[ntp:questions] NTPD concurrent clients limit

Phil phil at xxxxxxxxx.xxx
Thu Jul 31 21:06:47 UTC 2008

David, Thank you.
I'll explore it further when I get some time. After learning of this "kod" 
packet and since these servers vend time to my applications, I would prefer 
or need the correct time (no kod) even if something went haywire banging the 
fool out of a server. To me, no time is better than wrong time. An 
"excessive use" type of problem should be easily seen from the increased 

I understand why you implemented "kod" and other safeguards. I have read 
articles about ntp abuse like that series of cheap routers that had an ip 
embedded in the firmware that was banging I believe the ucar.edu ntp 
servers. Seems like you may have been involved in helping isolate that 
problem. Considering how adaptive the ntpd software has to be, I'm sure it's 
a delicate balancing act to make it serve the whole of the time community.


"David L. Mills" <mills at udel.edu> wrote in message 
news:g6t5g2$o9$1 at scrotar.nss.udel.edu...
> Phil,
> In the clash of titans one of your questions about whether a canned 
> version of the rate management stuff exists. There are quite a number of 
> products using the reference implementation in one form or another, but 
> not usually a later version. I know that Meinberg even has Autokey in 
> their product, for example. But, I wouldn't count on any product to 
> support anything beyond the NTPv4 specification, and that doesn't require 
> the particulare schemes in the reference version. Another implementation 
> might do it differently.
> Dave
> Phil wrote:
>> The replies around here sure separate the professionals like David Mills 
>> and Steve Kostecke from the seemingly arrogant ones like Unruh.
>> Considering my use of timing is rather critical to my applications I 
>> don't even depend on the "pool" servers for time. I use my own 
>> Symmetricom gps disciplined ntp servers, my own Datum/Symmetricom gps 
>> disciplined rubidium standards for 1PPP and 10 MHz all using 
>> HP/Symmetricom gps antennas and gps splitters. Sorry, I only have some 
>> ten GPS based time receivers.
>> Unruh said "If it is in hardware only it may be some hack
>> written by someone whose knowledge of ntp was gained in kindergarten 
>> class."
>> I guess that depends on what you think of the Symmetricom designers, 
>> engineers, and programmers. I also run the latest release of ntpd 
>> software on several HP/Compaq Servers.
>> I'm certain I'm a small fish time user, but I feel with this investment I 
>> have graduated a little past the sundial and perhaps even a little above 
>> the average time user.
>> Phil Harwood
>> "Unruh" <unruh-spam at physics.ubc.ca> wrote in message 
>> news:pUlkk.2876$%b7.390 at edtnps82...
>>>"David L. Mills" <mills at udel.edu> writes:
>>>>See the limit and kod restrict options in the Access Control Options
>>>>page in the current web documentation.
>>>Since the current web documentation refers to the current version of ntp,
>>>and since the OP has never told us what version of ntpd he is running or
>>>even if it is  ntpd he is running, that may not be helpful.
>>>In fact he may not know. If it is in hardware only it may be some hack
>>>written by someone whose knowledge of ntp was gained in kindergarten 
>>>>Phil wrote:
>>>>>Can the kiss-o'-death packet be disabled ?
>>>>>Is this packet also implemented in a "canned" or hardware only ntp 
>>>>>Phil Harwood
>>>>>>>j. wrote:
>>>>>>>>Hi all,
>>>>>>>>I'm testing an embedded linux device, which implement an NTP server,
>>>>>>>>based on the ntpd demon.
>>>>>>>>It looks like ntpd accepts only a limited number of requests from a
>>>>>>>>test clientIi've set up.
>>>>>>>>Do you know if there's such limit or what's the logic behind it?
>>>>>>>>Maybe ntpd rejects bursts of requests coming from the same IP?
>>>>>>>>Thanks in advance,
>>>>>>>>Gianandrea Gobbo.
>>>>>>>If you poll the server continuously at intervals of less than 64
>>>>>>>seconds, most modern NTP servers will send you a "Kiss of Death" 
>>>>>>>Polling this frequently is considered abusive!  It's also 
>>>>>>>NTP is designed to work with poll intervals between 64 seconds and 
>>>>>>>seconds and will adjust its poll interval within that range as 
>>>>>>His question can be rephrased, what does ntpd do after it has sent the
>>>>>>Kiss of Death?
>>>>>>does it drop all subsequent packets? -- That sounds like a huge cost 
>>>>>>ntp server-- ie imagine a popular server with 10,000 machines it has 
>>>>>>the KoD to. It then has to scan that whole list for each packet to see 
>>>>>>it is in there-- something which takes time and destroys the ability 
>>>>>>to deliver its time base rapidly.
>>>>>>Note that how ntpd handles this situation depends on which version of 
>>>>>>you are running.
>>>>>>>There are two exceptions to the above.  You may specify the "iburst"
>>>>>>>keyword for a server and NTPD will send an INITIAL burst of eight
>>>>>>>request packets at intervals of two seconds.  This is designed for 
>>>>>>>startup.  After the initial burst, polling continues at intervals
>>>>>>>between 64 and 1024 seconds.
>>>>>>So how does the server know whether this burst is an iburst or is a 
>>>>>>client to which it should send a KoD?
>>>>>>>If you are using a dialup telephone connection for short periods 
>>>>>>>or four times a day, you may specify the "burst" keyword which sends
>>>>>>>eight requests two seconds apart at EACH poll interval.  "Burst" is 
>>>>>>>be used ONLY for brief periods with LONG intervals between them!
>>>>>>>It is customary to request permission from the owner of the server
>>>>>>>before using "burst".

More information about the questions mailing list