Stratum one autonomy and assumptions about GPS

Eric S. Raymond esr at thyrsus.com
Thu Aug 25 10:03:19 UTC 2016


Hal Murray <hmurray at megapathdsl.net>:
> It sounds like you are trying to rationalize running without any network 
> servers.

One of my agenda items for a while has been to develop a protocol for
places that want to firewall out NTP for security reasons - that is, a
set of practices and error estimates based on documented assumptions.

It's no problem for *me* to add check servers to my config, but if
you're - say - an overseas military base in a country where Internet
is dodgy or might be shut down occasionally by the local government,
that's a different matter.

I believe, given NTPsec's mission, that we want to have something
contructive to say about that use case.

> Even if you do collect lots of data, you can't extrapolate very far from a 
> sample of one.

True.  But we can use experiments to get a feel for the scale of the
problem and the magnitude of different parts of the error budget.  Up
to now there has been very little documentation of this sort of thing
and a lot of handwaving. I want to fix that.

> There are many ways to screw up.  Even if you get a lot of data, there will 
> be more things to consider.
> 
> Examples:
> 
> Firmware will have bugs.  OSes will have bugs.  Software will have bugs.
>   I have a unit that occasionally gets off by a second with gpsd.
>   (It's the one that starts sending NMEA just before the top of a second.)

Right.  This sort of thing you hedge against with tell-me-three-times.
(Remember that the user story assumes a big hardware budget.)

> The GPS operators may screw up.
> A trucker with a jammer may park in front of your house.
> Rain/snow may land on your trees.
> Somebody will try to use their wonderful modern unit farther from the window 
> or deeper in an urban canyon.

I don't think I need to care about specific causality much.  The overriding
question is what the statistical distribution of outage lengths is.

(Rain/snow on your trees.  Why is this special? Does it increase multipath
reflections or something?)

> Your 10ms error budget may be fine for some applications but others may want 
> better.

In general they're going to need to go with PTP over a LAN. I'm focused on
Stratum 1 for WAN time service.

> Actually, for short outages, it may be better to ignore network servers and 
> just coast with the current drift setting.  That would be a good experiment.  
> That probably depends on the unit dying cleanly rather than sliding off in 
> some direction before it gives up.

That's one of a large number of experiments I'd like to run.
-- 
		<a href="http://www.catb.org/~esr/">Eric S. Raymond</a>


More information about the devel mailing list