NTP for ASBRs?
John Kristoff
jtk at depaul.edu
Wed May 8 16:17:11 UTC 2019
On Wed, 8 May 2019 07:56:33 +0000
Lars Prehn <lprehn at mpi-inf.mpg.de> wrote:
> do you NTP sync your AS boundary routers? If so, what are incentives for
> doing so? Are there incentives, e.g. security considerations, not to do it?
In addition to what others have mentioned, if these systems are to
perform route origin validation (ROV), an accurate notion of time would
be desirable. From section 6 in IETF RFC 7115 / BCP 185 - Origin
Validation Operation Based on the Resource Public Key Infrastructure
(RPKI):
As a router must evaluate certificates and ROAs that are time
dependent, routers' clocks MUST be correct to a tolerance of
approximately an hour.
John
More information about the NANOG
mailing list