NTP Sync Issue Across Tata (Europe)

• Previous message (by thread): NTP Sync Issue Across Tata (Europe)
• Next message (by thread): NTP Sync Issue Across Tata (Europe)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> On Aug 14, 2023, at 3:07 AM, Forrest Christian (List Account) <lists at packetflux.com> wrote:
> 
> I've responded in bits and pieces to this thread and haven't done an excellent job expressing my overall opinion.   This is probably because my initial goal was to point out that GPS-transmitted time is no less subject to being attacked than your garden variety NTP-transmitted time. Since this thread has evolved, I'd like to describe my overall position to be a bit clearer.
> 
	<SNIP/>
> 
> And finally, as a sort of a tl;dr; Summary:  Each operator needs to decide how critical time is to their network and pick a solution that works for them and fits the organization's budget.   Some operators might point everything at pool.ntp.org <http://pool.ntp.org/> and not run their own servers.  Others might run their own time lab and use that time to provide NTP time and precision time and frequency via various methods.  Most will be somewhere in between. But regardless of which you choose, please be aware that GPS isn't 100% secure, and neither is NTP. If attack resilience matters to you, you should think about all of the attack vectors and design something that is robust enough to meet your use case.
> 
This has been an interesting thread. I consider Forrest Christian’s note to be most cogent. Much of the GPS vs Internet sourcing arguments can probably be found in NANOG archives from many years ago. The threat list is longer now, but the problem of providing Time Service is still the same.

Twenty-five or so years ago my design process for providing Network Time Service to a large company intranet started with the business requirements for time service. The Management practice of “Not in my cost center” was fundamental to NOT attempting GPS-based deployment. The internal enterprise network provided a set of geographically distributed Stratum 2 servers having carefully firewalled access to a similar set of Stratum 1 servers with Internet access. The Stratum 0 server set list included NIST, USNO, and other similar sources distributed globally.

The magic of Dr. Mills algorithm made truechimers of the intranet NTP server set which did serve well for the lifetime of the company.

-
James R. Cutler 





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20230814/3ef5b0d2/attachment.html>

• Previous message (by thread): NTP Sync Issue Across Tata (Europe)
• Next message (by thread): NTP Sync Issue Across Tata (Europe)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]