[ntp:questions] symmetric active while configurion uses server mode, RFC compliant or not?

Brian Utterback brian.utterback at oracle.com
Mon May 20 12:42:27 UTC 2013


Okay, that looks really weird. Just the rate of the packets seems very 
off, only 10s of milliseconds between packets.

The system whose IP address ends in b900::1:1 doesn't like it. The 
second packet it sends is a KOD packet that is complaining about the 
high rate of packets, and then it shuts down and refuses to respond 
anymore.

Packets 2 and 3 of the trace are the same packet, but with the hop count 
decremented from 56 to 51.

Actually, on closer inspection, of the 24 packets in the trace 
transmitted by 823d:1b13, they are all duplicates of only two packets. 
The same two packets are looping around your network, with the hop count 
going down by 5 each time, until they hit zero and are dropped.

Now, I grant that which ones are sending client, server, and symmetric 
active and symmetric passive is odd, but until you fix the looping, 
there is no telling what is causing that. It might be an artifact of the 
looping.

On 5/19/2013 5:28 AM, Joe the Shmoe wrote:
> On 18/05/2013 20:10, Brian Utterback wrote:
>> On 5/18/2013 3:14 AM, Joe the Shmoe wrote:
> [...]
>> This is non-intuitive and arguably incorrect according to the RFC, but
>> it is the programmed behavior.  There was a time when all Windows
>> clients used symmetric active mode, so to work around that ntpd with
>> nopeer configured responded with symmetric active mode packets but did
>> not mobilize the association. I don't know if they still use symmetric
>> active by default. Perhaps this should be revisited.
> Thank you for your explanations. I now understand the reason. Having
> made some tests after my question here, there is effectively a
> difference with a real symmetric passive which is shown by the 'peer'
> command of ntpdc or ntpq (= an association is mobilized?), while here
> hopefully that sort of "faked symmetric" exchanges on network side, do
> not show with that same command. I guess, one cannot introduce false
> time information to my server that way, if for example, the "symmetric
> client" spoofs a stratum 1 server.
>
>>> - Other symmetric active requests come from the server itself toward one
>>> of the 5 configured hosts. But the server only makes use of "server" in
>>> the configuration (no "peer" statement). This occurs after a first NTP
>>> client request to that configured host which get answered by two NTP
>>> server from the configured host.
>> Can you post the traces? I am not sure I follow.
> An extract of such NTP exchanges (wireshark capture) is available at:
> 	ftp host: edrusb.is-a-geek.org
> 	login: nobody
> 	password: ntp
>
>
>> Brian.
> Regards,
> Joe.
>
> _______________________________________________
> questions mailing list
> questions at lists.ntp.org
> http://lists.ntp.org/listinfo/questions



More information about the questions mailing list