UDP/123 policers & status

• Previous message (by thread): UDP/123 policers & status
• Next message (by thread): UDP/123 policers & status
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello,

I am one of the authors of the NTS for NTP specification,
<https://datatracker.ietf.org/doc/draft-ietf-ntp-using-nts-for-ntp/>.

Steven described this well, and as he wrote, the first step in the NTS
procedure is to contact a Key Establishment (KE) server, the KE server
will point to the NTP server and port to use, also taking into
consideration what the client requested, if it did.

The NTP packets will be larger than what they are today, since they
contain one or sometimes more than one “cookies” or “cookie placeholders”
(a measure to make amplification impossible).

Today, some points in the internet still filter port 123 on size.

If this continues, NTS enabled NTP server owners will likely not run
the corresponding NTP server on port 123, since there is no need to,
they can run it on an arbitrary port.

There seems to be no willingness from the ISP community to try to
clean up the old NTP traffic amplifiers that are still out there.

Is this really what the ISP community wants - to kill off port 123,
and force NTP to move to random ports?

Ragnar

• Previous message (by thread): UDP/123 policers & status
• Next message (by thread): UDP/123 policers & status
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]