Re: [chrony-dev] Experimental NTS support

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ] 

Hi Miroslav, (comments inline)

> On Jul 1, 2019, at 5:53 AM, Miroslav Lichvar <mlichvar@xxxxxxxxxx> wrote:
> 
> On Sun, Jun 30, 2019 at 10:41:04PM -0500, Lonnie Abelbeck wrote:
>> While reading about NTS, possibly my thinking is misguided, but NTS seems overly complicated.
>> 
>> I'm a big fan of Jason Donenfeld's Wireguard [1], and wondered how wrapping NTP with WireGuard would effect delay/accuracy.
> 
> I like Wireguard and use it, but I'm not sure if it's really
> comparable to what NTS is trying to do. The main point of NTS is that
> the server is stateless, so it can provide a (public) service to
> millions clients at the same time. How would you do that with
> Wireguard?

Not sure, WireGuard's "Cryptokey Routing" is not needed here, nor are unique client keypairs.

Simply brainstorming to test keeping with UDP and using Curve25519 for authentication.  Possibly some of WireGuard's work could be used.


>> Simultaneously I established both an unencrypted NTP path and an NTP path within a WireGuard tunnel, all else being equal.
> 
>> MS Name/IP address         Stratum Poll Reach LastRx Last sample               
>> ===============================================================================
>> ^+ 10.4.0.88                     2  10   377    82  -1279us[-1279us] +/-   31ms
>> ^* <vultr public ip>             2  10   377   602  -1950us[-1935us] +/-   30ms
> 
> A sourcestats output at a shorter polling interval might give more
> interesting data.

OK, first while running overnight:

== Test Duration: 1020 minutes (17 hours)

# chronyc sources
210 Number of sources = 2
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 10.4.0.88                     2  10   377   569  -1017us[-1157us] +/-   25ms
^+ <vultr public ip>             2  10   377    27   -910us[ -910us] +/-   25ms

# chronyc sourcestats
210 Number of sources = 2
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
10.4.0.88                   6   3   86m     -0.063      0.350    -55us   129us
<vultr public ip>           8   5  120m     +0.060      0.475   -155us   540us

Interesting, the WireGuard path is now the chosen one.

Now restart chronyd and wait a few minutes:

== Test Duration: 10 minutes

# chronyc sources
210 Number of sources = 2
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ 10.4.0.88                     2   6   377     9   +370us[ +370us] +/-   26ms
^* <vultr public ip>             2   6   377     9   -439us[ -590us] +/-   26ms

# chronyc sourcestats
210 Number of sources = 2
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
10.4.0.88                  13   9   589     +0.318      1.169   +182us   209us
<vultr public ip>           8   5   453     +0.055      4.189    -21us   242us

== Test Duration: 20 minutes

# chronyc sources
210 Number of sources = 2
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ 10.4.0.88                     2   7   377   112   -700us[ -699us] +/-   26ms
^* <vultr public ip>             2   6   377    48   +543us[ +541us] +/-   26ms

# chronyc sourcestats
210 Number of sources = 2
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
10.4.0.88                  20  11  1107     -0.033      0.771    +14us   291us
<vultr public ip>          17  10  1035     +0.028      1.249    -14us   361us

== Test Duration: 30 minutes

# chronyc sources
210 Number of sources = 2
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ 10.4.0.88                     2   8   377    45   -167us[ -167us] +/-   25ms
^* <vultr public ip>             2   7   377   109    -56us[  -38us] +/-   25ms

# chronyc sourcestats
210 Number of sources = 2
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
10.4.0.88                  23  11   29m     +0.048      0.164   +257us    94us
<vultr public ip>          22  14   25m     +0.113      0.807   -187us   374us

== Test Duration: 60 minutes

# chronyc sources
210 Number of sources = 2
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ 10.4.0.88                     2   9   377    30  -2324ns[-2324ns] +/-   26ms
^* <vultr public ip>             2   9   377   361   -384us[ -421us] +/-   25ms

# chronyc sourcestats
210 Number of sources = 2
Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
==============================================================================
10.4.0.88                  28  15   59m     +0.018      0.076   +365us    98us
<vultr public ip>          28  15   51m     -0.032      0.386   -309us   432us


Interesting how the "Std Dev" trends lower over WireGuard.

Lonnie


--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/