Hi, Jean, On Thu, 2021-06-10 at 06:54 -0400, Jean St-Laurent via NANOG wrote: > Hi Fernando, > > NTP sounds simple but it could be very complex when you dig deep down > and/or get lost in details. > Here are 2 things to consider: > > 1. NTP clients can query NTP servers by using SRC UDP ports > 1024.
This is indeed the case we're addressing. The NTP spec mandates srt port=123, even for client-to-server cases. > In your case, it sounds like you want to achieve NTP server to NTP > server, but you mention NTP clients behind NAT devices. Nope. We simply recommend to randomize the source port for client-to- server cases. So in the quoted section we make the case that requiring src port=123 clients doesnt really make sense: 1) if the NAT translates the port, the server won-t see src 123 anyway 2) if the NAT doesn't translate the port, you won't be able to ahve multiple NTP clients behind the same firewall. > Can you give us more details on what kind of communication you need > here? From what I understand client to server should work just fine > with any NAT devices. > > Maybe you meant multiple NTP servers behind the same NAT to external > NTP servers Please let me know if what I wrote above clarifies our intent. Thanks! Regards, -- Fernando Gont Director of Information Security EdgeUno, Inc. PGP Fingerprint: DFBD 63E3 B248 AE79 C598 AF23 EBAE DA03 0644 1531
