IETF Logo Mail Archive

Re: [Ntp] Handling synchronization loops

Harlan Stenn <stenn@nwtime.org> Thu, 17 February 2022 06:13 UTC

Return-Path: <stenn@nwtime.org>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D1A0C3A1212 for <ntp@ietfa.amsl.com>; Wed, 16 Feb 2022 22:13:44 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.614
X-Spam-Level:
X-Spam-Status: No, score=-2.614 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, NICE_REPLY_A=-0.714, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id DJmqYpyhSc8L for <ntp@ietfa.amsl.com>; Wed, 16 Feb 2022 22:13:38 -0800 (PST)
Received: from chessie.everett.org (chessie.everett.org [IPv6:2001:470:1:205::234]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6FBAA3A1211 for <ntp@ietf.org>; Wed, 16 Feb 2022 22:13:33 -0800 (PST)
Received: from [10.208.75.149] (071-084-168-128.res.spectrum.com [71.84.168.128]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by chessie.everett.org (Postfix) with ESMTPSA id 4JzkzF17cNzMNTy; Thu, 17 Feb 2022 06:13:29 +0000 (UTC)
Message-ID: <a12db65a-111e-170a-68b0-1d28a0379aca@nwtime.org>
Date: Wed, 16 Feb 2022 22:13:28 -0800
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.1
Content-Language: en-US
To: ntp@ietf.org
References: <Yg0KSjSKAFhnShaO@localhost> <43396701-cadf-15ee-4bb5-0feb04a0337e@pdmconsulting.net>
From: Harlan Stenn <stenn@nwtime.org>
In-Reply-To: <43396701-cadf-15ee-4bb5-0feb04a0337e@pdmconsulting.net>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/uDXA1dkEKkIYVeT93tNBTAyDMLI>
Subject: Re: [Ntp] Handling synchronization loops
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Feb 2022 06:13:45 -0000

On 2/16/2022 2:39 PM, Danny Mayer wrote:
> 
> On 2/16/22 9:29 AM, Miroslav Lichvar wrote:
>> There is a new version of my NTPv5 draft:
>> https://datatracker.ietf.org/doc/draft-mlichvar-ntp-ntpv5/
>>
>> Beside some smaller improvements, it now specifies the Reference IDs
>> Request and Response extension fields using the 4096-bit Bloom filter
>> that was proposed by Daniel in his design.
>>
>> NTPv5 clients should now be able to detect a synchronization loop over
>> any number of servers, even if they are not the best selected source
>> which in NTPv4 set the client's reference ID.
>>
>> However, I'm not sure what should exactly happen when the client
>> detects a loop. As there is a delay in the distribution of the
>> reference IDs, I suspect there is an instability in the selection.
>>
>> Let's say we have 4 NTP clients in a local network configured in a
>> ring for "peering":
>>
>>          +--------+         +--------+
>>          | Host A |---------| Host B |
>>     +--------+         +--------+
>>              |                  |
>>              |                  |
>>          +--------+         +--------+
>>          | Host D |---------| Host C |
>>     +--------+         +--------+
>>
>> Each one is configured to poll some remote servers and two of its
>> local peers. We would like them to reach a stable state in the
>> selection, for example A->B->C->D, or A<-B->C->D.
>>
>> If they are started at the same time, every host will first select
>> only the remote servers as the local servers are not synchronized yet.
>> Then on each link the direction of synchronization is selected
>> randomly depending on the order of their polling. There is no loop on
>> individual links (assuming the 4096-bit filter is not split over
>> multiple messages), but a loop can form over the whole ring, e.g:
>>
>> A->B->C->D->A
>>
>> after three polls they all see that they are in a loop. They unselect
>> the peer:
>>
>> A  B  C  D  A
>>
>> and we are back where we started.
>>
>> I'm not sure if there is a guarantee a stable state will eventually be
>> reached if the polling order happens to be stable. There is also an
>> additional delay when the filter is exchanged in smaller parts. A loop
>> can form even between two hosts.
>>
>> I think we might need to specify for how long should clients wait
>> before selecting a server that was in a loop again. This could be a
>> random number based on their polling interval, stratum, and the number
>> of polls it takes to exchange the whole filter. There could also be a
>> requirement for servers to delay removing reference IDs from their
>> filters.
>>
>> For reference, in NTPv3 loops cannot form, because only sources with
>> lower stratum can be selected. That is too restrictive. In NTPv4 there
>> is a single reference ID, which can detect only loops between two
>> clients and only if one of them selected the other as the "system"
>> peer. Other loops are ignored and synchronization stops only when
>> stratum reaches 16.
>>
>> Any suggestions?
>>
> What is being lost in all this is the fact that a host can respond on 
> multiple interfaces. Thus ReferenceID's *cannot* be IP Addresses as is 
> currently being done. A server *should* create an value that can be part 
> of the packet that is sent out on ALL interfaces regardless of the type 
> of packet. This ID would need to be added to the base packet. This can 
> be a randomly generated ID but needs to be the same for the duration of 
> the server. This can then be used for the referenceID sent in the 
> packet. IP addresses only worked when there was only one interface and 
> IP address. That's no longer a viable solution. If I'm getting ntp 
> packets from a multicast NTP server what Reference ID would you want? It 
> can't be the multicast address.

I get that this is a theoretical problem.

Is it a *real* problem?

I'm not at all worried about the "I have multiple IPs/NICs" issue because:

- in the ~30 years' time I've been actively working with NTP, I have not
   heard of a single case where this has been an issue
- the NTP Project has already submitted a "suggested refid" proposal,
   which will also help with this

If it's clear that this is a REAL problem and not a hypothetical one, we 
can certainly look at this harder.

And given that "longer" loops mean larger stratum differences between 
the beginning and ending nodes in the loop and also increasing root 
distance, I suspect that this really isn't a problem for any "real" 
installation.

> Danny
> 
> _______________________________________________
> ntp mailing list
> ntp@ietf.org
> https://www.ietf.org/mailman/listinfo/ntp
> 

-- 
Harlan Stenn <stenn@nwtime.org>
http://networktimefoundation.org - be a member!

v2.23.0 | Report a Bug | By Email