[ntp:questions] Re: Public servers?
David L. Mills
mills at udel.edu
Fri Aug 1 05:42:14 UTC 2003
Restraint, restraint, I must breathe slowly.
Yes, verily, the problem is vast numbers of clients ganging up on
servers that have loudly hollered "Do not tread on me!" You have not
addresed squarely the access issue and I must conclude you do not
completelyi understand the depth of these issues.
With due respect, please try very hard to understand the anycast
protocol, which has no way of parsing the public rules of engagement. An
anycast server ipso facto volunteers service to any that asks.
DO NOT FIND A ROUTER THAT HAS NOT VOLUNTEERED EVER EVER EVER. The most
capable of which very much and violently object to deflecting from the
line card and fast path to a NTP server on a dinky CPU. Our campus
routers flame at 2.4 Gb/s. You get off the fast path with them, and our
IT department sends a hit squad.
The Twiki is not public as is the newsgroup. I do not want my flames to
be buried in anything else than an inflammable public forum.
No Twiki. None.
Harlan Stenn wrote:
> First, won't manycast solve this problem?
>>I apologize if my previous messages have not adequately and strongly
>>emphasized the issue: No cigar unless some way is found to either
>>guarantee a priori that servers returned by a ad hoc discorvery agent
>>have volunteered ubiquitous access (pool.ntp.org) or to respect the
>>rules of engagement prescribed in the public lists. Routine violation of
>>these rules has led to the premature departure of several servers
>>operated by national laboratories, which is a damn shame.
> Help me out here. You are talking about a case where a Large Number of
> folks start killing a low-stratum server that folks do not want touched.
> I am talking about a mechanism that will, for the most part:
> - find a router within a hop or three of the user's gateway
> - that is from their ISP
> - that is not an S2 or an S1 server
>>If somebody independently discovers one of our heavily restricted
>>servers and then comes up without knowing about or agreeing to the rules
>>of engagement in the public lists, I get really ugly, inspirationally
>>rude and in general creatively revengeful. There are a couple of server
>>operators in the public lists who are even more inflamable than me.
> Sure, but this mechanism won't find those, will it?
>>Please note really very carefully, there are numerous private stratum 1
>>and 2 servers whose access controls forbid no access outside the
>>institution at all. We have many servers in that category now protected
>>by draconian access control lists. You find one of those and you get a
>>kiss-o'-death packet in reply. It would then seem to require ad hoc
>>address collectors to properly respond to kiss packets.
> OK, and the mechanism I describe won't find these, will it?
>>Twiki not spoken here. Please keep this discussion on public airwaves
>>and not in in chat rooms.
> The TWiki is not a chat room.
> Nobody expects you to do anything there.
> The twiki is public. It is a forum where people can go and see answers
> and discussions that are archived, easily updated, and easily
> searchable, so we don't have to re-hash discussions like this ad nausem.
> You want this information easily available and you apparently don't want
> to be bothered by this stuff time and time again.
>>Harlan Stenn wrote:
>>>I think one solution to this problem is for the script that finds ntp
>>>- return the first system it finds
>>>- return additional servers until it finds an S2 server (which it would
>>> *not* return, and at that point it would stop looking for more
>>>How would that be?
>>>And I've started a topic on this at twiki.ntp.org. I'd appreciate more
>>>people adding to it (perhaps creating a ...Discussion topic underneath
More information about the questions