Re: [time-nuts] Cloudflare
Tim Shoppa writes: > I have been observing time.cloudflare.com latency and accuracy the past 3 > days. >From my home network it is actually pretty bad compared to some other servers. It's likely the network and not the server, though. > It is a stratum 3 server, so folks might think that it's not as good as a > Stratum 1 or Stratum 2. > > BUT... it has exceptionally low latency and it seems very likely it's > Stratum 3 because it is fed by a well-maintained set of highly redundant > sources. The NTP stratum hierarchy is not a bad idea but really no end-user > has any actual need to hook up to a real Stratum 1 and would almost always > be better suited to choose a lower stratum server fed with a highly curated > list of good Stratum 1/2's. The thing is that you can't really know that, since getting permission to use a particular NTP server by writing an email or even a snail mail has been falling out of favor. And even if you do know there's an awful lot of stuff going on with the routing these days that neither you nor the other end has any control over. > It seems possible given cloudflare's diverse geographic servers, that folks > will get directed to a nearby low-latency server every time they resolve > the name. That's the idea, yes. I actually get a pretty short route (in number of network hops), but latency should be about half what I'm getting considering the geographical distance. It's one particular intermediate link that adds most of that latency. Also there is extra asymmetry on top of what my VDSL line produces normally. Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Waldorf MIDI Implementation & additional documentation: http://Synth.Stromeko.net/Downloads.html#WaldorfDocs ___ time-nuts mailing list -- time-nuts@lists.febo.com To unsubscribe, go to http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com and follow the instructions there.
Re: [time-nuts] Cloudflare
I have been observing time.cloudflare.com latency and accuracy the past 3
days.
It is a stratum 3 server, so folks might think that it's not as good as a
Stratum 1 or Stratum 2.
BUT... it has exceptionally low latency and it seems very likely it's
Stratum 3 because it is fed by a well-maintained set of highly redundant
sources. The NTP stratum hierarchy is not a bad idea but really no end-user
has any actual need to hook up to a real Stratum 1 and would almost always
be better suited to choose a lower stratum server fed with a highly curated
list of good Stratum 1/2's.
It seems possible given cloudflare's diverse geographic servers, that folks
will get directed to a nearby low-latency server every time they resolve
the name.
Tim N3QE
On Fri, Jun 21, 2019 at 4:03 PM Marco Davids via time-nuts <
time-nuts@lists.febo.com> wrote:
> Opinions, anyone?
>
> https://blog.cloudflare.com/secure-time/amp/
>
> ("Introducing time.cloudflare.com")
>
> --
> Marco
>
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
I bought one of these (https://www.ebay.com/itm/GPSDO-10M-Output-GPS-Disciplined-Oscillator-Clock-Sinusoidal-Wave-RS232-US-SHIP/172933685909?ssPageName=STRK%3AMEBIDX%3AIT&_trksid=p2057872.m2749.l2649) a couple of months ago. I only have a 9-digit frequency counter to measure it with, and the counter only has a 1 ppm TCXO, but, subject to those constraints, it's been rock solid. Lot less expensive than a Trimble. Interior photos here (https://www.eevblog.com/forum/testgear/bg7tbl-gpsdo-master-reference/msg2457417/#msg2457417). Karl -Original Message- From: time-nuts On Behalf Of Don Meadows Sent: Friday, June 21, 2019 7:28 AM To: time-nuts@lists.febo.com Subject: [time-nuts] GPSDO 10MHZ Splitter I don’t have a GPSDO yet, I just can’t decide on one. I am leaning to the Trimble, but it’s still undecided. Could anyone comment on buying a “Refurbished by Seller” GPSDO on E-bay. They are a few dollars cheaper, but I really want one I can have trust and confidence in. Sorry for the long post. Thanks, Don Sent from Mail for Windows 10 ___ time-nuts mailing list -- time-nuts@lists.febo.com To unsubscribe, go to http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com and follow the instructions there. On Sat, Jun 22, 2019 at 3:00 PM -0700, "Hal Murray" mailto:hmur...@megapathdsl.net>> wrote: kb...@n1k.org said: > Given the relatively low cost of a GPS based “Stratum 1†NTP, it’s not > real > clear why (at the end of the paper) they go off and “exchange emails > individually with the organizations that run stratum 1 servers, as well as > negotiate permission to use them.†to source the root time for the system. > I > would have thought that some sort of combo of on site and off site sources > would be at the “top of the treeâ€. I have no inside information... Maybe reading between some lines. It's a tangled mess. Some of their 180 sites do not have stratum 1 servers and/or they may want to use external stratum 1 servers for sanity check and backup. Many sites with stratum 1 servers do not want the load they would get from general public access but are happy to allow access for a good reason. Negotiating that access would probably involve email. They are using (old) shared key authentication. (probably because the servers they want to talk to don't support NTS yet) That requires out of band communications to setup the shared key. Email is probably the most convenient way to do that. -- These are my opinions. I hate spam. ___ time-nuts mailing list -- time-nuts@lists.febo.com To unsubscribe, go to http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com and follow the instructions there.
