Re: [ntp:questions] Blocked from following the tweets of @NTP ... ?
On 28/06/2014 16:52, David Taylor wrote: Could anyone please explain why I have been blocked from following the tweets of @NTP? Well, I don't know if someone did something, but it appears to be OK now. Thanks! -- Cheers, David Web: http://www.satsignal.eu ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] Thoughts on KOD
Folks, I was chatting with PHK about: http://support.ntp.org/bin/view/Dev/NtpProtocolResponseMatrix http://bugs.ntp.org/show_bug.cgi?id=2367 and how we probably want to extend KOD coverage to more than just the limited case. I was assuming folks would want finer-grained control over this behavior, and thought about being able to choose any of kod-limited, kod-noserve, and kod-query. PHK suggested that we consider going the other way - KOD would mean Send KODs whenever appropriate. I wonder what the costs/benefits will be when weighing the extra complexity of multiple choices against when the defaults change and we get new behavior that we can't tune, that costs us in X and Y. This gets a bit more complicated when taking into consideration: - we'll get more traffic from a NAT gateway - - do we need to be able to configure a threshhold for this case? - we should pay attention to how a client, whom we find to be abusive, reacts to: - - getting no response - - getting a KOD response and adapt accordingly. Discussion appreciated. -- Harlan Stenn st...@ntp.org http://networktimefoundation.org - be a member! ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Thoughts on KOD
Harlan, On 07/05/2014 11:40 PM, Harlan Stenn wrote: Folks, I was chatting with PHK about: http://support.ntp.org/bin/view/Dev/NtpProtocolResponseMatrix http://bugs.ntp.org/show_bug.cgi?id=2367 and how we probably want to extend KOD coverage to more than just the limited case. I was assuming folks would want finer-grained control over this behavior, and thought about being able to choose any of kod-limited, kod-noserve, and kod-query. PHK suggested that we consider going the other way - KOD would mean Send KODs whenever appropriate. I wonder what the costs/benefits will be when weighing the extra complexity of multiple choices against when the defaults change and we get new behavior that we can't tune, that costs us in X and Y. This gets a bit more complicated when taking into consideration: - we'll get more traffic from a NAT gateway - - do we need to be able to configure a threshhold for this case? - we should pay attention to how a client, whom we find to be abusive, reacts to: - - getting no response - - getting a KOD response and adapt accordingly. Discussion appreciated. There is also the aspect when KOD does not bite. We have seen that. Like other forms of defenses, inserting drop rules into firewall rules for the offending node is an alternative to consider. KOD only bites for nodes which follows the protocol, but somehow is offending in their configuration. More offensive configuration or packet generation will render KOD relatively useless. Thus, there might be a limit on how much effort should be going into perfecting KOD-generation when maybe raising the bar even further is needed. Then, we should also consider how KOD and drop-rule triggering can be used to trigger denial of service, and how to potentially protect against them. Sorry for muddling your water even more. Cheers, Magnus ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
[ntp:questions] Embedded solutions
Hi folks, Has anyone here managed to turn a relatively cheap, ARM-based embedded system with a serial port into a decent stratum 1 NTP server? Thus far I've always attached my GPS and radio time signal receivers to much larger x86 hardware platforms, but those machines have other things to do and make the NTP server less stable than it can be. However, if I were to use dedicated hardware for the NTP server, I'd rather it power- efficient and as cheap as possible. I've looked at the BeagleBone Black (with an RS232 Cape) and the Wandboard (both ARM platforms), but have not had any success with them. There are stories stories of people who have done it with Soekris hardware (x86), but that's much more expensive. Thanks, Jaap ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Thoughts on KOD
Magnus,
Yes, we know that if we decide to track finely-grained behavior we'll
need to watch how {IP,port} responds when getting {no,KOD} responses.
We might just want a syslog entry for KOD, because it's clear that there
can come a time when we don't want to rely on the remote side doing
anything.
Unless there is a better solution. I like the syslog idea because we
can tag it and let other mechanisms decide what to do with that raw
information.
H
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Thoughts on KOD
Harlan,
On 07/06/2014 02:18 AM, Harlan Stenn wrote:
Magnus,
Yes, we know that if we decide to track finely-grained behavior we'll
need to watch how {IP,port} responds when getting {no,KOD} responses.
Just want to gently remind you.
We might just want a syslog entry for KOD, because it's clear that there
can come a time when we don't want to rely on the remote side doing
anything.
Unless there is a better solution. I like the syslog idea because we
can tag it and let other mechanisms decide what to do with that raw
information.
For that purpose it may be good to allow for a separate log for sent KOD
messages, besides properly log to syslog. A script or program can then
monitor it for updates and insert rules, without having to filter the
syslog.
Cheers,
Magnus
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions
Re: [ntp:questions] Embedded solutions
On Sat, Jul 5, 2014 at 7:37 PM, Jaap Winius jwin...@umrk.nl wrote: Has anyone here managed to turn a relatively cheap, ARM-based embedded system with a serial port into a decent stratum 1 NTP server? Yes (Google NTP Beaglebone or NTP Raspberry Pi I have both) although since that almost certainly means GPS derived time you typically use a PPS signal to get acceptable jitter.The JL Fury NMEA stream will do 10s of microseconds of offset and jitter but I don't believe that's common, certainly not in any of the other NMEA sources I used. Another low cost/low power approach is a Laureline appliance but they don't run NTP -- they simply respond to time queries with GPS derived responses. ___ questions mailing list questions@lists.ntp.org http://lists.ntp.org/listinfo/questions
