Another problem with this just being replaced with a package that is not feature-compatible:
Requiring a switch to unicast also necessitates firewall changes across the entire network, if multicast or broadcast was previously in use. Firewalls between the clients and the NTP servers will either require a stateless ACL entry added for UDP/123 bi-directionally, which is undesirable, or perform inspection on udp/123 packets toward the server so they can maintain state entries for those UDP sessions every time a client polls the server. The configuration change is simple, but it's not nothing. Sites with limited available WAN bandwidth (think analog modems, low- speed wireless links, fractional PRI, BRI, satellite with analog modem uplink, etc) can also experience a negative impact from the extra traffic, including more packet loss, higher delay, more clock spread among the systems behind that link, and impact to other traffic that needs to use that link. A single multicast or directed broadcast over those links achieves reasonable clock synchronization with minimal impact and can be QoSed high enough to be unlikely to drop when congested. With bi-directional unicast traffic, keeping that high DSCP means NTP would now have a much larger impact on all other traffic. Reducing it would lead to more queued or dropped NTP packets, unpredictably, for each client. None of these issues are major and all have workarounds or solutions available, either with ntpsec or by switching to a different package. But they are cases impacted by this swap to add to the list of reasons ntp silently being swapped for ntpsec is non-ideal while being aliased as ntp. I'm all for ntpsec being the new default (or chrony or timesyncd), but ntpsec is not ntp and it is a breaking change to treat it like it is. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/2039252 Title: [needs-packaging] The packages ntp and ntpsec are not equivalent Status in NTP: Confirmed Status in ntp package in Ubuntu: Confirmed Status in ntp package in Juju Charms Collection: Confirmed Status in ntp package in Debian: Confirmed Bug description: I recently did an install of Ubuntu 23.04 and then configured ntp as I have been doing so for more than 8 years. With previous versions of Debian and Ubuntu using the real ntp package, the details at https://wiki.ubuntu.com/JonathanFerguson/NTP?action=recall&rev=38 created the desired results. I updated the details at https://wiki.ubuntu.com/JonathanFerguson/NTP with the new location of ntp.conf, after restarting I noticed that the resultant output was missing requisite details. Compare the following and the lack of ".MCST." and ".ACST.": Original ntp on Apollo-Lake-N3150 jonathan@Apollo-Lake-N3450:~$ lsb_release -rd Description: Ubuntu 22.04.3 LTS Release: 22.04 jonathan@Apollo-Lake-N3450:~$ ntpq -p remote refid st t when poll reach delay offset jitter ============================================================================== 0.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000 1.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000 2.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000 3.ubuntu.pool.n .POOL. 16 p - 64 0 0.000 +0.000 0.000 ntp.ubuntu.com .POOL. 16 p - 64 0 0.000 +0.000 0.000 ntp.mcast.net .MCST. 16 M - 64 0 0.000 +0.000 0.000 ff0e::101 .MCST. 16 M - 64 0 0.000 +0.000 0.000 ntp.mcast.net .ACST. 16 a - 64 0 0.000 +0.000 0.000 ff0e::101 .ACST. 16 a - 64 0 0.000 +0.000 0.000 *time.cloudflare 10.242.8.77 3 u 469 1024 367 234.691 -0.929 67.380 +2001-44b8-2100- 42.3.115.79 2 u 581 1024 377 487.209 +55.669 57.154 +2001-44b8-2100- 4.179.66.17 3 u 215 1024 377 489.637 +57.002 35.399 jonathan@Apollo-Lake-N3450:~$ NTPsec on Braswell-N3150 jonathan@Braswell-N3150:~$ lsb_release -rd No LSB modules are available. Description: Ubuntu 23.04 Release: 23.04 jonathan@Braswell-N3150:~$ ntpq -p remote refid st t when poll reach delay offset jitter ======================================================================================================= 0.ubuntu.pool.ntp.org .POOL. 16 p - 256 0 0.0000 0.0000 0.0002 1.ubuntu.pool.ntp.org .POOL. 16 p - 256 0 0.0000 0.0000 0.0002 2.ubuntu.pool.ntp.org .POOL. 16 p - 256 0 0.0000 0.0000 0.0002 3.ubuntu.pool.ntp.org .POOL. 16 p - 64 0 0.0000 0.0000 0.0002 +prod-ntp-5.ntp1.ps5.canonical.com 37.15.221.189 2 u 141 1024 367 383.4932 -19.6895 35.0534 *time.tfmcloud.au 203.35.83.242 2 u 325 1024 367 325.9317 -0.1496 43.0522 +any.time.nl 133.243.238.243 2 u 158 1024 373 300.7941 -20.8962 136.1422 +ntp2.its.waikato.ac.nz .GPS. 1 u 363 1024 377 356.5361 -18.2740 140.5984 +2001-44b8-2100-3f00-0000-0000-007b-0004 42.3.115.79 2 u 214 1024 367 490.3898 28.3416 2.7728 +tic.ntp.telstra.net 203.35.83.242 2 u 13 1024 367 566.0744 -14.1332 6.0377 +863xqmprtfqv69pv7nwc.ip6.superloop.au 192.168.1.1 2 u 79 1024 367 330.2658 -14.3483 16.2172 +gps-ads.10mrlp.juneks.com.au .PPS. 1 u 271 1024 367 443.4812 -71.8020 44.6332 +x.ns.gin.ntt.net 129.250.35.222 2 u 57 1024 367 22.4974 41.3055 6.0639 jonathan@Braswell-N3150:~$ This behaviour will affect the following: Ubuntu 22.10, 23.04 and 23.10 Debian 12, 13 and 14 NTPsec have documented their reasoning for lacking support. https://docs.ntpsec.org/latest/discover.html https://docs.ntpsec.org/latest/ntpsec.html https://docs.ntpsec.org/latest/assoc.html#broad https://docs.ntpsec.org/latest/assoc.html#many The issue remains that ntp and ntpsec are not capability equivalent. I foresee two means of rectifying this predicament, if NTPsec is going to be the default implementation of NTP then ntpsec needs to implement all of the capabilities of ntp, or the easier alternative is that the real ntp https://www.ntp.org/downloads/ is packaged as ntp-classic for instances where its capabilities are required. ProblemType: Bug DistroRelease: Ubuntu 23.04 Package: ntp 1:4.2.8p15+dfsg-2~1.2.2+dfsg1-1 ProcVersionSignature: Ubuntu 6.2.0-34.34-generic 6.2.16 Uname: Linux 6.2.0-34-generic x86_64 ApportVersion: 2.26.1-0ubuntu2 Architecture: amd64 CasperMD5CheckResult: pass Date: Fri Oct 13 18:13:27 2023 InstallationDate: Installed on 2023-09-15 (27 days ago) InstallationMedia: Ubuntu-Unity 23.04 "Lunar Lobster" - Release amd64 (20230419) PackageArchitecture: all SourcePackage: ntpsec UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.ntpsec.ntp.conf: [modified] mtime.conffile..etc.ntpsec.ntp.conf: 2023-10-12T21:59:03.557719 To manage notifications about this bug go to: https://bugs.launchpad.net/ntp/+bug/2039252/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
