Re: Recent NTP pool traffic increase
Quoting David: On 2016-12-19 1:55 PM, Jan Tore Morken wrote: On Mon, Dec 19, 2016 at 01:32:50PM -0700, David wrote: I found devices doing lookups for all of these at the same time {0,0.uk,0.us,asia,europe,north-america,south-america,oceania,africa}.pool.ntp.org and then it proceeds to use everything returned, which explains why everyone is seeing an increase. Thanks, David. That perfectly matches the list of servers used by older versions of the ios-ntp library[1][2], which would point toward some iPhone app being the source of the traffic. [1] https://github.com/jbenet/ios-ntp/blob/d5eade6a99041094f12f0c976dd4aaeed37e0564/ios-ntp-rez/ntp.hosts [2] https://github.com/jbenet/ios-ntp/blob/5cc3b6e437a6422dcee9dec9da5183e283eff9f2/ios-ntp-lib/NetworkClock.m#L122 That would make sense - I see a lot of iCloud related lookups from these hosts as well. Also, app.snapchat.com generally seems to follow just after the NTP pool DNS lookups. I don't have an iPhone to test that though. Confirmed - starting up the iOS Snapchat app does a lookup to the domains you listed, and then sends NTP to every unique IP. Around 35-60 different IPs. Anyone have a contact at Snapchat?
Re: Recent NTP pool traffic increase
Quoting David: I found devices doing lookups for all of these at the same time {0,0.uk,0.us,asia,europe,north-america,south-america,oceania,africa,europe}.pool.ntp.org and then it proceeds to use everything returned, which explains why everyone is seeing an increase. I'm very interested to find out what devices these are. This would explain why places like New Zealand are getting massive amounts of NTP traffic from North America.
Re: Recent NTP pool traffic increase
Quoting Roland Dobbins: Do you have flow telemetry, which provides a lot more information than basic pps/bps stats? Sources are pretty widely spread out among cell networks/home internet, seem to be mostly US based. I'm not seeing a large amount of traffic per single IP or single subnet. This seems more like "someone pushed out bad firmware" rather than something malicious. Are you seeing normal timesync queries, or lots of level-6/level-7 admin command attempts? SNTP Client timesync queries make up 91.3% of the traffic to my server. The following NTP settings being most the popular (47% of all traffic to my server): stratum=0, poll=4, precision=-6, root delay=1, root dispersion=1, reference timestamp=0, originator timestamp=0, receive timestamp=0
Re: Recent NTP pool traffic increase
Quoting Jose Gerardo Perales Soto: We've recently experienced a traffic increase on the NTP queries to NTP pool project (pool.ntp.org) servers. One theory is that some service provider NTP infraestructure failed approximately 2 days ago and traffic is now being redirected to servers belonging to the NTP pool project. Does anyone from the service provider community have any comments? To add some more numbers to this, I'm seeing 4x the usual NTP traffic to my server in pool.ntp.org, starting Dec 13. Top source ASNs by % of NTP traffic seen by my server (I don't have pre-Dec 13 traffic by ASN handy) sprint 4.0% verizon-wireless 3.4% tmobile 2.9% att-wireless 2.8% comcast 2.1% orange 1.8% sky 1.6% twc 1.0% att 1.0% swisscom 0.9% saudinet 0.8% virgin 0.6% opaltelecom 0.5% qwest 0.5% eli 0.2% verizon 0.2% Possibly related is the new iOS release. Does the new iOS generate more NTP traffic? Can anyone measure that?
Re: ATT U-Verse Data Setup Convention
I have ATT u-verse small business connection at my office with a static IP setup, and my experience matches with the ATT tech said. We have a separate router behind the ATT router. The ATT router is an Arris (former Motorola) NVG595. Our router has a static IP out of our subnet and does NAT for the office network. As far as I can tell, the u-verse supplied router cannot be replaced with something less sucky. The problem is getting the 802.1x certificate needed to authenticate on the wan port. I dislike ATT's hardware as it has more limitations than just this, but some of those limitations can be worked around with an additional router downstream of it. Quoting Keith Stokes kei...@neilltech.com: I’m wondering if some can share their experiences or maybe there’s an ATT person here who can confirm policy. I work for SaaS provider who requires a source IP to access our system to businesses. Normally we tell the customer to request a “Static IP” from their provider. That term makes sense to most ISPs. However, we’ve recently worked with an ATT higher-up tech who told us that every U-Verse modem is locked to an address even when set to DHCP and will not change unless the unit is changed. Ordering a “Static IP” from them means your devices will individually get public addresses, which isn’t a requirement for us, isn’t quite as easy to add multiple devices and costs our customers more money. Here are my questions: 1. Is it really accurate that the customer’s address is tied to the modem/router? 2. For my curiosity, is this done through a DHCP reservation or is there a hard coded entry somewhere? 3. Do all U-Verse modem/routers behave the same way? This particular unit was a Motorola but the friends I’ve seen with U-Verse use a Cisco unit. --- Keith Stokes
Re: Recommendation on NTP appliances/devices
Quoting Julien Goodwin na...@studio442.com.au: Show my anything short of a classic SONET transmission system (or perhaps sync-E) where you actually have something with jitter that low [tens of microseconds]. Since you asked, here you go: http://i.imgur.com/DvMJd5y.png Two EndRun Unison GPS NTP servers, one in New York metro and one in London metro. They're connected via 10G over dark fiber (along with a bunch of networking gear doing more than just measuring time). Measurements taken from ntp running on the New York server, the blue line is the offset between the two clocks (in ms, left labels) and the pink line is the rtt (in ms, right labels). 90th percentile of the offsets is 34 microseconds, and 10th percentile is 5 microseconds. You can see a spike in one-way latency near sample 590. Most likely culprit is of one of the firewalls being busy (there's two in this path).
Re: Verizon IPv6 LTE
Quoting Randy Carpenter rcar...@network1.net: Safari is definitely preferring IPv4. In a happier note, if you tether a device via hotspot on an IOS6 iPad, the clients get native IPv6. Strangely, they get addresses out of the same /64 as the iPad's LTE interface. Anyone know how that is working? I would have thought they would use prefix-delegation, and there would be a separate routed /64. I assume they're doing the same thing I am. The cell network interface is just a p2p interface, and the whole /64 is routed to the phone/tablet. You can configure the p2p interface address as a /128 and configure the /64 on the wifi interface. My understanding of the 3gpp specs is that the cell provider won't have an address in that /64, so you won't conflict with anything upstream of the phone/tablet. Here's a screenshot of my (wifi-only) tablet getting v6 while tethered through my phone: http://dan.drown.org/android/clat/IMG_20120425_105124.jpg