IETF Logo Mail Archive

Re: [TICTOC] operational experience with NTP symmetric mode

Greg Dowd <Greg.Dowd@microsemi.com> Thu, 05 May 2016 17:34 UTC

Return-Path: <Greg.Dowd@microsemi.com>
X-Original-To: tictoc@ietfa.amsl.com
Delivered-To: tictoc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5B0E12D7C7 for <tictoc@ietfa.amsl.com>; Thu, 5 May 2016 10:34:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=mscc365.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gvy7SB4l68xO for <tictoc@ietfa.amsl.com>; Thu, 5 May 2016 10:34:07 -0700 (PDT)
Received: from na01-bn1-obe.outbound.protection.outlook.com (mail-bn1on0657.outbound.protection.outlook.com [IPv6:2a01:111:f400:fc10::657]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C84312D7B4 for <tictoc@ietf.org>; Thu, 5 May 2016 10:34:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mscc365.onmicrosoft.com; s=selector1-microsemi-com; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=6r1nhJjltKMqy8st4nJy1FZahdKcG0PL0O24M4VWN8Q=; b=nozm8fjVkLeiHn4MPdm7+ov+meU1as1xi8mwRgIfVRgAOeSbV9iy+cW+0MO+k/hLcmS4PHZapLrmdxir/ocplVqZui5mp1aNoM5hljgc2kZeth+94ZCEjbTB4sDNIFENuBIT5pkLHaB2cd3CNQUBj6RYAaI/UGnEt2BD/iD2dHs=
Received: from BLUPR02CA037.namprd02.prod.outlook.com (10.160.23.155) by SN1PR0201MB1821.namprd02.prod.outlook.com (10.162.228.29) with Microsoft SMTP Server (TLS) id 15.1.485.9; Thu, 5 May 2016 17:33:50 +0000
Received: from BL2FFO11FD012.protection.gbl (2a01:111:f400:7c09::118) by BLUPR02CA037.outlook.office365.com (2a01:111:e400:8ad::27) with Microsoft SMTP Server (TLS) id 15.1.485.9 via Frontend Transport; Thu, 5 May 2016 17:33:50 +0000
Authentication-Results: spf=none (sender IP is 208.19.100.21) smtp.mailfrom=microsemi.com; ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=microsemi.com;
Received-SPF: None (protection.outlook.com: microsemi.com does not designate permitted sender hosts)
Received: from avsrvexchhts1.microsemi.net (208.19.100.21) by BL2FFO11FD012.mail.protection.outlook.com (10.173.161.18) with Microsoft SMTP Server (TLS) id 15.1.485.4 via Frontend Transport; Thu, 5 May 2016 17:33:49 +0000
Received: from SJSRVEXCHHTS1.microsemi.net (10.241.34.105) by avsrvexchhts1.microsemi.net (10.100.34.105) with Microsoft SMTP Server (TLS) id 14.3.294.0; Thu, 5 May 2016 10:33:22 -0700
Received: from SJSRVEXCHMBX2.microsemi.net ([fe80::6da0:6f9d:d5d1:3d5d]) by sjsrvexchhts1.microsemi.net ([::1]) with mapi id 14.03.0294.000; Thu, 5 May 2016 10:33:22 -0700
From: Greg Dowd <Greg.Dowd@microsemi.com>
To: Sharon Goldberg <goldbe@cs.bu.edu>, NTP Working Group <ntpwg@lists.ntp.org>, "tictoc@ietf.org" <tictoc@ietf.org>
Thread-Topic: [TICTOC] operational experience with NTP symmetric mode
Thread-Index: AQHRpuujtTEDjv4Pik+YQ/oUrED/C5+qmNjA
Date: Thu, 05 May 2016 17:33:21 +0000
Message-ID: <8D2BF679AAC7C346848A489074F9F8BF7EF8490D@sjsrvexchmbx2.microsemi.net>
References: <CAJHGrrQvSkdEdurig6XTWJi5DpGDitcfZeoLK3jj=qkJiiVV4w@mail.gmail.com>
In-Reply-To: <CAJHGrrQvSkdEdurig6XTWJi5DpGDitcfZeoLK3jj=qkJiiVV4w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.241.128.25]
