pages you mention on
> https://www.ntp.org/ are no longer functioning.
>
> Like http://lists.ntp.org/ and http://support.ntp.org/.
>
> If anyone knows a way to get this fixed, please help.
>
> Thank you.
>
--
Harlan Stenn
http://networktimefoundation.org - be a member!
bad _everyone_ finds new bugs all the time and we don't
> have the source code to fix it as a community.
> So I suspect significantly better quality software would at least
> initially cost more to produce and it would reduce revenue in loss of
> support.
Yeah, things need to get
kets that would approach the MTU limit, in
some cases.
If a packet is "too big" for some pathway, then are we talking about a
fractional packet loss or are we talking about 100% packet loss (dropped
mid-way due to size)?
> Damian
--
Harlan Stenn
http://networktimefoundation.org - be a member!
mmars said:
> > The secure time transfer of NTS was designed to avoid
> amplification attacks.
Uh, no.
If you understand what's going on from the perspective of both the
client and the server and think about the various cases, I think you'll
see what I mean.
NTS is a task-specific hammer.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
Ragnar,
On 3/28/2020 4:09 PM, Ragnar Sundblad wrote:
>
>> On 28 Mar 2020, at 23:58, Harlan Stenn wrote:
>>
>>> Steven Sommars said:
>>>> The secure time transfer of NTS was designed to avoid
>>>amplification attacks.
>>
>> Uh, no
Ragnar,
On 3/28/2020 4:59 PM, Ragnar Sundblad wrote:
>
>
>> On 29 Mar 2020, at 00:35, Harlan Stenn wrote:
>>
>> Ragnar,
>>
>> On 3/28/2020 4:09 PM, Ragnar Sundblad wrote:
>>>
>>>> On 28 Mar 2020, at 23:58, Harlan Stenn wrote:
>>&
will require increased network
capacity. A cynic could argue that requiring additional internet
bandwidth is a profitable goal, and the drama about requiring that extra
protection is the distraction that normalizes that cost.
H
On 3/28/2020 5:18 PM, Harlan Stenn wrote:
> Ragnar,
>
> On 3
On 3/28/2020 5:35 PM, Ragnar Sundblad wrote:
>
>
>> On 29 Mar 2020, at 01:18, Harlan Stenn wrote:
>>
>> Ragnar,
>>
>> On 3/28/2020 4:59 PM, Ragnar Sundblad wrote:
>>>
>>>
>>>> On 29 Mar 2020, at 00:35, Harlan Stenn wrote:
nse packets affect the
quality of time synchronization, in various network scenarios. Some
have claimed this is clearly noticeable and significant. I'd like to
see the experiments and the data.
NTF is very happy to do this work, incrementally if needed, if we can
get the necessary su
On 3/30/2020 1:27 AM, Saku Ytti wrote:
> On Mon, 30 Mar 2020 at 11:15, Harlan Stenn wrote:
>
>> Please help me understand this.
>>
>> Exactly how bad is it if the query and response packets are of a
>> different size? Does it matter at 4 bytes? 32?
>
t;Send your request again,
but this time pad it to NNN bytes so I can respond with the same sized
packet"?
> Ragnar
--
Harlan Stenn
http://networktimefoundation.org - be a member!
r request again,
but this time pad it to NNN bytes so I can respond with the same sized
packet"?
> Ragnar
--
Harlan Stenn
http://networktimefoundation.org - be a member!
NTP uses UDP for time.
I'm not sure what you're talking about.
H
On 4/17/20 1:32 AM, Ragnar Sundblad wrote:
>
>
>> On 17 Apr 2020, at 01:28, Harlan Stenn wrote:
>>
>> I found this as an unsent draft - I hope I didn't send it before.
>>
&
quire an authenticated request in the first place?
And I just realized this is the NANOG list and not the NTP list, so I'm
happy to stop.
H
--
> Ragnar
>
>> On 17 Apr 2020, at 10:44, Harlan Stenn wrote:
>>
>> NTP uses UDP for time.
>>
>> I'm not sure wha
ail. Please excuse my brevity.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
he universal
way time is measured on Earth – may have to change" They don't even know the
difference between TAI and UTC.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
servers in their data
centers for their tenants (or for the general public)?
--
Harlan Stenn
http://networktimefoundation.org - be a member!
On 5/1/19 2:59 PM, Andreas Ott wrote:
> On Wed, May 01, 2019 at 02:35:58PM -0700, Harlan Stenn wrote:
>> - Why do folks want to have one or more NTP server masters that have at
>> least 1 refclock on them in a data center, instead of having their data
>> center NTP server
k and start serving time, but at least you've
> potentially got known-good time info before you start bringing
> higher-level network protocols up (and can purposely delay until you do,
> if desired) which is potentially impossible if your only source of time
> is the network itself.
