[ntp:questions] Thoughts on KOD

Brian Inglis Brian.Inglis at SystematicSw.ab.ca
Sun Jul 6 16:33:13 UTC 2014


On 2014-07-05 15:40, Harlan Stenn wrote:
> Folks,
>
> I was chatting with PHK about:
>
>   http://support.ntp.org/bin/view/Dev/NtpProtocolResponseMatrix
>
>   http://bugs.ntp.org/show_bug.cgi?id=2367
>
> and how we probably want to extend KOD coverage to more than just the
> "limited" case.
>
> I was assuming folks would want finer-grained control over this
> behavior, and thought about being able to choose any of kod-limited,
> kod-noserve, and kod-query.
>
> PHK suggested that we consider going the other way - KOD would mean
> "Send KODs whenever appropriate".
>
> I wonder what the costs/benefits will be when weighing the extra
> complexity of "multiple choices" against "when the defaults change and
> we get new behavior that we can't tune, that costs us in X and Y."
>
> This gets a bit more complicated when taking into consideration:
>
> - we'll get more traffic from a NAT gateway
> - - do we need to be able to configure a threshhold for this case?
>
> - we should pay attention to how a client, whom we find to be abusive,
>    reacts to:
> - - getting no response
> - - getting a KOD response
>    and adapt accordingly.
>
> Discussion appreciated.  

Add exponential backoff to KOD responses to each source address such that
every time you get another packet within the threshold, you increase the
timeout during which you ignore incoming packets, before you again send a
KOD response: maybe use limit*count or leak^count for the repeat offenders.

Avoid logging DoS possibilities by logging only when more than maxburst
packets have been received, and increase that count each time logging occurs:
log only each time a power of maxburst is exceeded: 8, 64, 512, ...

Have the MRUlist manage itself such that it recycles entries only when they
are more than minpoll seconds old, or the list has reached its size limit.
Avoid memory and time issues by preallocating the desired MRUlist size at startup,
and if that fails, retry with half the number of entries until it succeeds.
Log a count of entries recycled sooner than minpool every hour (add to systats?)
and log the MRUlist size allocated at startup.

Ignore the NAT gateway issue: the NAT gateways will certainly ignore NTP just as
they ignore BCP 38: no benefit until their clients complain and it costs them! ;^>

-- 
Take care. Thanks, Brian Inglis


More information about the questions mailing list