[Ntp] Antw: [EXT] Pool and DNS
Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de> Wed, 19 October 2022 09:59 UTC
Return-Path: <Ulrich.Windl@rz.uni-regensburg.de>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A91A1C152565 for <ntp@ietfa.amsl.com>; Wed, 19 Oct 2022 02:59:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hPuUcGmbD_rY for <ntp@ietfa.amsl.com>; Wed, 19 Oct 2022 02:58:58 -0700 (PDT)
Received: from mx1.uni-regensburg.de (mx1.uni-regensburg.de [IPv6:2001:638:a05:137:165:0:3:bdf7]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9F7DBC1524D1 for <ntp@ietf.org>; Wed, 19 Oct 2022 02:58:58 -0700 (PDT)
Received: from mx1.uni-regensburg.de (localhost [127.0.0.1]) by localhost (Postfix) with SMTP id A2954600004D for <ntp@ietf.org>; Wed, 19 Oct 2022 11:58:53 +0200 (CEST)
Received: from gwsmtp.uni-regensburg.de (gwsmtp1.uni-regensburg.de [132.199.5.51]) by mx1.uni-regensburg.de (Postfix) with ESMTP id 8F72F6000052 for <ntp@ietf.org>; Wed, 19 Oct 2022 11:58:52 +0200 (CEST)
Received: from uni-regensburg-smtp1-MTA by gwsmtp.uni-regensburg.de with Novell_GroupWise; Wed, 19 Oct 2022 11:58:53 +0200
Message-Id: <634FCA5A020000A10004EB98@gwsmtp.uni-regensburg.de>
X-Mailer: Novell GroupWise Internet Agent 18.4.1
Date: Wed, 19 Oct 2022 11:58:50 +0200
From: Ulrich Windl <Ulrich.Windl@rz.uni-regensburg.de>
To: neta.r.schiff@gmail.com, halmurray@sonic.net
Cc: "ntp@ietf.org" <ntp@ietf.org>
References: <20221019044237.8DE2C28C1DB@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
In-Reply-To: <20221019044237.8DE2C28C1DB@107-137-68-211.lightspeed.sntcca.sbcglobal.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 8bit
Content-Disposition: inline
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/wf5wsMNeoT6jCCY1qL5tnVKdf4g>
Subject: [Ntp] Antw: [EXT] Pool and DNS
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Network Time Protocol <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Oct 2022 09:59:02 -0000
>>> Hal Murray <halmurray@sonic.net> schrieb am 19.10.2022 um 06:42 in Nachricht <20221019044237.8DE2C28C1DB@107-137-68-211.lightspeed.sntcca.sbcglobal.net>: >> Around 250 DNS queries are required by Khronos to obtain a pool of 1000 NTP >> servers, which is equal to the number of queries performed by NTPv4 in a >> duration of 10 days (assuming a query per hour). > > Where did that "a query per hour" come from? Good question: maxpoll default is still 10, and on typical servers a higher number like 12 makes little sense. > > It's not wildly wrong and I don't have a better number. But I worry that > somebody will assume it is a solid data point and use it in some future line > > of reasoning. > > ‑‑‑‑‑‑‑‑ > > My reading is that pool traffic is bimodal. ntpd makes a few DNS requests > on > startup then uses those servers for a long time. sntp makes a DNS request > every time it is run. > > You can see that by watching the traffic on a server in the pool when you > disable it by setting the traffic rate to monitor‑only. The traffic drops By "disabling" you mean removing it from the DNS pool, but keep it running? > abruptly by X%, then slowly decays. "Slowly" is ballpark of 10% per day. X > > is ballpark of 60%. (I didn't get decent data because I only figured out > what > was going on after I had already messed things up. Next time...) > > ‑‑‑‑‑‑‑‑‑‑ > > The main problem with DNS and the pool is that there is currently no clean > way to remove a server from the pool. If you remove it from the pool, the > sntp traffic will vanish since it will get removed from future DNS answers. > But the ntpd traffic will continue to use existing servers as long as ntpd > keeps running and the servers keep responding. Not quite: If the server performs worse than the rest, ntpd wil request another one, dropping the bad one. We are runníng most servers using manycast here, but the mechanism should be similar. > > There is no way to ask if a server is still in the pool. If there was, ntpd > should check every day or week or ... That would add more DNS traffic from > the long running ntpd servers. Khronos would add much more. > > ‑‑‑‑‑‑‑‑‑‑ > > The more interesting question is NTS. The NTS‑KE step is fairly heavyweight, > much more work than a DNS lookup. > > The current parameters are 8 cookies with a lifetime of a day. A day is > 86400 seconds. That means we need to poll each server every 10800 seconds. > With 1000 servers and M=15 (from the draft) that will take a Khronos poll > every (10800/1000)*15 => 162 seconds. If Khronos runs at 10x the poll time of > ntpd, that's not going to work. > > We could gain a factor of 2 or 3 by dropping cookies older than a day. (and > asking for several more to fill up again when we do poll a server) > > Of course, NTS doesn't work with the pool and I don't see how to fix that, > so this is all a wild goose chase. > > > Maybe we should be comparing Khronos with 1 or 2 trusted servers using NTS. > > > ‑‑ > These are my opinions. I hate spam. > > > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp
- [Ntp] Pool and DNS Hal Murray
- [Ntp] Antw: [EXT] Pool and DNS Ulrich Windl
- Re: [Ntp] Pool and DNS Marcus Dansarie
- Re: [Ntp] [EXT] Pool and DNS Neta R S
- Re: [Ntp] [EXT] Pool and DNS David Venhoek
- Re: [Ntp] [EXT] Pool and DNS Neta R S
- Re: [Ntp] Pool and DNS Hal Murray
- [Ntp] Antw: [EXT] Re: Pool and DNS Ulrich Windl
- Re: [Ntp] Pool and DNS Miroslav Lichvar
- Re: [Ntp] Pool and DNS Christer Weinigel
- Re: [Ntp] Pool and DNS Christer Weinigel
- Re: [Ntp] Pool and DNS Miroslav Lichvar
- Re: [Ntp] Pool and DNS Leif Johansson