All,


I did some work on restoring my netflow collectors - and the first thing I noticed was the NTP server ns.ardc.net is giving me an error. It seems that it does not allow queries from our Gateway Public IPs as AMPRGW previously did. This provides a chicken-or-the-egg issue on some of my configs if any time-based services are needed (i.e. if I only rely on ns.ardc.net for time). This could be a serious issue if e.g. tunnels were switched to Wireguard (i.e. needing time for encryption).

A SK (I will not name) frowned upon NTP via IPENCAP for obvious reasons (I hope the DNS discussions make clear that a UDP NTP packet with latency or delays from 2 rounds trips is BAD).

I'm looking into the implications for myself and possibly for others by not considering this before the change was made. I'm now working on routes/rules to make an exception for this IP; but it will require some testing as this would be on my main (non-AMPRNet) routing table, which is BAD.

I haven't taken time to determine if this will cause issues for other use cases. I am still run the Stratum 2 server for those who may realize that they are no longer syncing only on AMRPNet's NTP services.

IP:    44.60.44.1
Hostname:    kb3vwg-001.ampr.org
Access Policy:    (123/udp open to 44net and Public GW IPs)




73,


Lynwood
KB3VWG