> running a single instance in a VM for the pool. This feature would be a misfeature in a VM, as MACs and interface ID's are particularly fluid in VMs. And if someone is running ntpd in a VM and want to protect it in depth, they will use the hypervisor's network access control table.
..m On Fri, Mar 31, 2017 at 1:42 PM Gary E. Miller <[email protected]> wrote: > Yo Mark! > > On Fri, 31 Mar 2017 20:06:32 +0000 > Mark Atwood <[email protected]> wrote: > > > I'm inclined to say drop the feature. > > Me too, but only as a me too. Don't blame me! > > > Yes defense in depth is good, but I think it doesn't really count in > > this case. If a network admin is defending their NTP in depth, they > > will do it in (in order), the local kernel table, the local switch, > > the ingress switch, on the ISP side on the other side of the link to > > the ingress switch, and in their ISP's connection to their transit > > providers. > > Now you are thinking big boy toys, a lot of small guys run ntpd. Think > of Hal running a single instance in a VM for the pool. > > But then, Hal would not be using this feature... > > > The feature also feels very "brittle" to me, from an admin POV. How > > many netadmins are going to remember to update the setting when they > > change anything about the local interface topology, or in the local > > hypervisor or container topology. > > Yeah, I've been bitten by that. Especially when Gentoo changed ethernet > intertfaces names a while back. > > > And yes, can someone Not Me ask on the NTP list? > > I just asked on [email protected]. Did not seem like a [email protected] > thing. > > > > RGDS > GARY > --------------------------------------------------------------------------- > Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 > [email protected] Tel:+1 541 382 8588 <(541)%20382-8588> > > Veritas liberabit vos. -- Quid est veritas? > "If you can’t measure it, you can’t improve it." - Lord Kelvin > _______________________________________________ > devel mailing list > [email protected] > http://lists.ntpsec.org/mailman/listinfo/devel -- Mark Atwood http://about.me/markatwood +1-206-604-2198 SMS & Signal
_______________________________________________ devel mailing list [email protected] http://lists.ntpsec.org/mailman/listinfo/devel