Content-Type: multipart/alternative; boundary="_000_8D2BF679AAC7C346848A489074F9F8BF7EF8490Dsjsrvexchmbx2mi_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:208.19.100.21; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10009020)(2980300002)(428002)(377454003)(199003)(189002)(106466001)(106116001)(53416004)(105586002)(6806005)(92566002)(586003)(19617315012)(19580405001)(2950100001)(1220700001)(6116002)(3846002)(102836003)(5001770100001)(790700001)(50986999)(5003600100002)(2906002)(2171001)(15975445007)(101416001)(55846006)(19300405004)(87936001)(86362001)(512874002)(33656002)(16236675004)(81166005)(5008740100001)(19625215002)(2900100001)(189998001)(5004730100002)(76176999)(2920100001)(54356999)(11100500001)(84326002)(2501003)(5250100002)(8936002)(9686002)(107886002)(16796002)(19580395003); DIR:OUT; SFP:1101; SCL:1; SRVR:SN1PR0201MB1821; H:avsrvexchhts1.microsemi.net; FPR:; SPF:None; MLV:sfv; A:1; MX:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BL2FFO11FD012; 1:4WoE5GIaRTAywIX12+c9u9yZVqG0Ova88sXRfn5o6o2VdvhDHCSw9uDpJXqHIIFP0kUbh3/2yt+k1RhWI7ef1vp3HRL0i4Kg72I49e+YqkgtaOfj7F0Pq1xtwNXSbJBV0B82bcGKYyjoLsle6nYWfbo5neS5WtlI2bpQtm9EpGzL4kWqBxCq0sm84RfFzPYX2MdKYQLs2+NhK9Yjl1I1pRQBgCFA7ilM4oXOk9rK/YC4DneGsKw9+bKYtaCvWmIEdWdbVxyPF3KLv64Mx6iyia1LE15vSzFFucMxdn2SEm3SXAAyxrNMUtIJs3O1b4Qed3fgvTTUwZl9ldSjmQ+XH1GtJgYH287SXmcAcUXPM0BfN1jvr4LsI4l9a6EdYfQ/KXbfiaci25U0v2jwEEju/KNMGlxWl0VfS/bRHxoHl+KSsE6r4md9VAt+KCr26NoAXt6MfrIkThOigLU3KGD/k0x00GB1EZW7acAkGajspiwfTfPaugw4kmXUyhKsjrH1pEj8i8PofhT0NVa5pF6miYbd6bFsH7iIky5M4P+71WI=
X-MS-Office365-Filtering-Correlation-Id: 11cfbcdf-d872-4f46-ea11-08d3750b6b9e
X-Microsoft-Exchange-Diagnostics: 1; SN1PR0201MB1821; 2:aZH5it51ceY0QPi49CcDsRjznikmYm4GOl2l86MsUb61AsrhMGuLl2pcLeROPWi8N+BlUPUGhSsdO9zdtVt2eYqJsQSJ5HcAzaKXHC2fKQubftJoDeZMh66cTt/T48L2ZhqCpk2XnCx8m8JU3JQ+k/2A+Z9GMSOV4P3dAfmr7DIzkihLq8xV/DAJmqSyrQp+; 3:uVpzj5o7tDeS2pTFjYZGav7tHptELQMUF3/a+jrOkr+bgvC8/QPR2kQx2QoWW898wE4F5m9+YbPd5Dj9oeWjxJoQAWm+I9wXWuYpjI/ZcT/tdDBn4d2YtuBJM5ZnuVqz2n+b6Lsre7Y4DJzb1AfHfQmMbsB643UKRB6BwSAupG2CbYcdVKpcNtNz91jeLB5VlJg3YFw/ErtHUXusZboid9B6/cCUOy6tnmwX+umXDPA=; 25:Uz8qnM/73TcojUm+M6osvR5a49iGQHTOkIDAeO+ca/JKJAKeZi0agv/YopPmy0mrtdBvHd3uTo9jng+xfKk+vP7qHd1AsKyUIACQlt1pOlrblaBGOW+BLyWzlgeRw5xUwMEVc5W58fXHU1+RcE/nQL47r8fUMW2OmQ39zTFZ+kXlQrIMpFBtfWMfnBWvvMdU7oTq350KZ9k2fxPdmW1nSQ/ogQRxMcJb6TsslyTcKIQ0y9xLtOyHFgTwn/n9A/dYiGJM0UM+qkBGQKWYprqpYawZrZr56YfdTx1AktSyqdLmyi5wr5Z34W6H+H4Ut75mx22KEiGStu+x6gUKcRkKXguW5mZt21bdrOzbUubZoQwnkeEfwmoUfOGK9v27zefXRmn46uEOjeoVrMraHq7IA61wUx9si4T12ZR5QUVbdx4TU2SyFKy7wiCrD8fWKfha
X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:SN1PR0201MB1821;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR0201MB1821; 20:Uqs60qVL+HbIm11+MS8vyIl/WthIaq0q2P3BtYzLew1Mt/8LDSph9/WcdqHovDYmJVAug0Id6vcbjKtgE9BNdn75Iu8ICFTxfVM1mx0CprBViRfzxsss2N1MPvi84gHAU6690HNoYIMAdAHFQpCK3X8bvIiyyak4jgXp/0Rf/KLzW4pRMe9P5WpmIPMMGISwArQy/SyJbDVWnhV24tDvWUbP3slgwQmbqebf91eP0G0aoaz/+26y8qJ+QRieIJmO1eZx2zO9Gi9fox/bkotjdGtJ/C/LFaBi/keaCkffGAWVKFMEtMNTLJc4ui+n4n8UbT/Jxf2AkBd8wvXRDub7o97llukA8wJMtNCYmofYe4WT5acMpdUfiv6bKIAHnAfYVyrOEYSfSM7j5by7ngJlpwBRmtasu9aZZv8IMGCpa2ZQSGMigPeB0GMNQ2lPxd1ADgrqQ+ZStwRSo9P0CBlfRqn1yYhGJSXH0D9p8eax1M63p+VUS8XhaSXZXKziUNBa
X-Microsoft-Antispam-PRVS: <SN1PR0201MB1821AEB3AA17EAF05E4443D2FC7C0@SN1PR0201MB1821.namprd02.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(9101521098)(601004)(2401047)(13015025)(13023025)(13017025)(13024025)(8121501046)(13018025)(5005006)(3002001)(10201501046); SRVR:SN1PR0201MB1821; BCL:0; PCL:0; RULEID:; SRVR:SN1PR0201MB1821;