Re: [time-nuts] Cloudflare
kb...@n1k.org said: > Given the relatively low cost of a GPS based âStratum 1â NTP, itâs not > real > clear why (at the end of the paper) they go off and âexchange emails > individually with the organizations that run stratum 1 servers, as well as > negotiate permission to use them.â to source the root time for the system. > I > would have thought that some sort of combo of on site and off site sources > would be at the âtop of the treeâ. I have no inside information... Maybe reading between some lines. It's a tangled mess. Some of their 180 sites do not have stratum 1 servers and/or they may want to use external stratum 1 servers for sanity check and backup. Many sites with stratum 1 servers do not want the load they would get from general public access but are happy to allow access for a good reason. Negotiating that access would probably involve email. They are using (old) shared key authentication. (probably because the servers they want to talk to don't support NTS yet) That requires out of band communications to setup the shared key. Email is probably the most convenient way to do that. -- These are my opinions. I hate spam. ___ time-nuts mailing list -- time-nuts@lists.febo.com To unsubscribe, go to http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com and follow the instructions there.
Re: [time-nuts] Cloudflare
[Sorry about going off-topic. I'll stop now.] On Sat, Jun 22, 2019 at 3:42 AM Hal Murray wrote: > > 2) Anycast. > > What does anycast mean when DNS returns 2 IPv4 addresses? Is the client > expected to do anything other than use the first address returned? > No. The name is a *server* target not a *pool* target. Using more than one address can result in a single source masquerading as multiple sources which is not considered best practice when building an NTP network. On Sat, Jun 22, 2019 at 10:19 AM Bob kb8tq wrote: > One traditional answer is the “run to the window” approach. > Cloudflare says they have 11 offices in 6 countries. They probably have some (proxy) windows and I would expect excellent network access. ___ time-nuts mailing list -- time-nuts@lists.febo.com To unsubscribe, go to http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com and follow the instructions there.
Re: [time-nuts] Cloudflare
On Sat, Jun 22, 2019 at 11:02 AM Didier Juges wrote:
> Wow, what a well written article.
>
Thanks!
>
> I have been using Cloudflare's DNS service since it was introduced.
> Absolutely no issues whatsoever. These people are top notch.
> I anticipate this new service will be as well.
>
Agreed.
>
> Didier KO4BB
>
> On Fri, Jun 21, 2019, 3:03 PM Marco Davids via time-nuts <
> time-nuts@lists.febo.com> wrote:
>
> > Opinions, anyone?
> >
> > https://blog.cloudflare.com/secure-time/amp/
> >
> > ("Introducing time.cloudflare.com")
> >
> > --
> > Marco
> >
> > ___
> > time-nuts mailing list -- time-nuts@lists.febo.com
> > To unsubscribe, go to
> > http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> > and follow the instructions there.
