Re: [Last-Call] [Ntp] Secdir last call review of draft-ietf-ntp-mode-6-cmds-08

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Brian,

On 6/15/2020 8:29 AM, Brian Haberman wrote:
> Hi Harlan,
> 
> On 6/13/20 8:26 PM, Harlan Stenn wrote:
> 
>>> SNMP exists and the NTP WG published RFC 5907 to cover the MIB support
>>> needed by NTP. I believe that also counts as a better alternative.
>>
>> Unbelievable.
>>
>> TTBOMK, the only implementation of 5907 is the one in the reference
> 
> Interesting statement... After a cursory search, I found that Cisco
> implemented 5907 in 2012.

That was about 7 years' after my stint at Cisco.

Did they produce a general SNMP monitor for NTP, or did they just
support monitoring the NTP instances in their gear via SNMP?  I suspect
the latter, and I would also bet they used at least our libntpq library
and perhaps some of ntpsnmpd to make it all work.

I was also "loose" in my question above.  It doesn't surprise me that
somebody used 5907 to monitor ntpd running in their gear.  It would
surprise me greatly to learn that somebody wrote an SNMP listener that
talked with NTP instances.

>> implementation, and in the 12 years it has been out there we have had NO
>> reports of it being used.  Furthermore, it was implemented USING MODE 6
>> PACKETS!
> 
> Not sure why you would implement SNMP support via an NTP auxiliary
> protocol, but that is your choice.

Not what I was saying.  I was saying that it would be a huge amount of
trouble to add SNMP directly to an NTP instance and I haven't been able
to come up with any good reason for even trying to do that.

The easiest way to get SNMP support for NTP is to have your SNMP
listener query NTP for the data, and the only intended standard way to
do this is via mode 6.

>> The only known SNMP interface to ntpd, ntpsnmpd has not seen significant
>> updates since 2010.
>>
>> The mode 6 interface to ntpd, ntpq, remains in continuous development
>> and evolution.
>>
>> Please identify any other implementations of 5907.  If you find any, how
>> significant are they?  Are they proprietary 5907 implementations?  What
>> implementations to they work on?
>>
> 
> I would need someone from Cisco to verify, but it seems like their
> implementation is based on 5907.

Again, not what I was saying.  It's fine and expected that 5907 be used
for the SNMP mapping side of things, but without a mode 6 mapping to the
data values and interfaces inside NTP, there's no standard way to
connect SNMP with an NTP instance.

I'm also not saying anybody is required to implement mode 6, or 5907.

I *am* saying that there should be a Standard way to do it, with one or
more reference implementations.

Goes to demonstrably proving that the mechanism is complete and functional.

>> Please show how SNMP is a better way to monitor and control NTP than ntpq.
>>
>> Please show me a working deployment of SNMP controlling NTP, and then
>> please compare the number and quality of these deployments with those
>> that do the same with ntpq.
> 
> I am not going to dignify that demand with a response. The WG consensus
> is the WG consensus.

How did you interpret my request as a demand?

Should I take offense from your "I am not going to dignify..." line?

I could ask several questions about "WG consensus", but I really don't
see the point.

What is the point of a Standard if one cannot use it to implement
interoperable behaviors?

Are you saying the WG does not have a responsibility to promulgate a
complete, functional Standard?

I'm attempting to be very respectful here, Brian.

I see you are making statements as the editor (and author) of the
document.  For decades I have been deeply involved in the design,
implementation, deployment, and use of mode 6, and also the one who has
been fielding questions about and involved in discussion about mode 6.

You and those in the WG know my perspective on this.  I believe some
folks agree with me.  Clearly some do not, and I think it's worth
understanding "why".

The working group has gone thru many changes in the past several years,
and the WG will do what the WG will do.

> Regards,
> Brian
> 
> 
> _______________________________________________
> ntp mailing list
> ntp@xxxxxxxx
> https://www.ietf.org/mailman/listinfo/ntp
> 

-- 
Harlan Stenn <stenn@xxxxxxxxxx>
http://networktimefoundation.org - be a member!

-- 
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call



[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux