Re: [Ntp] NTP over PTP

Miroslav Lichvar <mlichvar@redhat.com> Tue, 29 June 2021 06:52 UTC

Return-Path: <mlichvar@redhat.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E2AA3A283F for <ntp@ietfa.amsl.com>; Mon, 28 Jun 2021 23:52:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.296
X-Spam-Level:
X-Spam-Status: No, score=-2.296 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.198, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Js07nlinWsPs for <ntp@ietfa.amsl.com>; Mon, 28 Jun 2021 23:52:21 -0700 (PDT)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0C8A23A283D for <ntp@ietf.org>; Mon, 28 Jun 2021 23:52:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1624949538; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=yCX+dhzNNijexaXPxL1eiK3elW3c/SbJAbyEecf7T0Q=; b=atCzWhMGrCMugxVdAKWo9mER+4jq2K7V6HwdSgV7jsgIynnhyuS1leSRhSlATN3ZfD7Flf MexP/5MsfsMoBC3FEjGkWIWns2ztRX/CMSAy9h5XZLO7z+FhK1nBm59DtqZjr7S4e7fYCq mYdazpvsbKdLpoIatfEJxTrGx990k1o=
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-482-YtZyXrR0OYy8nWDs4KRloA-1; Tue, 29 Jun 2021 02:52:16 -0400
X-MC-Unique: YtZyXrR0OYy8nWDs4KRloA-1
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.12]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 8ACE2100CCC7; Tue, 29 Jun 2021 06:52:14 +0000 (UTC)
Received: from localhost (holly.tpb.lab.eng.brq.redhat.com [10.43.134.11]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1D16A60C5F; Tue, 29 Jun 2021 06:52:12 +0000 (UTC)
Date: Tue, 29 Jun 2021 08:52:11 +0200
From: Miroslav Lichvar <mlichvar@redhat.com>
To: Heiko Gerstung <heiko.gerstung@meinberg.de>
Cc: "ntp@ietf.org" <ntp@ietf.org>
Message-ID: <YNrDGy2M2hpLz9zc@localhost>
References: <YNRtXhduDjU4/0T9@localhost> <36AAC858-BFED-40CE-A7F7-8C49C7E6782C@meinberg.de> <YNnSj8eXSyJ89Hwv@localhost> <D32FAF20-F529-496C-B673-354C0D60A5AF@meinberg.de>
MIME-Version: 1.0
In-Reply-To: <D32FAF20-F529-496C-B673-354C0D60A5AF@meinberg.de>
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=mlichvar@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/wahUUsTsOGDFeZv-tu90QPcgAts>
Subject: Re: [Ntp] NTP over PTP
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Jun 2021 06:52:23 -0000

On Mon, Jun 28, 2021 at 05:02:43PM +0200, Heiko Gerstung wrote:
> > The unicast mode seems to be intended for networks with partial
> > on-path hardware support, where requirements on accuracy are less
> > strict, and I think this might already be better supported by NTP.
> They might be less strict but that does not mean they are worse/equal compared to NTP.

How so?

You said unicast transparent clocks don't really exist. That would be
the only advantage of unicast PTP. Boundary clocks could fully support
hardware-timestamped NTP if someone was actually interested in
implementing that.

Without full on-path support NTP should generally perform better than
PTP as it doesn't assume network has a constant delay.

In the context of the drafts we are discussing here, I think it might
be easier for an existing PTP implementation to add support for
NTP+NTS than add NTS4UPTP.

> > If there is some hardware that can timestamp only fixed-length PTP
> > messages with no TLVs, then that will not work with any form of
> > NTS4UPTP either, right? There has to be some TLV to authenticate the
> > message and the hardware needs to accept that.
> 
> No, that's not correct. The hardware timestamping is only required during phase 3 (packet transmission), which does not require an NTS TLV as it relies completely on the AUTHENTICATION_TLV and the integrated PTP security. See 3.3 of my draft. The NTS TLV is required in phase 2 where client and server only exchange messages to negotiate the transmission, and those are not hw timestamped. 

I don't see how that is relevant to hardware not timestamping PTP
messages with TLVs. If a TLV present in an event message breaks the
timestamping, the hardware is unusable for any security mechanism
discussed here, except the Daniel's idea to protect unauthenticated
PTP by authenticated NTP.

-- 
Miroslav Lichvar