> >
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
hi
On Fri, Jun 21, 2019 at 11:01 PM Sanjeev Gupta wrote:
> Bob,
>
> The hardware is cheap. The software is free. The skills to deploy are
> widely available. But...
>
> A cable run from your rack in the middle of the datacenter, through to the
> roof, is either impossible or thousands of dollars and weeks of planning.
>
> Data centers can run wires within the building for exorbitant costs, asking
> them to run one to the exterior is, well, impossible.
>
+1
>
> --
> Sanjeev Gupta
> +65 98551208 http://www.linkedin.com/in/ghane
>
>
> On Sat, Jun 22, 2019 at 6:06 AM Bob kb8tq wrote:
>
> > Hi
> >
> > Given the relatively low cost of a GPS based “Stratum 1” NTP, it’s not
> > real clear
> > why (at the end of the paper) they go off and “exchange emails
> > individually with the
> > organizations that run stratum 1 servers, as well as negotiate permission
> > to use them.”
> > to source the root time for the system. I would have thought that some
> > sort of combo
> > of on site and off site sources would be at the “top of the tree”.
> >
> > Bob
> >
> > > On Jun 21, 2019, at 2:20 PM, Marco Davids via time-nuts <
> > time-nuts@lists.febo.com> wrote:
> > >
> > > Opinions, anyone?
> > >
> > > https://blog.cloudflare.com/secure-time/amp/
> > >
> > > ("Introducing time.cloudflare.com")
> > >
> > > --
> > > Marco
> > >
> > > ___
> > > time-nuts mailing list -- time-nuts@lists.febo.com
> > > To unsubscribe, go to
> > http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> > > and follow the instructions there.
> >
> > ___
> > time-nuts mailing list -- time-nuts@lists.febo.com
> > To unsubscribe, go to
> > http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> > and follow the instructions there.
> >
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
Hi
I’m not advocating that you must have 185 “in house Stratum 1 devices. I’m
really saying that having a limited number of devices that you have full control
over *is* a good idea. Is that three or is it thirty? Obviously the more the
better, but
the big boost comes from at least having a couple.
Yes there are all sorts of assumptions down in the bowels of that suggestion.
None of them may be correct. If so…. sorry about that !!!
There might seem to be an implicit suggestion that they be GPS/ GNSS based.
Actually a mix of time sources would be better than all of them depending on
one source. GNSS is nice because one gizmo could be deployed anywhere in
the world. Doing things off of MSF / WWVB etc gets into region specific
configuration
(and possibly region specific hardware).
Bob
> On Jun 22, 2019, at 11:30 AM, Aanchal Malhotra wrote:
>
> Hi,
>
> On Fri, Jun 21, 2019 at 6:07 PM Bob kb8tq wrote:
>
>> Hi
>>
>> Given the relatively low cost of a GPS based “Stratum 1” NTP, it’s not
>> real clear
>> why (at the end of the paper) they go off and “exchange emails
>> individually with the
>> organizations that run stratum 1 servers, as well as negotiate permission
>> to use them.”
>> to source the root time for the system. I would have thought that some
>> sort of combo
>> of on site and off site sources would be at the “top of the tree”.
>>
>
> CF does not own their 185 datacenters across the globe. These are rented
> spaces. Some are not affable to GPS setup (no rooftop access or GPS farms
> etc.). Even if they were there is extra cost for GPS setup, rent,
> maintenance, requires traveling to remote physical locations if something
> goes wrong and more... CF has 185 datacenters and so the cost and effort
> accumulates. Using external stratum 1 servers was a more reasonable option.
> CF made sure that their servers are connected to the closest available
> authenticated S1s.
> Buying their own S1s is definitely on the table.
>
> Best,
> Aanchal.
>
>>
>> Bob
>>
>>> On Jun 21, 2019, at 2:20 PM, Marco Davids via time-nuts <
>> time-nuts@lists.febo.com> wrote:
>>>
>>> Opinions, anyone?
