[ntp:questions] Re: server's address in ntp payload?

David Schwartz davids at webmaster.com
Tue Nov 22 22:40:01 UTC 2005

"Danny Mayer" <mayer at ntp.isc.org> wrote in message 
news:43837586.5000403 at ntp.isc.org...

> David Schwartz wrote:

>>     That's nice but has nothing to do with how you tell whether two 
>> packets
>> with different source UDP addresses came from the same server or not.

>>     Consider a simple case. We have a simple server that is not using
>> authentication. It's on a LAN where a lot of machines have both public 
>> and
>> private IP addresses. We recognize our local and internal LANs by their 
>> IP
>> range and don't need to authenticate because spoof protection is done at 
>> the
>> boundaries. We are talking to both and, the
>> question is, are they the same machine or not?

> You cannot tell from the outside, nor should you usually care.

    You should care. If you think they're two different servers, you may 
give the time data double the weight it really should get.

> However,
> with all the stateful firewalls now in place if the response to a packet
> request gets sent from a different address than the address to which the
> packet was originally sent, the firewall will drop it as unmatched to
> the address and the requestor will never receive a response.

    That's not relevent to my example, wherein you have two addresses, 
queries to either of which elicit responses from that same address. The 
question is whether it's the same server twice, or not.

    I have seen NTP sync to the same server twice on two different IP 
addresses. So if there is a unique identifier that NTP could use to ignore 
duplicates, it doesn't use it as far as I've seen.


More information about the questions mailing list