[ntp:questions] NTP over redundant peer links, undetected loops

Danny Mayer mayer at ntp.org
Mon Feb 16 04:15:23 UTC 2009

Dave Hart wrote:
> On Feb 15, 6:23 pm, ma... at ntp.org (Danny Mayer) wrote:
>> Dave Hart wrote:
>>> Why play roulette if you have a globally unique IPv4 address to use as
>>> a refid?  Since IPv6 addresses are hashed down to 32 bits if used as a
>>> refid, again, IPv4 global addresses if available are better unique
>>> identifiers.
>> Because I want to get away from the notion that these are meant to be IP
>> addresses.
> Well, hash it.  As long as your hash is good, it the result should be
> as unique as the non-rfc1918, non-multicast, non-loopback IPv4
> address.  It breaks ntptrace and yes I know ntptrace is broken for
> IPv6 as well.  Looking at the loop detection functionality, a hashed
> unique IPv4 address is good as is the unmangled address.  Since
> there's a small installed base using IPv4 addresses now (and hashed
> IPv6), it might not be a good idea to change horses midstream.

No, generating a random RefID is sufficient. There's no work on figuring
out IP addresses or anything else.

ntptrace it turns out is fundamentally broken since it is using the
refid to do its work and that's wrong. I took at look at both John Hay's
code and Jeff Mogul's code and they are both wrong. I would have
expected Jeff's code at least to be correct. I assume that Glenn also
got it wrong since Jeff got the idea from Glenn.

>> In addition in an IPv6-only environment that wouldn't work
>> either.
> I have no idea why preferring any non-RFC1918 IPv4 address over any
> RFC1918 IPv4 address when selecting a refid would have any impact
> whatsoever in an IPv6-only environment, where today and presumably
> tomorrow your 32-bit refid would derive from one of your more unique
> IPv6 addresses.
>> Why create work when it's unnecessary just to find a valid IP
>> address?
> Maybe it's not worth doing anything special about widely-shared
> private IPv4 addresses.  If loop detection is all that matters, who
> cares about a few false positives?  Nowhere near as harmful as false
> negatives.

Exactly. That's why bothering with all that extra work that you are
suggesting isn't worth the effort.
>> In addition with anycast addresses are not globally unique.
> Anycast is worse than useless for NTP.  Non-issue.

All Anycast nodes that I know of (mainly DNS root servers) all run ntp
but I have always strongly emphasised that getting NTP time from any of
them is a really bad idea.

>> The
>> chances that you will create a non-unique random number within a network
>> is extremely low.
> nodes in network times one in two billion, or one in four billion,
> assuming a perfect PRNG.  But why gamble?  Global IPv4 addresses work
> today and are more than unique enough.  Same with IPv6 addresses using
> a consistent hash.  RFC1918 addresses, as I said, at worst lead to
> false positive loop detection and therefore reduce the server choice
> for the victim, not exactly the kind of thing that causes riots either
> way.

No. Don't bother with all the extra work. There's no benefit to doing so.


More information about the questions mailing list