>>>
>>> https://blog.cloudflare.com/secure-time/amp/
>>>
>>> ("Introducing time.cloudflare.com")
>>>
>>> --
>>> Marco
>>>
>>> ___
>>> time-nuts mailing list -- time-nuts@lists.febo.com
>>> To unsubscribe, go to
>> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
>>> and follow the instructions there.
>>
>> ___
>> time-nuts mailing list -- time-nuts@lists.febo.com
>> To unsubscribe, go to
>> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
>> and follow the instructions there.
>>
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
On Sat, Jun 22, 2019 at 6:00 AM Bob Bownes wrote: > > Most of the good data centers I’ve used either offer a connection to a > stratum 1 server or are more than happy to put a antenna on the roof. Many > offer microwave as a third redundant circuit path, which requires an > antenna. All for a price, of course. > > When I worked for an ILEC, many moons ago, we had two and a half floors at > 60 Hudson St. Our stratum 1 antenna was literally glued to a window. Next > to a 10GHz dish. :) > > My hotel in Toronto two weeks ago overlooked a building that was clearly > someone’s data center, based on the 6 generators, massive AC, numerous > microwave links, and yes, GPS bullet antennas, covering the roof. > > Bob > Because of MIFID II etc. some datacenters are now providing traceable time services https://www.npl.co.uk/products-services/time-frequency/npltime/npl-ubs-whitepaper (NPL is the UK equiv of NIST in the US) As others have said, to get a cross connect is one thing, to get roof access is another. Cheers Arne ___ time-nuts mailing list -- time-nuts@lists.febo.com To unsubscribe, go to http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com and follow the instructions there.
Re: [time-nuts] Cloudflare
Hi,
On Fri, Jun 21, 2019 at 6:07 PM Bob kb8tq wrote:
> Hi
>
> Given the relatively low cost of a GPS based “Stratum 1” NTP, it’s not
> real clear
> why (at the end of the paper) they go off and “exchange emails
> individually with the
> organizations that run stratum 1 servers, as well as negotiate permission
> to use them.”
> to source the root time for the system. I would have thought that some
> sort of combo
> of on site and off site sources would be at the “top of the tree”.
>
CF does not own their 185 datacenters across the globe. These are rented
spaces. Some are not affable to GPS setup (no rooftop access or GPS farms
etc.). Even if they were there is extra cost for GPS setup, rent,
maintenance, requires traveling to remote physical locations if something
goes wrong and more... CF has 185 datacenters and so the cost and effort
accumulates. Using external stratum 1 servers was a more reasonable option.
CF made sure that their servers are connected to the closest available
authenticated S1s.
Buying their own S1s is definitely on the table.
Best,
Aanchal.
>
> Bob
>
> > On Jun 21, 2019, at 2:20 PM, Marco Davids via time-nuts <
> time-nuts@lists.febo.com> wrote:
> >
> > Opinions, anyone?
> >
> > https://blog.cloudflare.com/secure-time/amp/
> >
> > ("Introducing time.cloudflare.com")
> >
> > --
> > Marco
> >
> > ___
> > time-nuts mailing list -- time-nuts@lists.febo.com
> > To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> > and follow the instructions there.
>
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
Wow, what a well written article.
I have been using Cloudflare's DNS service since it was introduced.
Absolutely no issues whatsoever. These people are top notch.
I anticipate this new service will be as well.
Didier KO4BB
On Fri, Jun 21, 2019, 3:03 PM Marco Davids via time-nuts <
time-nuts@lists.febo.com> wrote:
> Opinions, anyone?
>
> https://blog.cloudflare.com/secure-time/amp/
>
> ("Introducing time.cloudflare.com")
>
> --
> Marco
>
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
Hi
Sorry for the double post
Actually there *is* another answer:
Run an atomic clock.
That sounds exotic and really expensive. In fact they are a sub $1,000 sort
of item in bulk (like hundreds). A Rubidium based device will hold “rate”
to under a nanosecond per second pretty much forever and ever. With a bit
of minor work, that will come down by a factor of 10 or more.
