[168669] in North American Network Operators' Group
Re: TWC (AS11351) blocking all NTP?
daemon@ATHENA.MIT.EDU (Dobbins, Roland)
Mon Feb 3 01:16:43 2014
From: "Dobbins, Roland" <rdobbins@arbor.net>
To: "nanog@nanog.org list" <nanog@nanog.org>
Date: Mon, 3 Feb 2014 06:16:23 +0000
In-Reply-To: <7BB2C9DD-EA22-45EB-A2ED-D4CE6A73FD12@arbor.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 3, 2014, at 1:02 PM, Dobbins, Roland <rdobbins@arbor.net> wrote:
> b) enforce their AUPs (most broadband operators prohibit operating server=
s) by blocking *inbound* UDP/123 traffic towards their customers at the cus=
tomer aggregation edge
Actually, this can cause problems for ntpds operating in symmetric mode, wh=
ere both the source and destination ports are UDP/123. Allowing inbound UD=
P/123 - UDP/123 and then rate-limiting it would be one approach; another wo=
uld be to block outbound UDP/123 emanating from customers based upon packet=
size, if one's hardware allows matching on size in ACLs.
-----------------------------------------------------------------------
Roland Dobbins <rdobbins@arbor.net> // <http://www.arbornetworks.com>
Luck is the residue of opportunity and design.
-- John Milton
