[ratelimits] Double CPU usage with RRL

Joe Abley jabley at hopcount.ca
Fri Oct 11 19:57:35 UTC 2013


On 2013-10-11, at 14:38, Vernon Schryver <vjs at rhyolite.com> wrote:

> time.apple.com and similar are a class of frequently resolved domain
> name I'd not thought of.
> 
> However, what's the worst that could happen if 50% of requests for
> that domain are dropped and the other 50% are answered with truncated
> responses?  You'd hope that Apple's NTP implementation does the right
> thing with DNS failures for NTP as well as NTP server problems.

Apple ships product based on more than just Mac OS, but a data point for that:

[krill:~]% uname -a
Darwin krill 12.5.0 Darwin Kernel Version 12.5.0: Sun Sep 29 13:33:47 PDT 2013; root:xnu-2050.48.12~1/RELEASE_X86_64 x86_64
[krill:~]% ntpdc
ntpdc> peer
     remote           local      st poll reach  delay   offset    disp
=======================================================================
*time.apple.com  199.212.90.44    2  512    7 0.11850 -0.001218 0.13814
ntpdc> ^D
[krill:~]% more /etc/ntp.conf
server time.apple.com
[krill:~]% 

> On the third hand, if I were in charge of a large enterprise, I'd
> try to keep NTP and similar traffic inside.  Do Apple products
> notice multicast or broadcast NTP service by default?

This OS seems to have shipped with ntp.org ntpd 4.2.6. In principle I would expect that I could configure it however I wanted. The exposed configuration elements through the UI let me configure different time sources, but little more.


Joe



More information about the ratelimits mailing list