IETF Logo Mail Archive

Re: [Ntp] NTPv5 and anycasting

Paul Gear <ntp@libertysys.com.au> Wed, 02 December 2020 21:38 UTC

Return-Path: <ntp@libertysys.com.au>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B17243A16E7 for <ntp@ietfa.amsl.com>; Wed, 2 Dec 2020 13:38:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=libertysys.com.au
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lQiKXcJGGzMO for <ntp@ietfa.amsl.com>; Wed, 2 Dec 2020 13:38:05 -0800 (PST)
Received: from mail.libertysys.com.au (2001-44b8-2100-3f00-0000-0000-0000-0019.static.ipv6.internode.on.net [IPv6:2001:44b8:2100:3f00::19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A2C1C3A16F3 for <ntp@ietf.org>; Wed, 2 Dec 2020 13:37:31 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.libertysys.com.au (Postfix) with ESMTP id 603E2180767 for <ntp@ietf.org>; Thu, 3 Dec 2020 07:37:28 +1000 (AEST)
X-Virus-Scanned: Debian amavisd-new at mail2.gear.dyndns.org
Received: from mail.libertysys.com.au ([127.0.0.1]) by localhost (mail.gear.dyndns.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r_-WtRojkqTP for <ntp@ietf.org>; Thu, 3 Dec 2020 07:37:22 +1000 (AEST)
Received: from [IPv6:2001:44b8:2100:3f40:98a3:b4a2:f254:6dd7] (unknown [IPv6:2001:44b8:2100:3f40:98a3:b4a2:f254:6dd7]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail.libertysys.com.au (Postfix) with ESMTPSA id 962ED1801E2 for <ntp@ietf.org>; Thu, 3 Dec 2020 07:37:22 +1000 (AEST)
Authentication-Results: mail.libertysys.com.au; dmarc=fail (p=quarantine dis=none) header.from=libertysys.com.au
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=libertysys.com.au; s=2016; t=1606945042; bh=fyCc03A2Z+JsPbWVeFy/RCkkHuyHdPAapA4bkj95bWc=; h=Subject:To:References:From:Date:In-Reply-To:From; b=Z1ihEplAAbxzWEHJKuRjQBJH3XkSKKL4h72Z1a7A1HGi7XczwKH6UKmbOSbxcmrxR 1aOzm2mZk17nov8CN6a5v8Ph8LyqQI76Lb0paOIqL+wDcNTAg6VlkrXxpW3Z5TEC+8 Me+Bhia7k8JqwGm/9HgdHKKkKmPMvbytd88g4D9M=
To: ntp@ietf.org
References: <F2AD65AD-3403-486E-AEF9-3EF07F88A7FF@redfish-solutions.com> <20201202080839.GO1900232@localhost> <6CAE44A6-41A6-4516-8CD1-217C87C28E47@redfish-solutions.com>
From: Paul Gear <ntp@libertysys.com.au>
Message-ID: <e316ffcf-91e1-1e95-b905-76e63200cba2@libertysys.com.au>
Date: Thu, 03 Dec 2020 07:37:22 +1000
MIME-Version: 1.0
In-Reply-To: <6CAE44A6-41A6-4516-8CD1-217C87C28E47@redfish-solutions.com>
Content-Type: multipart/alternative; boundary="------------6F9CB16064F174A70FA08504"
Content-Language: en-AU
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/uwT9G7vhJEonDrh0e70UsD06o4E>
Subject: Re: [Ntp] NTPv5 and anycasting
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2020 21:38:14 -0000

On 3/12/20 3:48 am, Philip Prindeville wrote:
>> On Dec 2, 2020, at 1:08 AM, Miroslav Lichvar <mlichvar@redhat.com> wrote:
>>
>> On Tue, Dec 01, 2020 at 10:41:01PM -0700, Philip Prindeville wrote:
>>> Sorry if this has been discussed already, but do we want to have a specific prohibition against the use of anycasting with NTPv5?
>>>
>>> I can’t see the point in sending packets non-deterministically to one of possibly many servers with different clock values, RTT’s, etc.
>> There is a section on anycast in the NTP BCP document. It can be
>> useful. I don't see a reason why NTPv5 specifically should prohibit
>> use of anycast. 
>>
>
> What’s the scenario where non-determinism is a good thing?

Hi Philip,

I agree, and I'm curious to hear Miroslav's answer to this as well.

I can think of two scenarios where anycast might be useful, but neither
is really non-deterministic under normal conditions:

 1. Public services where the same well-known IP (or set of IPs) is
    anycast simultaneously from geographically dispersed locations and
    only moves when its prefix is withdrawn from BGP due to maintenance
    or faults.  (Similar to the various DNS services from Cloudflare,
    Google, etc.)  I would argue that the existing DNS-based public pool
    is a better solution than this for most use cases.
 2. A corporate WAN where clients are configured with a single NTP
    server IP, which is anycast from the local branch router.  My
    argument against using anycast here would be that an internal DNS
    pool is simpler and more robust, but I can see some organisations
    wanting to use anycast due to a mix of platform limitations,
    management software, and available skills.

I think RFC8633 section 7 was rather too gentle in its downplaying of
anycast, and would support wording stating that anycast SHOULD not be
used with NTP.  Of course, that's not really within scope of Miroslav's
v5 proposal.

Regards,
Paul

v2.23.0 | Report a Bug | By Email