Filter NTP traffic by packet size?

Carsten Bormann cabo at tzi.org
Sat Feb 22 09:48:09 UTC 2014


>> (Just be careful not to try to "fight yesterday's war”.)

> yesterday's war = don't bring up that operators are having a real
> problem with UDP,

No, you don’t.

You are having a problem with applications that enable strongly amplified reflection.

(Yes, after the days of smurf passed, these are all on UDP, because it is hard to make that mistake with TCP, and nothing else is deployable.
Still, your problem is not “with UDP”, but with those applications.)

The obvious solution for a new protocol is to make sure that it doesn’t have that problem, whether it is layered on UDP or something else.
(In yesterday’s network, it *only* can be layered on UDP, because nothing else goes through NATs.)

Also, note that the NTP issue we are seeing right now is not a protocol problem at all, it is all about shoddy implementation.
The next problem is that the hammers you have to fix this at the network level really aren’t that good for fixing the rust on those implementations.

The QUIC people tell us they are able to talk UDP to about 93 % of the people they can talk TCP to.
So a part of the network will be stuck with running their applications on today’s TCP.
But that doesn’t mean that we can’t layer useful new stuff on UDP, it just will be less universally available.
(With those new applications coming online, blanket filtering of UDP will be exposed even more as the low-ball networking that it is, so I expect the workability of UDP to go up over time, not down.)

Grüße, Carsten




More information about the NANOG mailing list