Ah, this is the dance with "have enough sources of time"...
--
Harlan Stenn, Network Time Foundation
http://nwtime.org - be a Member!
he firmware.
These problems can be mitigated if you have "enough" time sources for
your internal NTP servers and you peer with enough other, possibly your,
servers.
> Regards,
> Bill Herrin
--
Harlan Stenn
http://networktimefoundation.org - be a member!
their smallest models
>> have decent oscillators (for keeping the ticks accurate between GPS signals).
>>
>> The Meinberg time server products (I am guessing all of them, but I’m not
>> sure) also have a mode where they poll an upstream NTP server aggressively
>> and then steer the oscillator after it. I haven’t used it in production, but
>> it worked a lot better than it sounded like it would. (In other words, even
>> without GPS it’s a better time server than most systems).
>>
>>
>> Ask
--
Harlan Stenn
http://networktimefoundation.org - be a member!
7;s worth. And there are
some good points in there, too.
H
--
> -mel
>
> On May 1, 2019, at 3:48 PM, James R Cutler
> mailto:james.cut...@consultant.com>> wrote:
>
> On Wed, May 01, 2019 at 02:35:58PM -0700, Harlan Stenn wrote:
> - Why do folks want to have one or m
and soliciting new
servers of currently-good quality to replace them.
This goes to "have _enough_ good-quality servers, and monitor your ntpd".
> If your system is Internet-connected. If you run an air gapped network then
> yeah, get your time out of band.
>
> Regards,
> Bill Herrin
>
>
--
Harlan Stenn
http://networktimefoundation.org - be a member!
ff in their own directions.
http://support.ntp.org/bin/view/Support/OrphanMode is the better solution.
If you cannot do that for some reason, please see the "Dual Time
Servers" case at
http://support.ntp.org/bin/view/Support/UndisciplinedLocalClock .
--
Harlan Stenn
http://networktimefoundation.org - be a member!
behaves if it loses the GPS signal.
The consensus issue isn't about the number of satellites the GPS
receiver sees, it's about the number of time sources your NTP servers see.
H
--
> -mel via cell
>
>> On May 1, 2019, at 6:49 PM, Harlan Stenn wrote:
>>
>>
>
On 5/2/2019 9:13 AM, James R Cutler wrote:
>> On May 2, 2019, at 10:59 AM, William Herrin > <mailto:b...@herrin.us>> wrote:
>>
>> On Wed, May 1, 2019 at 7:03 PM Harlan Stenn > <mailto:st...@nwtime.org>> wrote:
>>
>> It's n
On 5/2/2019 7:59 AM, William Herrin wrote:
> On Wed, May 1, 2019 at 7:03 PM Harlan Stenn <mailto:st...@nwtime.org>> wrote:
>
> It's not clear to me that there's anything *wrong* with using the pool,
> especially if you're using our 'pool'
nl? Is that legit? I don't know what
>> it was before because I've never looked, but that seems off.
>>
>>
>
> nevermind, I'm tired and confused ntpd.org with ntp.org. Just going to
> wildcard *.ntpd.org to 127.0.0.1 and go back to sleep.
I did think about r
On 12/31/2019 7:21 AM, Seth Mattinen wrote:
> On 12/31/19 1:32 AM, Harlan Stenn wrote:
>> On 12/30/2019 8:32 PM, Seth Mattinen wrote:
>>> On 12/30/19 8:22 PM, Seth Mattinen wrote:
>>>> Is anyone from ntpd.org on here? You're pointing DNS at me for some
>>
to get NTP from the servers you run
> using authentication.
Yes, and properly monitor your ntpd instances.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
er. This trick only works for IPv4.
And we have a fix for all of this that will be out soon.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
Harlan Stenn writes:
> Sharon Goldberg writes:
> > Well, if you really want to learn about the NTP servers a target is using
> > you can always just sent them a regular NTP timing query (mode 3) and just
> > read off the IP address in the reference ID field of the response
ard libraries.
>
> Hopefully they'll decide in 2023 finally to get rid of leap seconds
> from UTC. Then GPS_TIME, TAI and UTC are all same with different
> static offset.
How about you run your systems on TAI or satellite time?
--
Harlan Stenn
http://networktimefoundation.org - be a member!
out to happen. Mostly "security" bugs
that folks will not see, if they're being at all responsible.
Eric, you are loved and appreciated, and respected and admired.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
lots more if we had a useful budget.
Folks pay money for DNS registrations. There's no revenue stream around
"time".
Help us get enough support to NTF, and we'll have the staff and
infrastructure to do more for folks.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
other (non Google) leap-smearing NTP implementations?
The NTP Project has had a leap-smear implementation for a while.
