[time] limiting client requests in NTP 4.2.0

Alan Watson a.watson
Mon Nov 17 01:23:15 UTC 2003


Paul-Andrew Joseph Miseiko mentioned a couple of weeks ago that ntpd
4.2.0 can be configured to ignore requests when a client exceeds limits
on the average or minimum interval between requests. I've been
considering appropriate values for these limits.

For the sake of argument, let's consider well behaved clients to be
those that use a minpoll of 6 or more, do not use burst mode, but might
use an initial ntpdate, let's consider poorly behaved clients to be
those that use a minpoll of 5 or less, and let's consider appropriate
limits to be those that deny service to poorly behaved clients while
allowing service to well behaved clients. (Note that by these
definitions there are clients which are neither well behaved nor poorly
behaved, such as those using minpoll 8 and burst mode. More on these
later.)

My initial thought was that limiting the average interval of a bit less
than 64 seconds, say 60 seconds, might be appropriate, but on
consideration this seems to be wrong. Let's take the fairly common case
of a well behaved client that starts up by running ntpdate and then runs
ntpd with a minpoll of 6. The server does not check the limits until the
10th request (i.e., the first 9 requests are allowed regardless). The
requests arrive roughly as follows:

  4 requests from ntpdate
  1 request from ntp
  interval of about 64 seconds
  1 request from ntp
  interval of about 64 seconds
  1 request from ntp
  interval of about 64 seconds
  1 request from ntp
  interval of about 64 seconds
  1 request from ntp
  interval of about 64 seconds
  1 request from ntp

When the 10th request arrives and the server starts considering the
limits, the average interval is only about 5 * 64 seconds / 9 = 36
seconds. A limit of 60 seconds is far too restrictive.

A better idea might be to limit the average interval to be only slightly
above 32 seconds, say 34 seconds or to limit the minimum interval to a
bit less than 64 seconds, say 60 seconds. Both should allow service to
well behaved clients and both should deny service to poorly behaved
clients. They differ in the treatment of ambiguous clients using burst
or iburst mode. Limiting the average interval to 34 seconds allows
clients to use burst mode provided they restrict themselves to minpoll 8
or more; limiting the minimum interval to 60 seconds allows clients to
use burst mode even with a minpoll of 6, but only replies to the first
request of each burst. Another difference is that a limit on the minimum
interval can cause the daemon to react to changes in client behaviour
(both from good to bad and from bad to good) more quickly than a limit
on the average interval.

I'm inclined to limit the average interval to 34 seconds.

Comments?

Regards,

Alan
-- 
Dr Alan Watson
Centro de Radioastronomía y Astrofísica UNAM


More information about the pool mailing list