Pool with NTS

Hal Murray halmurray at sonic.net
Mon Mar 23 05:33:49 UTC 2026 

James said:
> == Handle NTS pool correctly
> pool 0.ke.experimental.ntspooltest.org iburst nts
> Currently, that only spins up a single server. It should instead spin up
> two per round, until enough peers are available. 

The current pool+NTS code is broken.  I have a fix in the works.  I'll put 
cleanup and pushing it higher on my list.

Here is a dump of that whole area.

----

The current non-NTS pool code makes a bunch of servers and then prunes the 
extras.  But there is no parameter for how many extras it makes, if any.  
If any of the new servers work for a while, then die, they get pruned.  If 
the number of useful servers falls below xx, then some new ones are made.  
Then extras get pruned, ...

At each new-servers step, the code fires up the DNS thread.  When the 
answer comes back, the code scans the list of IP addresses.  If an address 
is already in use, skip it.  If not, make a new server.

[Someplace, there is code that counts servers that also counts the pool 
slots.  They should be skipped.  I think we should fix this even though it 
is a user-visible change.]

We should probably do something like make a few new servers every day then 
prune a couple to see if we can find one that is better than the worst of 
the ones we are currently using.

-----

The NTS case is more complicated.  First, the DNS/NTS thread only gets one 
set of keys/cookies so the mainline code can only add one server per try.  
Second, there are 2 DNS lookups involved.  (although the second is often 
skipped)  The first is to find the NTS-KE server.  The second is to find 
the NTP+NTS server.  (That defaults to the same IP address as the NTS-KE 
server.)

The same idea of skip any IP address that is in use turns out to mostly do 
the right thing.  If the NTS-KE and NTP+NTS servers are co-located it will 
avoid any NTS-KE if the IP address is already in use.  So pool cloudflare 
nts will get 4 servers.  If you want more, it will do the DNS lookup, see 
they are all in use, then not do any expensive NTS-KE steps.

If the servers are not co-located, it will work as long as there are 
enough NTP+NTS servers.  If there aren't enough, it will do the expensive 
NTS-KE step but then won't be able to find a not-in-use IP address.

-----

There is another worm tangled in this can.  The config file processing 
doesn't allow duplicate host names.

You can get 2 by using -4 and -6.  You can get another factor of 2 by 
using name and name:123 or name and name:4460 for NTS.

That lets you get all 4 cloudflare servers. :)

------

There is IETF work in this area.  They are going to have the pool NTS-KE 
server relay the KE request to the individual servers.


-- 
These are my opinions.  I hate spam.

More information about the devel mailing list