It’s not “time of day” but it is a clock you can depend on. If somebody does
get in and start yanking time by seconds, it’s going to tell you what’s
happening.
Yes indeed it’s a belt for your suspenders and your other belt. That seems to be
one of the ways one makes a hardened system.
(This thought occurred as I got up for more coffee and had to step around the
atomic clock that is sitting on the floor …. :) )
Bob
> On Jun 21, 2019, at 10:01 PM, Sanjeev Gupta wrote:
>
> Bob,
>
> The hardware is cheap. The software is free. The skills to deploy are
> widely available. But...
>
> A cable run from your rack in the middle of the datacenter, through to the
> roof, is either impossible or thousands of dollars and weeks of planning.
>
> Data centers can run wires within the building for exorbitant costs, asking
> them to run one to the exterior is, well, impossible.
>
> --
> Sanjeev Gupta
> +65 98551208 http://www.linkedin.com/in/ghane
>
>
> On Sat, Jun 22, 2019 at 6:06 AM Bob kb8tq wrote:
>
>> Hi
>>
>> Given the relatively low cost of a GPS based “Stratum 1” NTP, it’s not
>> real clear
>> why (at the end of the paper) they go off and “exchange emails
>> individually with the
>> organizations that run stratum 1 servers, as well as negotiate permission
>> to use them.”
>> to source the root time for the system. I would have thought that some
>> sort of combo
>> of on site and off site sources would be at the “top of the tree”.
>>
>> Bob
>>
>>> On Jun 21, 2019, at 2:20 PM, Marco Davids via time-nuts <
>> time-nuts@lists.febo.com> wrote:
>>>
>>> Opinions, anyone?
>>>
>>> https://blog.cloudflare.com/secure-time/amp/
>>>
>>> ("Introducing time.cloudflare.com")
>>>
>>> --
>>> Marco
>>>
>>> ___
>>> time-nuts mailing list -- time-nuts@lists.febo.com
>>> To unsubscribe, go to
>> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
>>> and follow the instructions there.
>>
>> ___
>> time-nuts mailing list -- time-nuts@lists.febo.com
>> To unsubscribe, go to
>> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
>> and follow the instructions there.
>>
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
>A cable run from your rack in the middle of the datacenter, through to the
>roof, is either impossible or thousands of dollars and weeks of planning.
I've done this 4 times now for GPS antennas connected to NTP servers.
I agree with the thousands of dollars (2K to 4K for cable runs of
around 50 m) but there wasn't really much planning to do. We simply
engaged a contractor and they did all the rest.
Cheers
Michael
On Sat, Jun 22, 2019 at 1:00 PM Sanjeev Gupta wrote:
>
> Bob,
>
> The hardware is cheap. The software is free. The skills to deploy are
> widely available. But...
>
> A cable run from your rack in the middle of the datacenter, through to the
> roof, is either impossible or thousands of dollars and weeks of planning.
>
> Data centers can run wires within the building for exorbitant costs, asking
> them to run one to the exterior is, well, impossible.
>
> --
> Sanjeev Gupta
> +65 98551208 http://www.linkedin.com/in/ghane
>
>
> On Sat, Jun 22, 2019 at 6:06 AM Bob kb8tq wrote:
>
> > Hi
> >
> > Given the relatively low cost of a GPS based “Stratum 1” NTP, it’s not
> > real clear
> > why (at the end of the paper) they go off and “exchange emails
> > individually with the
> > organizations that run stratum 1 servers, as well as negotiate permission
> > to use them.”
> > to source the root time for the system. I would have thought that some
> > sort of combo
> > of on site and off site sources would be at the “top of the tree”.
> >
> > Bob
> >
> > > On Jun 21, 2019, at 2:20 PM, Marco Davids via time-nuts <
> > time-nuts@lists.febo.com> wrote:
> > >
> > > Opinions, anyone?
