NTP for ASBRs?

• Previous message (by thread): NTP for ASBRs?
• Next message (by thread): NTP for ASBRs?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 8 May 2019 07:56:33 +0000
Lars Prehn <lprehn at mpi-inf.mpg.de> wrote:

> do you NTP sync your AS boundary routers? If so, what are incentives for 
> doing so? Are there incentives, e.g. security considerations, not to do it?

In addition to what others have mentioned, if these systems are to
perform route origin validation (ROV), an accurate notion of time would
be desirable.  From section 6 in IETF RFC 7115 / BCP 185 - Origin
Validation Operation Based on the Resource Public Key Infrastructure
(RPKI):

   As a router must evaluate certificates and ROAs that are time
   dependent, routers' clocks MUST be correct to a tolerance of
   approximately an hour.

John

• Previous message (by thread): NTP for ASBRs?
• Next message (by thread): NTP for ASBRs?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]