We also have a proposal for a REFID that indicates the provided time is
a leap-smear time, and Network Time Foundation is working on a new
timestamp format and API that will easily allow time exchange between
systems using different timescales.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
On 12/22/16 4:11 PM, Ask Bjørn Hansen wrote:
>> On Dec 20, 2016, at 8:02 PM, Harlan Stenn
>> wrote:
>>
>>> On 12/20/16 7:27 PM, Laurent Dumont wrote: To be honest, the fact
>>> that NTP is still something managed by volunteers and not a
>>> regul
On 12/22/16 5:25 PM, Royce Williams wrote:
> On Thu, Dec 22, 2016 at 4:05 PM, Harlan Stenn wrote:
>
>> This sort of misconfiguration will happen and the NTP Pool Project
>> clearly isn't the place to solve this problem overall. It *is*
>> something NTF is in a pos
'd like them to change the information.
> Is there the person knowing the contact information to ntp.org?
I don't recall seeing the emails you sent to webmaster, but we do have a
new group of folks watching the Servers web. We would be happy to work
with you to give you access to those entr
ime? Even the national labs aren't -- UTC is
> figured well after the fact.
>
> In the United States that would the United States Naval Observatory
> (USNO) Master Clock (http://tycho.usno.navy.mil/). You can read
> more about it here:
> http://motherboard.vice.com/read/demetrios-matsakis-and-the-master-clock
>
> allan
>
>
--
Harlan Stenn
http://networktimefoundation.org - be a member!
enough boxes, you should have an easy time seeing what
happens on boxes where you have an easier time watching ntpd's drift
value than you have watching a nearby dedicated temperature sensor.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
Kate Gerry writes:
> Just add these to your ntp.conf configuration then restart the service: (Wo=
> rks with all default installations that I've found)
>
> restrict default kod nomodify notrap nopeer noquery
> restrict -6 default kod nomodify notrap nopeer noquery
KOD only works with "limited" in
If somebody has contacts at Juniper who is involved in this, I'd like to
get their contact information.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
Folks,
I just posted http://nwtime.org/ntp-winter-2013-network-drdos-attacks/ .
In general we've never allowed comments to blog posts on that site;
we're currently discussing if we should allow them for this post.
I'd love to hear any feedback about the post.
Thanks...
--
Har
"Dobbins, Roland" writes:
> Operators are using this size-based filtering to effect without
> breaking the world.
As a reality check, with this filtering in place does "ntptrace" still
work?
H
Brett Glass writes:
> At 12:19 PM 7/15/2014, Barry Shein wrote:
>
> >There exists a low and high (practical) bandwidth range within which
> >it simply doesn't make any difference to a given business model.
>
> Very true. And there's another factor to consider.
>
> Estimates of the maximum bandwi
Greg Walden (R-OR) is similarly funded by the cable and telecom folks,
and is also loud and clear that he thinks we should forget about net
neutrality and let the companies do what is best.
H
hing others must have solved, and I'm hoping some
folks on this list might be able to offer me some pointers.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
On 9/28/15 11:08 PM, Mark Andrews wrote:
> In message <560a13e6.7060...@nwtime.org>, Harlan Stenn writes:
>> I'm looking for some general "calendar" help to use for our security
>> release scheduling process. Something that usefully accounts for
>> clie
d on input from your constituents. Do your best. That is all
> your can do.
>
> Barry
>
> PS - Let me know if you need help writing the disclosure policy.
>
>
>
--
Harlan Stenn
http://networktimefoundation.org - be a member!
On 11/16/15 4:55 PM, Jared Mauch wrote:
> This action by red hat is nice from a stability perspective but
> infuriates many standards derived folks like ISC/BIND and NTP amongst
> others as a version number means something to them.
>
> This dialogue is typically broken from both sides as expecta
> but adds enormous value and
> serves as a forcing function for some level of review, cursory though
> it may be.
I think so too.
Hey everybody, please support Network Time. Spread the word. OK, I said it.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
Rob Seastrom writes:
> New subject so as to minimize threadjacking, not the least because
> this is important stuff.
>
> Harlan Stenn writes:
>
>>> Releng is hard and thankless but adds enormous value and
>>> serves as a forcing function for some level of rev
Just to ask, what is the expected effect on DDoS attacks if folks
implemented BCP38?
How does the cost of implementing BCP38 compare to the cost of other
solution attempts?
H
ss in the kernel, described over 20
years ago
- use the posix-right timezone files
- help Network Time Foundation get the General Timestamp API implemented
and deployed, which will let folks use whatever timescale they want.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
Bad idea.
When restarting ntpd your clocks will likely be off by a second, which
will cause a backward step, which will force the problem you claim to be
avoiding.
There are plenty of ways to solve this problem, and you just get to
choose what you want to risk/pay.
