cee-16f1-08d8e2508f12
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Mar 2021 16:38:09.7806 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d59904cd-769f-4368-8bd0-f5f435893a38
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: b6OeKoNfIwLkInsi5hxqoCiRUD/6iS21dsqsCh6xR7I3sc1KiLYt1YB9JLO3iDIbIPKIGzqxTFdzFW7Eu0u9cL0FizFnIqmt70NzUQktI5Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM6PR02MB3925
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/lVFZflcpI2L-lZR-CcOxWMuNhls>
Subject: Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2021 16:38:18 -0000

Most PTP Grandmasters are also NTP servers.  So we should think about how to efficiently implement such time servers, not PTP Grandmasters and NTP servers separately.

Doug

From: ntp <ntp-bounces@ietf.org> on behalf of Heiko Gerstung <heiko.gerstung=40meinberg.de@dmarc.ietf.org>
Date: Monday, March 8, 2021 at 11:32 AM
To: Dieter Sibold <dsibold.ietf@gmail.com>, Miroslav Lichvar <mlichvar@redhat.com>
Cc: Watson Ladd <watsonbladd@gmail.com>, NTP WG <ntp@ietf.org>, Langer, Martin <mart.langer@ostfalia.de>
Subject: Re: [Ntp] Comments on draft-langer-ntp-nts-for-ptp
Am 08.03.21, 13:13 schrieb "Dieter Sibold" <dsibold.ietf@gmail.com>:



>    On 8 Mar 2021, at 12:14, Miroslav Lichvar wrote:
>
>   > On Mon, Mar 08, 2021 at 11:43:29AM +0100, Heiko Gerstung wrote:
>    >> As far as I can see, up until this point the mechanism can be very
>    >> similar to NTS4NTP. We most probably need a different cookie format,
>    >> but the rest should be OK. Once we did 1 + 2, the unicast master will
>    >> start the PTP packet transmission to the authenticated (via the
>    >> cookie) PTP client. The client will also start sending Delay Req
>    >> packets and requires the GM to respond with unicast delay responses.
>    >>
>    >> During this packet transmission phase I propose to use the S2C to
>    >> secure the packets from the GM to the client (ANNOUNCE, SYNC,
>    >> DELAY_RESP) and the C2S key to secure the packets from the NTS/PTP
>    >> client to the GM (i.e. DELAY_REQ).
>    >
>    > I don't think it makes sense to use NTS cookies in PTP, even if you
>    > limit the NTS support to the unicast mode. The main point of the
>    > cookies is to avoid having client-specific state on the server. That's
>    > not possible in PTP as announce and sync messages are not responses to
>    > requests. They are sent at their own interval, which can be different
>    > from the delay request interval.
>    >
>    > In PTP there has to be some client-specific state and the clients need
>    > to be authenticated. Very different from NTS-for-NTP.

>    I agree with Miroslav. There is already state information defined in the
>    IEEE 1588-2019 version in the context of the Authentication TLV. It
>    should be possible to use them also for this purpose. This would make
>    things easier compared to offload state information via cookies to the
>    slaves and would minimize computational for the master.

A PTP unicast master can respond to 128 delay req/s and send 128 sync packets per second to each slave, we are talking quite powerful machines here and I do not think we have to store state information in the cookie.

A client - just like with NTS4NTP - uses the cookies it gets from the NTS-KE server to authenticate itself vs the unicast GM. The cookies basically provide proof that the client successfully communicated with the NTS-KE and correctly ran phase 1. We would need a little bit of extra state information that needs to be stored on the unicast GM (which already stores state information for every client that successfully requested a unicast transmission).

My biggest point here is this: yes, it would be possible to design a more lean and more efficient protocol for PTP because PTP already requires some state information being stored on the server. But I believe that this would only save an insignificant number of bytes and CPU cycles on the GM and also on the unicast PTP client. As a benefit, we would get something that is close to how NTS4NTP works, allowing simpler implementation (the NTS-KE part is almost identical and an NTS-KE server would only require some minor modifications to work with unicast PTP clients) and a much faster adoption by the PTP hardware vendors.

Regards,
   Heiko



 >  >
 >   > --
 >   > Miroslav Lichvar
 >   >
 >   > _______________________________________________
 >   > ntp mailing list
 >   > ntp@ietf.org
 >   > https://www.ietf.org/mailman/listinfo/ntp


--
Heiko Gerstung
Managing Director

MEINBERG® Funkuhren GmbH & Co. KG
Lange Wand 9
D-31812 Bad Pyrmont, Germany
Phone: +49 (0)5281 9309-404
Fax: +49 (0)5281 9309-9404

Amtsgericht Hannover 17HRA 100322
Geschäftsführer/Management: Günter Meinberg, Werner Meinberg, Andre Hartmann, Heiko Gerstung

Email:
heiko.gerstung@meinberg.de
Web:
Deutsch https://www.meinberg.de
English https://www.meinbergglobal.com

Do not miss our Time Synchronization Blog:
https://blog.meinbergglobal.com

Connect via LinkedIn:
https://www.linkedin.com/in/heikogerstung