NTS not 'working', likely operator error

ntpsec at anastrophe.com ntpsec at anastrophe.com
Tue Apr 9 06:31:33 UTC 2024 

On 4/8/2024 22:50 PM, Hal Murray via users wrote:
> The Ethernet MTU (max packet size) is 1500.  Round down for a couple of
> headers and you get 1472.  The Internet spec is 512.  (Or something like
> that.)  But (almost) everybody supports 1500.
>
> NTP with NTS packets are a couple hundred bytes -- much biffer than 48, but
> well below 1500, even with 7 extra cookies.
>
> There is a strange case that I don't think anybody has tracked down.  Some
> router (maybe many) drop NTP+NTS packets with 1, 2, or 3 extra cookies but
> work with 4.
>
> I don't have a good story for why netcat work but ntp+nts doesn't.  Did you
> try both directions?  Or from port 123 to port 123?  [My head hurts trying to
> dance around NAT.]
Yes, agreed on the head hurting. As my later message acknowledged, I was 
seeing MTU at work. I was thinking the authenticated packets were larger 
than MTU, and "fun" ensuing from that, but as  you say they're less than 
1500 even w/cookies.

I did glean this from a long tcpdump -

22:46:44.212917 IP 172-089-174-168.res.spectrum.com.ntp > a-ntpsec.ntp: 
NTPv4, Client, length 48
22:46:44.213246 IP a-ntpsec.ntp > 172-089-174-168.res.spectrum.com.ntp: 
NTPv4, Server, length 48
22:46:44.728639 IP a-ntpsec.ntp > oregon.time.system76.com.ntp: NTPv4, 
Client, length 956
22:46:45.728637 IP a-ntpsec.ntp > time.txryan.com.ntp: NTPv4, Client, 
length 924
22:46:47.728639 IP a-ntpsec.ntp > time.cifelli.xyz.ntp: NTPv4, Client, 
length 924
22:47:00.728358 IP a-ntpsec.ntp > ntp1.net.berkeley.edu.ntp: NTPv4, 
Client, length 48
22:47:00.748122 IP ntp1.net.berkeley.edu.ntp > a-ntpsec.ntp: NTPv4, 
Server, length 48

so, a normal exchange of NTP data for an NTP client, then my server sends 
"large" but less-than-MTU authenticated packets to the three NTS 
servers...but gets no reply.

For now, I'm going to sleep on it. Appreciate your indulgence thus far.

-- 
Paul Theodoropoulos
www.anastrophe.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ntpsec.org/pipermail/users/attachments/20240408/781e687f/attachment-0001.htm>

More information about the users mailing list