LL> Date: Wed, 12 Apr 2006 01:10:09 +0200 LL> From: Lars-Johan Liman LL> [I just happened to see this, browsing at high speed, so please LL> forgive me, if I'm out of context.] I was primarily referring to taking the load away from DIX. :-) However, as long as you raise a few points... LL> If you create a disparate anycast system of NTP server, you run into a LL> security issue, since many security protocols have "accurate time" as LL> an important parameter, and a rouge anycast NTP server could create LL> substantial amounts of harm from security and other standpoints by LL> giving out incorrect time. A rogue server can cause trouble regardless of whether it's anycasted [by design]. The "blast radius" might be smaller (which can complicate troubleshooting but helps contain damage). Of course, more systems means more chance for failure. Furthermore, "unicast by design" does nothing to prevent a rogue route from changing that. Panix was just a recent victim of this. LL> Nope, you want your NTP to come from an appropriate source ... LL> preferrably with signatures. Time to query multiple NTP sources, utilize GPS, and limit time adjustment deltas. I'll concede that multi-provider anycast presents an obvious problem for sharing the key with "only the good guys". However, I think all the little D-Link critters can live with unsigned stratum-9 answers by default. Eddy -- Everquick Internet - http://www.everquick.net/ A division of Brotsman & Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita ________________________________________________________________________ DO NOT send mail to the following addresses: davidc@brics.com -*- jfconmaapaq@intc.net -*- sam@everquick.net Sending mail to spambait addresses is a great way to get blocked. Ditto for broken OOO autoresponders and foolish AV software backscatter.