nanog mailing list archives
Re: NTP, possible solutions, and best implementation
From: Ariel Biener <ariel () fireball tau ac il>
Date: Thu, 2 Oct 2003 19:47:53 +0300 (IDT)
On Thu, 2 Oct 2003 Michael.Dillon () radianz com wrote:
Beware the single point of failure. If all your clocks come from GPS, then GPS is the SPOF. If they all come fram brand X manufacturer then that is the SPOF. A commercial service should be robust and use a combination of atomic clocks, GPS, radio time services, CDMA/GSM clocks combined with a sanity checker to watch all the clocks and detect bad timekeepers.
Yes, this is definetly an issue, and thus the clocks are at least one cesium, and the other two are different vendors.
Indeed. Hide this clock behind a packet filtering firewall or else use udprelay and an application layer gateway on UNIX to block everythingexcept NTP. In fact, if this is a commercial service you should hack udprelay so that it knows about the NTP protocol and can block non-customer traffic or malformed traffic or high volumes of traffic. That way, the UNIX
So what you are suggesting basically is to add an application layer sanity checker and DoS preventer, am I right ? --Ariel -- Ariel Biener e-mail: ariel () post tau ac il PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html
Current thread:
- NTP, possible solutions, and best implementation Ariel Biener (Oct 02)
- Re: NTP, possible solutions, and best implementation David G. Andersen (Oct 02)
- Re: NTP, possible solutions, and best implementation Scott McGrath (Oct 03)
- Re: NTP, possible solutions, and best implementation Ariel Biener (Oct 03)
- Re: NTP, possible solutions, and best implementation Nathan J. Mehl (Oct 03)
- Re: NTP, possible solutions, and best implementation Robert E. Seastrom (Oct 03)
- <Possible follow-ups>
- Re: NTP, possible solutions, and best implementation Michael . Dillon (Oct 02)
- Re: NTP, possible solutions, and best implementation Ariel Biener (Oct 02)
- Re: NTP, possible solutions, and best implementation Eliot Lear (Oct 02)
- Re: NTP, possible solutions, and best implementation just me (Oct 02)
- Re: NTP, possible solutions, and best implementation Gary E. Miller (Oct 02)
- Re: NTP, possible solutions, and best implementation Eliot Lear (Oct 02)
- RE: NTP, possible solutions, and best implementation David Schwartz (Oct 02)
- Re: NTP, possible solutions, and best implementation joe mcguckin (Oct 02)
- RE: NTP, possible solutions, and best implementation David Schwartz (Oct 02)
- RE: NTP, possible solutions, and best implementation Owen DeLong (Oct 03)
- Re: NTP, possible solutions, and best implementation Marshall Eubanks (Oct 03)
- Re: NTP, possible solutions, and best implementation Scott McGrath (Oct 03)