Chuck Swiger wrote: > On Aug 6, 2007, at 9:34 AM, Rob Janssen wrote: >> I still question the position that they are abusers and should be >> stopped. > > OK. I don't think there is any question about the matter, but there's > nothing wrong with re-evaluating the situation with an open mind. > >> I think they are just a large-scale customer. Apparently they put >> europe.pool.ntp.org as the time source in their ADSL routers. > > a) TurkTelecom sends traffic to people listed in the world-wide pool, > not just in Europe. Well, I cannot look into their router config, but what I can assure is that I get the requests from them, and I am NOT in the global pool. > > b) That is a violation of the NTP pool policy: > > http://www.pool.ntp.org/vendors.html I don't think they qualify as a vendor. They are an ISP, not an appliance, OS or software vendor (what is the stated audience in the vendor FAQ).
> > "You must get approval from the server operator before you hardcode > any IP addresses or hostnames. This is easy to get if your own > organization runs the NTP servers you are planning to use. In most > other cases you will not get it. They don't hardcode addresses. > Do not use the standard pool.ntp.org names as a default configuration > in your system. The NTP Pool can offer services for you, but it must > be setup in advance (see below)." This is about the only thing you could accuse them of doing. But probably not (only) with pool.ntp.org. > > Continuous steady traffic at a reasonable polling rate isn't a > problem; high spikes from a single subnet block are. Please note that they are NOT the cause of the spikes. Our DNS system is. We send the same reply to one hour of requests from their routers, and this causes all their traffic to be sent to a small subset of our clients. That is our own fault, not theirs! We should operate a more advanced DNS server that rotates the replies on a per-request basis, not once per hour. Then there will be no spiking as seen now. Of course the level that results (and the bulge around 18-22 hours local time in Turkey) may still be above what we can handle, but that is because we have too few servers, not because they use our service. > >> I think all this complaining about their abuse is unwarranted. > > Even though putting the pool.ntp.org address into their routers is a > violation of the "vendor policy" referenced above? If it is not clear that they even are in the audience for the vendor policy document, I am not so sure. > > Turk Telecom is welcome to use the pool, according to the generally > published access policy, but they aren't welcome to hard-code pool > addresses into every router they ship to their users-- they need to > use a vendor address specifically for them if they wish to do that. They don't hard-code addresses. And probably even the DNS name they use is not hardcoded, and could be changed to something else. But do you think google.com would mind if you hardcoded their page as a homepage in a browser? I think not, because they can handle the traffic. We should talk to google and see if they want add their servers to the pool. That would thin-out the Türk Telecom traffic to an undetectable level. > > A large ISP should be providing default NTP servers for their user > base, rather than sending all of that traffic elsewhere. > I agree. But then, it could also be said that we should keep replies to within the ISP of the requester, so traffic remains local and ISPs without local NTP services don't get any NTP service. There are lots of things we can optimize, and it is being worked on by Guillaume Filion. I think a more reasonable DNS system will alleviate many of the problems we see now, and can be used as a basis for optimization of the situation. But just taking to top users of the systems to be abusers will not really get us anywhere. Especially with a protocol like NTP where so little consideration was made on handling abuse. Rob _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
