Coping With Overload on the Network Time Protocol Public Servers

David Mills, Judah Levine, Richard Schmidt, David Plonka

Abstract: The public time servers operated by USNO and NIST provide time synchronization, directly or indirectly, to millions of Internet computers today. The load in the form of processor cycles and network traffic has doubled in the last 2 years and could eventually overwhelm the servers and the network infrastructure unless something is done about it. While both USNO and NIST operate multiple servers across the US, the aggregate load is highly unbalanced and the flagship servers at headquarters are nearing capacity. This paper discusses the current conditions at USNO and NIST and suggests technical defenses designed to protect their resources. Surprisingly, a significant fraction of the total load is due to the occasional defective client design that spews an alarming number of packets without good reason. In one incident at the University of Wisconsin a defective NTP implementation in a router product resulted in a large-scale denial of service attack on the university’s network. At NIST and USNO most of the population are well-behaved “mice,” but a significant proportion of the total traffic is due to a relatively few number of abusive “elephants.” The paper proposes that the best advice may be to find the elephants and shoot them.
Published in: Proceedings of the 36th Annual Precise Time and Time Interval Systems and Applications Meeting
December 7 - 9, 2004
Hyatt Regency Washington on Capitol Hill
Washington, D.C.
Pages: 5 - 16
Cite this article: Mills, David, Levine, Judah, Schmidt, Richard, Plonka, David, "Coping With Overload on the Network Time Protocol Public Servers," Proceedings of the 36th Annual Precise Time and Time Interval Systems and Applications Meeting, Washington, D.C., December 2004, pp. 5-16.
Full Paper: ION Members/Non-Members: 1 Download Credit
Sign In