--
Harlan Stenn
http
Baldur Norddahl writes:
> On 19 June 2015 at 23:58, Harlan Stenn wrote:
>
> > Bad idea.
> >
> > When restarting ntpd your clocks will likely be off by a second, which
> > will cause a backward step, which will force the problem you claim to be
> > avoidi
and for the number of product lines that use
it, they could certainly do better. I know they were current when I did
the port for the MDS switch line, years ago.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
shawn wilson writes:
> ... I mean letting computers figure out slower earth rotation on the
> fly would seem more accurate than leap seconds anyway. And then all of
> us who do earthly things and would like simpler libraries could live
> in peace.
Really? Have you looked in to those calculations,
Tony Finch writes:
> Harlan Stenn wrote:
>
> > It's a problem with POSIX, not UTC.
> >
> > UTC is monotonic.
>
> The problems are that UTC is unpredictable, and it breaks the standard
> labelling of points in time that was used for hundreds (arguably
> t
Doug Barton writes:
> This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
> On 6/19/15 2:58 PM, Harlan Stenn wrote:
>> Bad idea.
>>
>> When restarting ntpd your clocks will likely be off by a second,
>> which will cause a backward step, which will force
This stuff can make my head explode.
When a leap second is added, like on 30 June 2015 at the last second of
the day, POSIX insists that the day still have 86400 seconds in it.
This makes the day longer by one second, so time has to either slow down
or move backwards.
The "dumb" way to do this is
Alex Hardie writes:
> Not to inject more confusion - but GPS and NTP are noted in the
> thread... but not PTP (IEEE1588)?
I don't belive PTP generally uses UTC as a timescale.
H
shawn wilson writes:
> On Jun 23, 2015 6:26 AM, "Nick Hilliard" wrote:
> >
>
> >
> > Blocking NTP at the NTP edge will probably work fine for most situations.
> > Bear in mind that your NTP edge is not necessarily the same as your
> network
> > edge. E.g. you might have internal GPS / radio sour
Matthew Huff writes:
> A backward step is a known issue and something that people are more
> comfortable dealing with as it can happen on any machine with a noisy
> clock crystal.
A clock crystal has to be REALLY bad for ntpd to need to step the clock.
> Having 61 seconds in a minute or 86401 sec
Joe writes:
> A leap sec causing issues. For about 40 years now, there have been
> these leap seconds to no real issue. All of these are "go-forwards"
No, they're all "go-backwards" events. That's no big deal to things
that don't care about monotonic time, or to folks who aren't in
violation of s
Mikael Abrahamsson writes:
> This is similar to the jiffycounter wrapping, since this doesn't happen
> that often, it's not commonly tested for. Good way is to start the jiffy
> counter so it wraps after 10 minutes of uptime. That way you'll run into
> any bugs quickly. Either we should abolish
on for
> possible leap second issues and other possible clock-related issues
> such as clock stepping, DST, and Year 2038 in their standard smoke
> tests
Yes. And even so, testing these things takes time and equipment.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
Mike Hammett writes:
> It looks to have only affected the CCR line and only those running the
> NTP and not the SNTP package.
Any idea what version of NTP or what their configuration looked like?
H
Resending...
On 7/10/15 12:29 PM, Harlan Stenn wrote:
> I'm trying to build a list of the versions of NTP that are in active use
> on various active pieces of network gear.
>
> I know that Cisco, for example, uses NTP in around 10 different product
> lines, but I don't
; precision=-18, rootdelay=0.000, rootdispersion=656381.655, peer=0,
> refid=INIT, reftime=. Thu, Feb 7 2036 1:28:16.000,
> poll=4, clock=d94c5a40.fa58e5f0 Sat, Jul 11 2015 23:15:12.977, state=0,
> offset=0.000, frequency=0.000, jitter=0.004, stability=0.000
>
>
H
--
On 7/11/15 8:21 PM, Dovid Bender wrote:
> You would need to ask Juniper that
>
>
> On Sat, Jul 11, 2015 at 11:17 PM, Harlan Stenn wrote:
>
>> Dovid,
>>
>> Thanks, and I'm kinda stunned that folks are running such ancient
>> versions of NTP.
Harlan Stenn writes:
> We will. But we're going to be asking them for support for network
> time. Folks like you are probably paying them for support. They'll
> listen more to people like you.
>
> This goes to *all* vendors who embed NTP in their products, we're
r more profitable to offer maintenance support on older software
releases for much longer periods of time. But I must be missing
something here as well, as I was never able to make headway with this
idea when I was at Cisco.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
signature.asc
Description: OpenPGP digital signature
don't know anywhere near enough about
it, so I leave the knobs alone.
--
Harlan Stenn
http://networktimefoundation.org - be a member!
L3?
Tom
--
Harlan Stenn
https://www.nwtime.org/ - be a member!
76 matches
Mail list logo
