Re: [chrony-dev] Experimental NTS support

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]

To: chrony-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [chrony-dev] Experimental NTS support
From: Miroslav Lichvar <mlichvar@xxxxxxxxxx>
Date: Tue, 2 Jul 2019 10:00:07 +0200

On Mon, Jul 01, 2019 at 09:31:50AM -0500, Lonnie Abelbeck wrote:
> > millions clients at the same time. How would you do that with
> > Wireguard?
> 
> Not sure, WireGuard's "Cryptokey Routing" is not needed here, nor are unique client keypairs.
> 
> Simply brainstorming to test keeping with UDP and using Curve25519 for authentication.  Possibly some of WireGuard's work could be used.

I'm not sure how would that work. If you have an idea, please post it
to the NTP WG mailing list. I think people would be very interested in
something simpler than NTS that doesn't use (D)TLS and has similar
properties.

> Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
> ==============================================================================
> 10.4.0.88                   6   3   86m     -0.063      0.350    -55us   129us
> <vultr public ip>           8   5  120m     +0.060      0.475   -155us   540us

> Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
> ==============================================================================
> 10.4.0.88                  13   9   589     +0.318      1.169   +182us   209us
> <vultr public ip>           8   5   453     +0.055      4.189    -21us   242us

> Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
> ==============================================================================
> 10.4.0.88                  20  11  1107     -0.033      0.771    +14us   291us
> <vultr public ip>          17  10  1035     +0.028      1.249    -14us   361us

> Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
> ==============================================================================
> 10.4.0.88                  23  11   29m     +0.048      0.164   +257us    94us
> <vultr public ip>          22  14   25m     +0.113      0.807   -187us   374us

> Name/IP Address            NP  NR  Span  Frequency  Freq Skew  Offset  Std Dev
> ==============================================================================
> 10.4.0.88                  28  15   59m     +0.018      0.076   +365us    98us
> <vultr public ip>          28  15   51m     -0.032      0.386   -309us   432us

So there seems to be a significant offset between the two sources,
most likely caused by the delays due the WireGuard encryption and
decryption. Is there a significant difference in CPU speed of the
server and client?

I think at least in theory it is possible to implement SW/HW
timestamping over WireGuard interfaces, which would remove that
difference.

> Interesting how the "Std Dev" trends lower over WireGuard.

That is interesting.

-- 
Miroslav Lichvar

-- 
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.

Follow-Ups:
- Re: [chrony-dev] Experimental NTS support
  - From: Lonnie Abelbeck

References:
- Re: [chrony-dev] Experimental NTS support
  - From: Lonnie Abelbeck
- Re: [chrony-dev] Experimental NTS support
  - From: Miroslav Lichvar
- Re: [chrony-dev] Experimental NTS support
  - From: Lonnie Abelbeck

Messages sorted by: [ date | thread ]
Prev by Date: Re: [chrony-dev] Experimental NTS support
Next by Date: [chrony-dev] Print only errors to stderr
Previous by thread: Re: [chrony-dev] Experimental NTS support
Next by thread: Re: [chrony-dev] Experimental NTS support

Mail converted by MHonArc 2.6.19+

http://listengine.tuxfamily.org/