nanog mailing list archives
Re: NTP Sync Issue Across Tata (Europe)
From: James R Cutler <james.cutler () consultant com>
Date: Mon, 14 Aug 2023 08:59:21 -0400
On Aug 14, 2023, at 3:07 AM, Forrest Christian (List Account) <lists () packetflux com> wrote: I've responded in bits and pieces to this thread and haven't done an excellent job expressing my overall opinion. This is probably because my initial goal was to point out that GPS-transmitted time is no less subject to being attacked than your garden variety NTP-transmitted time. Since this thread has evolved, I'd like to describe my overall position to be a bit clearer.
<SNIP/>
And finally, as a sort of a tl;dr; Summary: Each operator needs to decide how critical time is to their network and pick a solution that works for them and fits the organization's budget. Some operators might point everything at pool.ntp.org <http://pool.ntp.org/> and not run their own servers. Others might run their own time lab and use that time to provide NTP time and precision time and frequency via various methods. Most will be somewhere in between. But regardless of which you choose, please be aware that GPS isn't 100% secure, and neither is NTP. If attack resilience matters to you, you should think about all of the attack vectors and design something that is robust enough to meet your use case.
This has been an interesting thread. I consider Forrest Christian’s note to be most cogent. Much of the GPS vs Internet sourcing arguments can probably be found in NANOG archives from many years ago. The threat list is longer now, but the problem of providing Time Service is still the same. Twenty-five or so years ago my design process for providing Network Time Service to a large company intranet started with the business requirements for time service. The Management practice of “Not in my cost center” was fundamental to NOT attempting GPS-based deployment. The internal enterprise network provided a set of geographically distributed Stratum 2 servers having carefully firewalled access to a similar set of Stratum 1 servers with Internet access. The Stratum 0 server set list included NIST, USNO, and other similar sources distributed globally. The magic of Dr. Mills algorithm made truechimers of the intranet NTP server set which did serve well for the lifetime of the company. - James R. Cutler
Current thread:
- Re: NTP Sync Issue Across Tata (Europe), (continued)
- Re: NTP Sync Issue Across Tata (Europe) Forrest Christian (List Account) (Aug 09)
- Re: NTP Sync Issue Across Tata (Europe) Masataka Ohta (Aug 11)
- Re: NTP Sync Issue Across Tata (Europe) Forrest Christian (List Account) (Aug 11)
- Re: NTP Sync Issue Across Tata (Europe) Masataka Ohta (Aug 11)
- Re: NTP Sync Issue Across Tata (Europe) John Gilmore (Aug 12)
- Re: NTP Sync Issue Across Tata (Europe) Masataka Ohta (Aug 13)
- Re: NTP Sync Issue Across Tata (Europe) Forrest Christian (List Account) (Aug 14)
- Re: NTP Sync Issue Across Tata (Europe) Mel Beckman (Aug 14)
- Re: NTP Sync Issue Across Tata (Europe) Forrest Christian (List Account) (Aug 14)
- Re: NTP Sync Issue Across Tata (Europe) sronan (Aug 16)
- Re: NTP Sync Issue Across Tata (Europe) James R Cutler (Aug 14)
- Re: NTP Sync Issue Across Tata (Europe) Mike Hammett (Aug 14)
- Re: NTP Sync Issue Across Tata (Europe) Mike Hammett (Aug 13)
- Re: NTP Sync Issue Across Tata (Europe) Masataka Ohta (Aug 14)
- Re: NTP Sync Issue Across Tata (Europe) Masataka Ohta (Aug 09)
- Re: NTP Sync Issue Across Tata (Europe) Jay R. Ashworth (Aug 13)
- Re: NTP Sync Issue Across Tata (Europe) Mark Tinka (Aug 07)
- Re: NTP Sync Issue Across Tata (Europe) Giovane C. M. Moura via NANOG (Aug 07)