Re: [chrony-dev] Multihomed (multiple) network interfaces support !

[ Thread Index | Date Index | More chrony.tuxfamily.org/chrony-dev Archives ]

> It makes no difference. These settings are about ARP (L2->L3,translation) and multiple interfaces in the 
> same network.
So strange. I thought that it is for multiple interfaces ...

> That would make more sense for security. However, it's not a simple thing
> to implement as peer associations use the server sockets too, so there
> would need to be some code selecting the right socket.
Maybe it is worth looking at NTP sources for aspects of the topic.
It supports multiple bindings as I know.

> My recommendation is to run multiple instances of chronyd, each bound
> to a different interface.
I will try to use it but as a temporarily solutiononly  if I  am able to launch it.


I believe you will be able to implement correctly the functionality.
And will wait for the version to test it.



вт, 5 сент. 2023 г. в 15:57, Miroslav Lichvar <mlichvar@xxxxxxxxxx>:
On Tue, Sep 05, 2023 at 03:44:35PM +0300, CpServiceSPb wrote:
> Due to Weak ES mode in Linux OSes, please remake a test but change a little
> bit test conditions:
> When aiming for Strong ES Model in Linux, you'll first need these sysctl
> settings:
> net.ipv4.conf.all.arp_filter=1
> net.ipv4.conf.all.arp_ignore=1 # or even 2
> net.ipv4.conf.all.arp_announce=2

It makes no difference. These settings are about ARP (L2->L3
translation) and multiple interfaces in the same network.

> *And I see the only way is to implement not bindaddress but binddevice
> available multiple times for listening and receiving requests to.*

That would make more sense for security. However, it's not a simple thing
to implement as peer associations use the server sockets too, so there
would need to be some code selecting the right socket.

My recommendation is to run multiple instances of chronyd, each bound
to a different interface.

--
Miroslav Lichvar


--
To unsubscribe email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "unsubscribe" in the subject.
For help email chrony-dev-request@xxxxxxxxxxxxxxxxxxxx with "help" in the subject.
Trouble?  Email listmaster@xxxxxxxxxxxxxxxxxxxx.


Mail converted by MHonArc 2.6.19+ http://listengine.tuxfamily.org/