> > >
> > > https://blog.cloudflare.com/secure-time/amp/
> > >
> > > ("Introducing time.cloudflare.com")
> > >
> > > --
> > > Marco
> > >
> > > ___
> > > time-nuts mailing list -- time-nuts@lists.febo.com
> > > To unsubscribe, go to
> > http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> > > and follow the instructions there.
> >
> > ___
> > time-nuts mailing list -- time-nuts@lists.febo.com
> > To unsubscribe, go to
> > http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> > and follow the instructions there.
> >
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
Hi
Yup, I’ve run into that with GPS based gear in the past. We’re in the
sub-sub-sub
basement and the roof is 123 stories straight up ….
One traditional answer is the “run to the window” approach. You don’t get GPS
all
the time, but you get it often enough to be useful. If you are indeed four
stories
underground, there still is a bit of cabling involved. Time off of cellular
signals
has also been tried (and failed).
These days getting time via multiple GNSS systems is already dirt cheap. I
think
if I was going to do a high end setup, I would run one of the multi GNSS
devices
and work out a way to get time from all the systems. It does not eliminate a
threat,
but it makes it much harder for the attacker.
Bob
> On Jun 21, 2019, at 10:01 PM, Sanjeev Gupta wrote:
>
> Bob,
>
> The hardware is cheap. The software is free. The skills to deploy are
> widely available. But...
>
> A cable run from your rack in the middle of the datacenter, through to the
> roof, is either impossible or thousands of dollars and weeks of planning.
>
> Data centers can run wires within the building for exorbitant costs, asking
> them to run one to the exterior is, well, impossible.
>
> --
> Sanjeev Gupta
> +65 98551208 http://www.linkedin.com/in/ghane
>
>
> On Sat, Jun 22, 2019 at 6:06 AM Bob kb8tq wrote:
>
>> Hi
>>
>> Given the relatively low cost of a GPS based “Stratum 1” NTP, it’s not
>> real clear
>> why (at the end of the paper) they go off and “exchange emails
>> individually with the
>> organizations that run stratum 1 servers, as well as negotiate permission
>> to use them.”
>> to source the root time for the system. I would have thought that some
>> sort of combo
>> of on site and off site sources would be at the “top of the tree”.
>>
>> Bob
>>
>>> On Jun 21, 2019, at 2:20 PM, Marco Davids via time-nuts <
>> time-nuts@lists.febo.com> wrote:
>>>
>>> Opinions, anyone?
>>>
>>> https://blog.cloudflare.com/secure-time/amp/
>>>
>>> ("Introducing time.cloudflare.com")
>>>
>>> --
>>> Marco
>>>
>>> ___
>>> time-nuts mailing list -- time-nuts@lists.febo.com
>>> To unsubscribe, go to
>> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
>>> and follow the instructions there.
>>
>> ___
>> time-nuts mailing list -- time-nuts@lists.febo.com
>> To unsubscribe, go to
>> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
>> and follow the instructions there.
>>
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
tic-...@bodosom.net said: > Your questions are answered in their blog post. > 1) No smear. Thanks. I found it via google. It's 3 clicks away from the blog post. In case anybody wants to get there. Start here: https://blog.cloudflare.com/secure-time/amp/ Scroll down to "Use it", the next to last paragraph. Follow "developer docs" to: https://developers.cloudflare.com/time-services/ Click "Get started" to: https://developers.cloudflare.com/time-services/ntp/ Click "Cloudflare's Time Service" in the left column to: https://developers.cloudflare.com/time-services/ntp/usage/ The second paragraph starts with: We do not implement leap smearing: > 2) Anycast. What does anycast mean when DNS returns 2 IPv4 addresses? Is the client expected to do anything other than use the first address returned? -- These are my opinions. I hate spam. ___ time-nuts mailing list -- time-nuts@lists.febo.com To unsubscribe, go to http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com and follow the instructions there.
