[ntp:questions] Regarding Primary/Secondary NTP setup

Danny Mayer mayer at ntp.org
Sun Feb 22 19:31:09 UTC 2009


malayter at gmail.com wrote:
> On Feb 19, 2009 12:28pm, Danny Mayer <mayer at ntp.org> wrote:
>> You should avoid NAT devices as they cause problems with the source and
>> destination addresses. This gets really bad with autokey.
> 
> Avoiding NAT is impossible in today's Internet; we only have about 2 years  
> of IPv4 addresses left at current allocation rates.
> 
> This is why NTP autokey is DOA in my opinion. Any protocol that cannot deal  
> with NAT sensibly simply will not be widely deployed (at least until IPv6  
> is universally available and routable, which will be about the same time  
> hell freezes over).

No, NAT is a hack and a bad one at that. If you cannot rely on the
packet and its headers you cannot rely on anything that is received. It
also means that you can easily fake queries. You don't want to go there.

Danny

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the questions mailing list