nanog mailing list archives
Filter NTP traffic by packet size?
From: Edward Roels <edwardroels () gmail com>
Date: Thu, 20 Feb 2014 15:41:27 -0500
Curious if anyone else thinks filtering out NTP packets above a certain packet size is a good or terrible idea.
From my brief testing it seems 90 bytes for IPv4 and 110 bytes for IPv6 are
typical for a client to successfully synchronize to an NTP server. If I query a server for it's list of peers (ntpq -np <ip>) I've seen packets as large as 522 bytes in a single packet in response to a 54 byte query. I'll admit I'm not 100% clear of the what is happening protocol-wise when I perform this query. I see there are multiple packets back forth between me and the server depending on the number of peers it has? Would I be breaking something important if I started to filter NTP packets
200 bytes into my network?
Current thread:
- Filter NTP traffic by packet size? Edward Roels (Feb 20)
- Re: Filter NTP traffic by packet size? John Weekes (Feb 20)
- Re: Filter NTP traffic by packet size? Jared Mauch (Feb 20)
- Re: Filter NTP traffic by packet size? Damian Menscher (Feb 20)
- Re: Filter NTP traffic by packet size? TGLASSEY (Feb 20)
- Re: Filter NTP traffic by packet size? Cb B (Feb 21)
- Re: Filter NTP traffic by packet size? Damian Menscher (Feb 21)
- Re: Filter NTP traffic by packet size? Cb B (Feb 21)
- Re: Filter NTP traffic by packet size? Seth Mattinen (Feb 21)
- Re: Filter NTP traffic by packet size? Saku Ytti (Feb 22)
- Re: Filter NTP traffic by packet size? Carsten Bormann (Feb 22)
- Re: Filter NTP traffic by packet size? Jared Mauch (Feb 20)
- Re: Filter NTP traffic by packet size? John Weekes (Feb 20)