Re: [time-nuts] Cloudflare
Most of the good data centers I’ve used either offer a connection to a stratum
1 server or are more than happy to put a antenna on the roof. Many offer
microwave as a third redundant circuit path, which requires an antenna. All for
a price, of course.
When I worked for an ILEC, many moons ago, we had two and a half floors at 60
Hudson St. Our stratum 1 antenna was literally glued to a window. Next to a
10GHz dish. :)
My hotel in Toronto two weeks ago overlooked a building that was clearly
someone’s data center, based on the 6 generators, massive AC, numerous
microwave links, and yes, GPS bullet antennas, covering the roof.
Bob
> On Jun 21, 2019, at 22:01, Sanjeev Gupta wrote:
>
> Bob,
>
> The hardware is cheap. The software is free. The skills to deploy are
> widely available. But...
>
> A cable run from your rack in the middle of the datacenter, through to the
> roof, is either impossible or thousands of dollars and weeks of planning.
>
> Data centers can run wires within the building for exorbitant costs, asking
> them to run one to the exterior is, well, impossible.
>
> --
> Sanjeev Gupta
> +65 98551208 http://www.linkedin.com/in/ghane
>
>
>> On Sat, Jun 22, 2019 at 6:06 AM Bob kb8tq wrote:
>>
>> Hi
>>
>> Given the relatively low cost of a GPS based “Stratum 1” NTP, it’s not
>> real clear
>> why (at the end of the paper) they go off and “exchange emails
>> individually with the
>> organizations that run stratum 1 servers, as well as negotiate permission
>> to use them.”
>> to source the root time for the system. I would have thought that some
>> sort of combo
>> of on site and off site sources would be at the “top of the tree”.
>>
>> Bob
>>
>>> On Jun 21, 2019, at 2:20 PM, Marco Davids via time-nuts <
>> time-nuts@lists.febo.com> wrote:
>>>
>>> Opinions, anyone?
>>>
>>> https://blog.cloudflare.com/secure-time/amp/
>>>
>>> ("Introducing time.cloudflare.com")
>>>
>>> --
>>> Marco
>>>
>>> ___
>>> time-nuts mailing list -- time-nuts@lists.febo.com
>>> To unsubscribe, go to
>> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
>>> and follow the instructions there.
>>
>> ___
>> time-nuts mailing list -- time-nuts@lists.febo.com
>> To unsubscribe, go to
>> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
>> and follow the instructions there.
>>
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
Bob,
The hardware is cheap. The software is free. The skills to deploy are
widely available. But...
A cable run from your rack in the middle of the datacenter, through to the
roof, is either impossible or thousands of dollars and weeks of planning.
Data centers can run wires within the building for exorbitant costs, asking
them to run one to the exterior is, well, impossible.
--
Sanjeev Gupta
+65 98551208 http://www.linkedin.com/in/ghane
On Sat, Jun 22, 2019 at 6:06 AM Bob kb8tq wrote:
> Hi
>
> Given the relatively low cost of a GPS based “Stratum 1” NTP, it’s not
> real clear
> why (at the end of the paper) they go off and “exchange emails
> individually with the
> organizations that run stratum 1 servers, as well as negotiate permission
> to use them.”
> to source the root time for the system. I would have thought that some
> sort of combo
> of on site and off site sources would be at the “top of the tree”.
>
> Bob
>
> > On Jun 21, 2019, at 2:20 PM, Marco Davids via time-nuts <
> time-nuts@lists.febo.com> wrote:
> >
> > Opinions, anyone?
> >
> > https://blog.cloudflare.com/secure-time/amp/
> >
> > ("Introducing time.cloudflare.com")
> >
> > --
> > Marco
> >
> > ___
> > time-nuts mailing list -- time-nuts@lists.febo.com
> > To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> > and follow the instructions there.
