From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Fri May 05 2006 - 10:23:09 ART
Arun -
Thanks for the explanation on the source. So, are you saying that the
query to the Master will contain the specified source (loopback0). I
would assume that this is not specified, then the physical interface
would be specified as the source, correct?
Dave Schulz,
Email: dschulz@dpsciences.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Arun Arumuganainar
Sent: Thursday, May 04, 2006 5:47 AM
To: Michy Eika; alexeim@orcsoftware.com; Wang, Ting (Taylor)
Cc: ccielab@groupstudy.com
Subject: Re: NTP authentication is affected by source interface?[2]
Hi Michy ,
" NTP SOURCE " command will only apply for NTP Query and not NTP reply .
Actually when ever an NTP Query is made, source address will be picked
up
from "NTP SOURCE" command . When a query is received by a server or a
Master
, the reply will use the destination address of the query as the source
address . NTP SOURCE will not come in to Picture .
This is behavior for all the TCP and UDP application and not restricted
to
NTP .
Thanks and Regards
Arun
----- Original Message -----
From: "Michy Eika" <cciemaster@shingor.net>
To: <alexeim@orcsoftware.com>; "Wang, Ting (Taylor)"
<wangting@avaya.com>
Cc: <ccielab@groupstudy.com>
Sent: Thursday, May 04, 2006 10:03 AM
Subject: Re: NTP authentication is affected by source interface?[2]
> Thanks all.
>
> With respect to NTP, it's a little bit hard to investigate for me. :-)
>
> I'm appreciating your cooperation so much!
>
> Michy
> ----- Original Message -----
> From: "Alexei Monastyrnyi" <alexeim@orcsoftware.com>
> To: "Wang, Ting (Taylor)" <wangting@avaya.com>
> Cc: "Michy Eika" <cciemaster@shingor.net>; <ccielab@groupstudy.com>
> Sent: Tuesday, May 02, 2006 5:03 PM
> Subject: Re: NTP authentication is affected by source interface?[2]
>
>
> > You can find a descent explanation here regarding NTP auth. Yes,
> > "trusted-key" is needed for client only.
> > http://www.internetworkexpert.com/resources/01700369.htm
> >
> > As for source interface, looks like it is only used by client.
> > This small config along with debug ip packets for NTP shows that
server
> > is replaying with its FR interface IP regardless of having "ntp
source
> > lo0". NTP client does make use of "source lo0".
> >
> > NTP master
> >
> > r1#sh run in lo 0
> > Building configuration...
> >
> > Current configuration : 63 bytes
> > !
> > interface Loopback0
> > ip address 15.15.1.1 255.255.255.0
> > end
> >
> > r1#sh run in ser 0.1
> > Building configuration...
> >
> > Current configuration : 127 bytes
> > !
> > interface Serial0.1 point-to-point
> > ip address 15.15.12.1 255.255.255.0
> > frame-relay interface-dlci 102
> > end
> >
> > r1#sh run | in ntp
> > ntp authentication-key 1 md5 13061E010803 7
> > ntp source Loopback0
> > ntp master 3
> >
> >
> >
> > NTP client
> >
> > r2#sh run in lo 0
> > Building configuration...
> >
> > Current configuration : 63 bytes
> > !
> > interface Loopback0
> > ip address 15.15.2.2 255.255.255.0
> > end
> >
> > r2#sh run in ser 0.1
> > Building configuration...
> >
> > Current configuration : 146 bytes
> > !
> > interface Serial0.1 point-to-point
> > ip address 15.15.12.2 255.255.255.0
> > frame-relay interface-dlci 201
> > end
> >
> > r2#sh run | in ntp
> > ntp authentication-key 1 md5 030752180500 7
> > ntp authenticate
> > ntp trusted-key 1
> > ntp source Loopback0
> > ntp server 15.15.12.1 key 1
> >
> > on 29/04/2006 12:22 Wang, Ting (Taylor) wrote:
> >> Hi Group,
> >> Anyone have the idea on the NTP questions in my last mail?
> >> Does "ntp source lo0" and "ntp trusted-key 1234" only make sense
for
> >> client?
> >> Taylor
> >> -----Original Message-----
> >> From: Wang, Ting (Taylor)
> >> Sent: Friday, April 28, 2006 11:02 AM
> >> To: 'Michy Eika'; 'ccielab@groupstudy.com'
> >> Subject: RE: NTP authentication is affected by source interface?[2]
> >>
> >> Hi ,
> >> I think the "ntp source lo0" is only useful for client, for the
purpose
> >> of robust and ntp ACL. The "ntp server 1.1.1.1 " indicate the
> >> destination IP address for NTP request is lo0 of NTP server.
> >> BTW, I think the command of "ntp trusted-key 1234" is only needed
in
> >> client. It is redundent for NTP server, since client authenticate
the
> >> server only, not the vice verse. Could anyone confirm if I'm right?
> >> Taylor
> >> -----Original Message-----
> >> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf Of
> >> Michy Eika
> >> Sent: Sunday, April 23, 2006 9:06 AM
> >> To: ccielab@groupstudy.com
> >> Subject: NTP authentication is affected by source interface?[2]
> >>
> >> Hi folks!
> >>
> >> Hello again. And I wanna supplement my question with network
topology.
> >> I'm planning to use NTP. But if I want to configure routers to make
it
> >> more robust and secure, I think I should implement authentication
and
> >> redundant path to connect NTP server(ntp master router). In this
case,
> >> do I need to make loopback interface as source interface on both
> >> routers(client and server router)?
> >> I'm concerned about one of redundant link failure's impact. I
wonder
> >> what happens if redundant link failure occurs on NTP server or
client.
I
> >> wonder the authentication is affected...(and etc...) . I think ntp
ACL
> >> will be affected by this circumstance.
> >>
> >> |--lo0[R1]s0/0-----[R2]------s0/1[R3]lo0--|
> >> |e0/0 e0/1|
> >> |-----------[R4]-----------|
> >> R1 lo:1.1.1.1
> >> R3 lo:3.3.3.3
> >> * R1 can reach R3 and vice versa.
> >>
> >> [R1]
> >> ntp master 3
> >>
> >> ntp source Loopback0
> >>
> >> ntp authenticate
> >>
> >> ntp authentication-key 1234 md5 cisco
> >>
> >> ntp trusted-key 1234
> >>
> >>
> >> [R3]
> >> ntp server 1.1.1.1 key 1234
> >>
> >> ntp source Loopback0
> >>
> >> ntp authenticate
> >>
> >> ntp authentication-key 1234 md5 cisco
> >>
> >> ntp trusted-key 1234
> >>
> >>
This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:20 ART