nanog mailing list archives
Re: TWC (AS11351) blocking all NTP?
From: "Dobbins, Roland" <rdobbins () arbor net>
Date: Mon, 3 Feb 2014 06:16:23 +0000
On Feb 3, 2014, at 1:02 PM, Dobbins, Roland <rdobbins () arbor net> wrote:
b) enforce their AUPs (most broadband operators prohibit operating servers) by blocking *inbound* UDP/123 traffic towards their customers at the customer aggregation edge
Actually, this can cause problems for ntpds operating in symmetric mode, where both the source and destination ports are UDP/123. Allowing inbound UDP/123 - UDP/123 and then rate-limiting it would be one approach; another would be to block outbound UDP/123 emanating from customers based upon packet size, if one's hardware allows matching on size in ACLs. ----------------------------------------------------------------------- Roland Dobbins <rdobbins () arbor net> // <http://www.arbornetworks.com> Luck is the residue of opportunity and design. -- John Milton
Current thread:
- TWC (AS11351) blocking all NTP? Jonathan Towne (Feb 01)
- Re: TWC (AS11351) blocking all NTP? Paul Ferguson (Feb 02)
- Re: TWC (AS11351) blocking all NTP? Jonathan Towne (Feb 02)
- Re: TWC (AS11351) blocking all NTP? John Levine (Feb 02)
- Re: TWC (AS11351) blocking all NTP? Michael DeMan (Feb 02)
- Re: TWC (AS11351) blocking all NTP? Dobbins, Roland (Feb 02)
- Re: TWC (AS11351) blocking all NTP? Dobbins, Roland (Feb 02)
- Re: TWC (AS11351) blocking all NTP? Michael DeMan (Feb 02)
- Re: TWC (AS11351) blocking all NTP? Dobbins, Roland (Feb 02)
- Re: TWC (AS11351) blocking all NTP? John Kristoff (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Dobbins, Roland (Feb 03)
- Re: TWC (AS11351) blocking all NTP? John Levine (Feb 02)
- Re: TWC (AS11351) blocking all NTP? John Levine (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Valdis . Kletnieks (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Livingood, Jason (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Jared Mauch (Feb 03)
- Re: TWC (AS11351) blocking all NTP? Matthew Petach (Feb 02)