[ntp:questions] 1 Machine, 2 NICs, 2 Instances of ntpd; Possible?

Danny Mayer mayer at ntp.isc.org
Sat Mar 15 01:45:01 UTC 2008


Maarten Wiltink wrote:
> "Steve Kostecke" <kostecke at ntp.org> wrote in message
> news:slrnftdkhp.knr.kostecke at stasis.kostecke.net...
> [...]
>> Currently NTP uses port 123/UDP for both the source and destination
>> port. What you are proposing would require the use of a different source
>> port to work on a single-homed host. This would result in a DOS when
>> polling a server that enforces the NTP port.
> 
> I'm no IP wizard, but isn't there a SO_REUSEPORT flag or something
> like that?
> 

Yes, but you cannot have two different applications *listening* on the 
same address/port at the same time without major problems.

> Anyway, I frankly doubt that requiring a specific source port is
> still a good thing. Dit it ever accomplish anything above testing
> that the sender has root on the remote machine? By now, it mostly
> serves to chase off innocent NATted clients.
> 
> 

There is actually nothing wrong with sending queries on a different port 
except that you now have twice as many interfaces to listen on and manage.

>> Another thing to consider is the fact that you would now have two
>> processes which both require high priority access to the system clock.
> 
> I can see how that would be a party killer. But the current, monolithic
> NTP can't discipline the clock and answer polls at the exact same time,
> either.

That doesn't matter. Having two different processes is more expense CPU 
and performance-wise than a single server doing both. I have also 
pounded an NTP server (trying to reproduce a bug) and the server barely 
notices the load. My system certainly didn't.

  The obvious choice would be to give the client part priority
> over the server part. Things might actually get *better*.
> 

No it would be worse since you now have two processes competing with 
each other for system resources instead of just one, not to mention your 
having to manage it.

> At thirty-
> seven, all I have left is the questionable sideline-based wisdom to
> see room for improvement.

I'm much older than you then and I can still do it.

Danny



More information about the questions mailing list