>
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
On Fri, Jun 21, 2019 at 9:12 PM Hal Murray wrote: You should probably setup another web page with just the technical details. What are you going to do about leap seconds? Smear or not? DNS for time.cloudflare.com gives 2 IPv4 addresses and 2 IPv6 addresses. Are they all equivalent in terms of routing? Or would I maybe get (slightly) better time if I picked the right one? Your questions are answered in their blog post. 1) No smear. 2) Anycast. I'm pretty sure the implication is they'll provide consistent secure time to their coverage area not necessarily the best time. Which see "Roughtime". The jitter numbers are quite good from my work to the NYC Equinix colocation facility (13ms rtt). ___ time-nuts mailing list -- time-nuts@lists.febo.com To unsubscribe, go to http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com and follow the instructions there.
Re: [time-nuts] Cloudflare
> Would love to have the feedback :) Looks good. Thanks. You should probably setup another web page with just the technical details. What are you going to do about leap seconds? Smear or not? DNS for time.cloudflare.com gives 2 IPv4 addresses and 2 IPv6 addresses. Are they all equivalent in terms of routing? Or would I maybe get (slightly) better time if I picked the right one? -- These are my opinions. I hate spam. ___ time-nuts mailing list -- time-nuts@lists.febo.com To unsubscribe, go to http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com and follow the instructions there.
Re: [time-nuts] Cloudflare
As an erstwhile "white-hat" hacker/penetration tester I can say with some
confidence that the threat is real, and that NTP (as with other core services
on the net) really does *need* to be secured.
This isn't just scare-mongering.
David
-Original Message-
From: time-nuts [mailto:time-nuts-boun...@lists.febo.com] On Behalf Of Marco
Davids via time-nuts
Sent: 21 June 2019 19:21
To: time-nuts@lists.febo.com
Cc: Marco Davids
Subject: [time-nuts] Cloudflare
Opinions, anyone?
https://blog.cloudflare.com/secure-time/amp/
("Introducing time.cloudflare.com")
--
Marco
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
I don't know anything beyond what Is in the press release, but Cloudflare
generally does good stuff. Their work on the secure protocol is great. Looking
forward to having it supported broadly.
I wouldn't expect the quality of the time from their NTP system to be notably
different from any other stratum 1 provider.
-Pete
On 6/21/19, 1:03 PM, "time-nuts on behalf of Marco Davids via time-nuts"
wrote:
Opinions, anyone?
https://blog.cloudflare.com/secure-time/amp/
("Introducing time.cloudflare.com")
--
Marco
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
Hi
Given the relatively low cost of a GPS based “Stratum 1” NTP, it’s not real
clear
why (at the end of the paper) they go off and “exchange emails individually
with the
organizations that run stratum 1 servers, as well as negotiate permission to
use them.”
to source the root time for the system. I would have thought that some sort of
combo
of on site and off site sources would be at the “top of the tree”.
Bob
> On Jun 21, 2019, at 2:20 PM, Marco Davids via time-nuts
> wrote:
>
> Opinions, anyone?
>
> https://blog.cloudflare.com/secure-time/amp/
>
> ("Introducing time.cloudflare.com")
>
> --
> Marco
>
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
Re: [time-nuts] Cloudflare
On Fri, Jun 21, 2019 at 4:03 PM Marco Davids via time-nuts <
time-nuts@lists.febo.com> wrote:
> Opinions, anyone?
>
> https://blog.cloudflare.com/secure-time/amp/
>
> ("Introducing time.cloudflare.com")
>
Would love to have the feedback :)
>
> --
> Marco
>
> ___
> time-nuts mailing list -- time-nuts@lists.febo.com
> To unsubscribe, go to
> http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
> and follow the instructions there.
>
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
[time-nuts] Cloudflare
Opinions, anyone?
https://blog.cloudflare.com/secure-time/amp/
("Introducing time.cloudflare.com")
--
Marco
signature.asc
Description: OpenPGP digital signature
___
time-nuts mailing list -- time-nuts@lists.febo.com
To unsubscribe, go to
http://lists.febo.com/mailman/listinfo/time-nuts_lists.febo.com
and follow the instructions there.
