North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: NTP, possible solutions, and best implementation

  • From: Ariel Biener
  • Date: Thu Oct 02 12:50:08 2003

On Thu, 2 Oct 2003 [email protected] wrote:


> Beware the single point of failure. If all your clocks come from GPS, then
> GPS is the SPOF. If they all come fram brand X manufacturer then that is
> the SPOF. A commercial service should be robust and use a combination of
> atomic clocks, GPS, radio time services, CDMA/GSM clocks combined with a
> sanity checker to watch all the clocks and detect bad timekeepers.

Yes, this is definetly an issue, and thus the clocks are at least one
cesium, and the other two are different vendors.

> Indeed.
> Hide this clock behind a packet filtering firewall or else use udprelay
> and an application layer gateway on UNIX to block everythingexcept NTP.
> In fact, if this is a commercial service you should hack udprelay so that
> it knows about the NTP protocol and can block non-customer traffic or
> malformed traffic or high volumes of traffic. That way, the UNIX

So what you are suggesting basically is to add an application layer sanity
checker and DoS preventer, am I right ?


--Ariel

--
Ariel Biener
e-mail: [email protected]
PGP(6.5.8) public key http://www.tau.ac.il/~ariel/pgp.html