[time] limiting client requests in NTP 4.2.0
Mon Nov 17 08:16:39 UTC 2003
>I'm inclined to limit the average interval to 34 seconds.
I haven't familiarized myself with the 4.2.0 rate limiting features, so I
may be a bit off here.. but a few thoughts anyway.
One thing to consider when limiting the rate of queries is the failure
modes of those clients that behave badly. We know that ntpd will take the
resulting(?) KoD-packet seriously and stop querying the server that issued
the packet. But do we know that those clients that behave badly won't
decrease their poll interval to 1 second when they get the KoD-packet or
no reply at all, for example? As many of you know, this happened a while
ago to one university, when a very badly written ntp client embedded in
network hardware started sending queries once per second if it did not
receive a reply.
I'd assume that most clients will handle the situation gracefully, at
least by not increasing their poll interval. I'd also guess that many
shareware/freeware ntp client-implementations (for windows) won't
understand the KoD-packet, because it is usually not seen. And if it's not
commonly seen, then those taking shortcuts implementing protocols skip
over it.. the result might be no change in client behavior or something
between stopping queries or retrying the query immediately.
Anothing thing is clients coming from behind a NAT-firewall. I haven't
looked at the rate limiting code in ntpd, but I would guess that it
assumes all packets coming from the same IP address as belonging to the
same client. This can lead to rate limiting triggering even if no one
client exceeds the limits. Of course one that actively uses NTP and has a
NAT-firewall with plenty of machines should probably run an NTP-server of
their own. But there are a lot of home networks that have a handful of
clients behind a simple NAT-firewall. On the other hand due to the DNS
round-robin feature, it's not likely that all clients behind the same
NAT-firewall end up querying the same server. On the other hand there are
some resolvers that don't properly rotate the results and instead always
return the same IP address..
Another thing that came to mind: once the rate limiting code triggers in
the ntpd serving the time, does it ignore queries from the same IP address
until the server is restarted? If an ISP has an abusive client that always
gets a different dynamically assigned IP address, this might not be what
you want. Some kind of timeout (days or maybe even weeks) might be useful
here. Again, I haven't checked the documentation/source code.
I'm not going to recommend a rate limiting setting, just wanted to point
out a few things.
More information about the pool