Hi, Jean, On Thu, 2021-06-10 at 06:54 -0400, Jean St-Laurent via NANOG wrote:
Hi Fernando,
NTP sounds simple but it could be very complex when you dig deep down and/or get lost in details. Here are 2 things to consider:
1. NTP clients can query NTP servers by using SRC UDP ports > 1024.
This is indeed the case we're addressing. The NTP spec mandates srt port=123, even for client-to-server cases.
In your case, it sounds like you want to achieve NTP server to NTP server, but you mention NTP clients behind NAT devices.
Nope. We simply recommend to randomize the source port for client-to- server cases. So in the quoted section we make the case that requiring src port=123 clients doesnt really make sense: 1) if the NAT translates the port, the server won-t see src 123 anyway 2) if the NAT doesn't translate the port, you won't be able to ahve multiple NTP clients behind the same firewall.
Can you give us more details on what kind of communication you need here? From what I understand client to server should work just fine with any NAT devices.
Maybe you meant multiple NTP servers behind the same NAT to external NTP servers
Please let me know if what I wrote above clarifies our intent. Thanks! Regards, -- Fernando Gont Director of Information Security EdgeUno, Inc. PGP Fingerprint: DFBD 63E3 B248 AE79 C598 AF23 EBAE DA03 0644 1531