All,
I did some work on restoring my netflow collectors - and the first thing I noticed was the
NTP server
ns.ardc.net is giving me an error. It seems that it does not allow queries from
our Gateway Public IPs as AMPRGW previously did. This provides a chicken-or-the-egg issue
on some of my configs if any time-based services are needed (i.e. if I only rely on
ns.ardc.net for time). This could be a serious issue if e.g. tunnels were switched to
Wireguard (i.e. needing time for encryption).
A SK (I will not name) frowned upon NTP via IPENCAP for obvious reasons (I hope the DNS
discussions make clear that a UDP NTP packet with latency or delays from 2 rounds trips is
BAD).
I'm looking into the implications for myself and possibly for others by not
considering this before the change was made. I'm now working on routes/rules to make
an exception for this IP; but it will require some testing as this would be on my main
(non-AMPRNet) routing table, which is BAD.
I haven't taken time to determine if this will cause issues for other use cases. I am
still run the Stratum 2 server for those who may realize that they are no longer syncing
only on AMRPNet's NTP services.
IP: 44.60.44.1Hostname: kb3vwg-001.ampr.orgAccess Policy: (123/udp open to 44net
and Public GW IPs)
73,
LynwoodKB3VWG