X-Microsoft-Exchange-Diagnostics: 1; SN1PR0201MB1821; 4:cex/+9SmTdXYBM8DyNR66evMos2NFH2bqkQIgZhLGy9+GO5kLwc8Fujr5K1i3LvdkB+u3QgQg/a2a0atxPmK7OFzyoNURdn3zAONE7SwgwS0U0UurIxpdpBNCMxHkMgBdVVmEcd7vGoys1qk9bjxPNwNg8yqoQ087ko6a02Fn8hiIgoTPurJDM8y76gZ+cIn5RziYPLPSoIyKUEhdlY6NFqV7m6YX9vZZwzTXbFdDFZrRuF/32g5GVRL8UnnhsDjpBoiSBJLU9toatsMU4eDiuUIY223tz0ZFpfrfV0p0JkvASfM4LMxB87+FKFwMmUMEBqcRMtFiauEkvPiILTlimaJzCOdn7oXDGJEN4FtFCKEJh+Y0TA2iDKo2+oITHXi3a5eTr1QKvCSVbUcHwQ8rVOiQg/51PfBfNLXotFCQWVVKAP1Wy25frrjdvJDuF1RRvVLBKmU8rqhf0HeHKDk8D4xpDNgB77fpBhwQRhCAv0=
X-Forefront-PRVS: 0933E9FD8D
X-Microsoft-Exchange-Diagnostics: 1; SN1PR0201MB1821; 23:EYLhWaRW3puT1GCfGSOSUOgu1y5VhGzlUodne7MjaXGpJpUWHypJ/YD7INQvbm2UMmf21QqClQeqTsQcwop23x1FZVn7eee2TvU1zpkzOCapoxV2yjHSg1wBV8h99vMDpm81a1RRVumd/VJw6fCBb/vB6KpsaF2kZCGmIkm9dy6zeqSksfQ/miKu9m2TM+tF8wuj6sCKqMfI6ftaFiw6jxDxApX0ZYc63Jey4M/PvCp7zRK70Ax+X111LCA0KgWCFc0Akt/3vnvE9Ttmfs8uB2px3rbGZhELLyx3dUYwOkstuhu0v8Sg0GGwF993uRLBZvRswGA24RJkC25f8Eh6dbDaQOGGHOHnkRyHANxTUGgeZBUg+9I75ODz5eQq71+M2wtlDXWaWMVDt7bjaGTly8tQNQa/dManfRtksUWJPqmQPVu37ojsDGG+XSKEfKTtENB38o/+mW8qCfKDiRmfgBS4mV9N6S2yh20voGGJNnmf0BjFtoOkFfTamR0g6pFFMEX/9PTUY2YBF9Am08azRIvGUlKzLrMoe4QRDNNxFAulUPJekqRIsKVWLm77XxubS0Um2PPCpgNnHoZeCQcppmvuMdmppO3P6M3+hFRdwFITm4E74L+30AkdWvUPCBaBVKID3PymyASe+HmcLxj7gRAohK0IzJXiHeYu+EyldoimYCjbcLbCExco5dHOzh/4b1QKRi6aX5SLeBngZf7bMd15vcUFs0Tg/x8r14YmArDLnVbUfCHLcK/x2opNgsV6S25zGop9ouXUNAnkst8l+qpRK6lUsF1kPWfYanptcak/EqEf6ZcgpZDlhMNj1gngVtZ1cfbEE9ocs9oxGSRfAkkLKo0yug93gI0EvVJMSR2gbOZHhZf5XlBcIE37zgNX5FrwzNduvy4ZfGYCUBuGDFBNXJq6nEodIpnpqjddNRd4j8LfakkViIKcxgy0U8nfN9var+IVBIcMe/NT0amv88D39/OdXognwvJyTCPYPXfPPHFA4DeuceBnjc45hBBDqmFUR04tFE/dG+25Sqsj8cjKlmb5c+vYyM63krhnrWuDGx9HYAdRrJKyosmn/K1iHvRAt4BXAW3uVJLjdJZVwSnHYp5F91Mkooxck1eVFYSYZoFZKkXsh2RZz0zcAHk/JZDCi/auNZU6VWZXgKE9A2squ3y+lamfDIrWoO0x/sBa2+OToWXVmXM3DVucpMyzhiOgSMuRTuCYf7ybzRuSXeCg9ZNph/AyL/OH/F5gRkRY3K6570NerlvpvNTW22k16CXQjIjttCSdt22rbUP/rxioLHcpICE3DKPqlU9B5CQ+kn9Xh2vTEM624ukT5OdgSJaH2SCpo5hA6gO93TdeoA==
X-Microsoft-Exchange-Diagnostics: 1; SN1PR0201MB1821; 5:H0IjAoCy4SZvT6JFzo1vh5M9q4RkPSHYrCqN7vvjFzOkd9XNAngJx/JqOWT9JE0VZVfT006A4Y43t9AEnuGs1YCuaqsNijWgOdu4t/3i67HPswHRhPnbMzK8oWQ43foUK3CeX/lLcxY7q3eQ+QrlWg==; 24:iBhKZieTCyGpiNshbasD8hedURp2eqoZRLX0qRQwGDCN2aRP9JbwBoLOTWexAmQq+qxhqxZJF+IUyERpaHtFN+LuIw99XEjMMbmUmJC4mCw=; 7:j5QXzkOUcnyoEXyigStWVwUVxffR6HOqRWAax6QbFxxQXL1BmeI/5LnECHOGppOy+fyRc8Rn3WyDYJtqvJLr1Y8HA2GaJfFVElA8uXRniPHgU2vfquoS/LvI7On+D6BiEwgaoAwS4xUXuVuyDKJBwA0nzxjK/CrDQjCGe1NchL8NqbJ/5mxos0vxlqM5cyvy
SpamDiagnosticOutput: 1:23
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: microsemi.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 May 2016 17:33:49.5358 (UTC)
X-MS-Exchange-CrossTenant-Id: f267a5c8-86d8-4cc9-af71-1fd2c67c8fad
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f267a5c8-86d8-4cc9-af71-1fd2c67c8fad; Ip=[208.19.100.21]; Helo=[avsrvexchhts1.microsemi.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN1PR0201MB1821
Archived-At: <http://mailarchive.ietf.org/arch/msg/tictoc/PeHMHkmTyEU0nOMDpxlnYGoMbNQ>
Subject: Re: [TICTOC] operational experience with NTP symmetric mode
X-BeenThere: tictoc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Timing over IP Connection and Transfer of Clock BOF <tictoc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tictoc>, <mailto:tictoc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tictoc/>
List-Post: <mailto:tictoc@ietf.org>
List-Help: <mailto:tictoc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tictoc>, <mailto:tictoc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2016 17:34:11 -0000

My two main experiences with symmetric packet modes are:

1)      Peer groups.  If you look at various materials on configuration of ntp servers which are intended to operate as a group (e.g., within a campus for scaleability/reliability), you will see recommendations to use the peer association.  Peer association implies the willingness to both provide and consume synchronization.  A prime example of this material is http://www.ntp.org/ntpfaq/NTP-s-config-adv.htm .

2)      Microsoft Windoze ntp clients.  Older clients used a weird symmetric mode packet to indicate an alternative hmac scheme request.

Also, as you are a known security reviewer, I should point out that using the term “symmetric mode” is ambiguous since my first thought is that you were talking about symmetric key hmac.  I would recommend mode 1/mode 2 packets or symmetric assocation packets or something more specific.

….Greg


From: TICTOC [mailto:tictoc-bounces@ietf.org] On Behalf Of Sharon Goldberg
Sent: Thursday, May 05, 2016 9:31 AM
To: NTP Working Group; tictoc@ietf.org
Subject: [TICTOC] operational experience with NTP symmetric mode

EXTERNAL EMAIL
Dear WG,

As part of the NTS effort, I think it would be helpful to understand the importance of symmetric peering mode.

Can folks on this list please share their experience about using symmetric mode?  Do you use it, and if so why (or why not), and if so in what operational environment are you using it?

Thanks,
Sharon

--
Sharon Goldberg
Computer Science, Boston University
http://www.cs.bu.edu/~goldbe

v2.23.0 | Report a Bug | By Email