r14 - 2009-04-30 - 22:43:03 - HarlanStennYou are here: NTP >  Dev Web > GoogleSummerOfCode > GSoC2009HighThroughputStratum1Server
NTP users are strongly urged to take immediate action to ensure that their NTP daemons are not susceptible to being used in distributed denial-of-service (DDoS) attacks. Please also take this opportunity to defeat denial-of-service attacks by implementing Ingress and Egress filtering through BCP38.

ntp-4.2.8p15 was released on 23 June 2020. It addresses 1 medium-severity security issue in ntpd, and provides 13 non-security bugfixes over 4.2.8p13.

Please see the NTP Security Notice for vulnerability and mitigation details.

Are you using Autokey in production? If so, please contact Harlan - he's got some questions for you.

High-Throughput Low-Jitter Stratum 1 NTP Server (GSoC 2009)

Summary

Highly accurate synchronization of PC and server clocks is crucial for many applications. Microprocessor based NTP servers suffer from a large amount of timestamp jitter (e.g., ~50000 ns), for a variety of reasons such as OS scheduling and unpredictable bus timing. The goal of this project is to implement a stratum-1 NTP server in reconfigurable logic, capable of gigabit Ethernet linerates with less than 8 ns of jitter, and a flexible stratum-0 interface.

Introduction

Linerate throughput and low jitter will be achieved by implementing a custom datapath for NTP requests and timestamping logic in reconfigurable logic. A custom NTP datapath interfacing with the physical layer Ethernet transceiver means the receive and transmit timestamps can be accurate to within the clock cycle (8 ns with gigabit Ethernet). Furthermore, as NTP and ARP requests and replies are symmetrical in size, a datapath responding only to these packets can never overflow transmit FIFO's in extreme situations, and the appliance itself is immune to DDoS attacks. As no software is involved, the system can also easily be verified as being crack proof.

To accommodate auxiliary functions such as management and logging, the system will also feature an embedded microprocessor and a secondary Ethernet interface.

The project has three components: the hardware appliance, firmware (custom logic), and software.

Motivation

Stratum-1 NTP servers implemented on COTS (commodity off the self) microprocessor systems suffer from a large amount of timestamping jitter due to the non-deterministic latency during processing and as data is moved through the system.

A stratum-1 NTP server implemented with reconfigurable logic has the following advantages over a microprocessor based implementation:

  • Less physical space required;
  • Lower power consumption;
  • Immune to DDoS attacks (although the network may still be susceptible);
  • Crack proof;
  • Line rate throughput;
  • Timestamp jitter < clock cycle period (8 ns for GMII).

History

The project started as a summer project at the WAND Network Research group in December 2007.

Hardware

The hardware schematics will be captured with gEDA gschem, and layed out with gEDA's PCB. Pre-layout simulations will be performed with Mentor Hyperlynx.

Rather than use a "soft" microprocessor such as the microblaze and a device such as the Spartan-3, we are now tending towards the more expensive Virtex-4 with its "hard" PowerPC 405 micro and dual tri-mode MACs. A tentative list of features for the board is:

The board is expected to be 6 - 10 layers.

Appliance Hardware Estimates has more information.

Firmware

The logic will be described with VHDL. Verification will be performed with Mentor Modelsim.

Firmware for a PRS10 rubidium clock and either GPS or ACTS disciplining will be implemented during the summer of code.

Timeline

Date Task Description % Done
090420   Accepted student proposals announced on the Google Summer of Code 2009 site. DONE
090522 Community Bonding Students get to know mentors, read documentation, get up to speed to begin working on their projects.  
090523 Coding begins Students begin coding for their GSoC projects  
090707 Start mid-term evaluations Mentors and students can begin submitting mid-term evaluations.  
090713 Mid-term evaluations Mid-term evaluations deadline  
090810 Wrap-up Suggested 'pencils down' date. Take a week to scrub code, write tests, improve documentation, etc.  
090817 Firm 'pencils down' date. Mentors, students and organization administrators can begin submitting final evaluations to Google.  
090824 Final evaluation Final evaluation deadline  
090903 Code samples Students can begin submitting required code samples to Google  

Deliverables

Hardware Appliance

  • Schematics;
  • Layout design;
  • Gerber plots;
  • Fab drawings.

Firmware

  • Source code (VHDL);
  • Synthesized bitstream.

Software

  • Source code (mostly C);
  • Binary image.

Documentation

  • Architectural specification;
  • Component documentation.

Related Work

NICT (Japan) have reported a hardware stratum-1 NTP server implemented on a PCI card with a reconfigurable logic device{{"High Performance NTP Server using FPGA" - http://www2.nict.go.jp/w/w114/tsp/publication/f-Abst-tori.pdf}}. In constrast to the NICT implementation, this project will not require a host PC and will be open source.

Future Work

Future work includes support for IEEE1588 and IPv6. Both of these will be possible on the hardware platform with the large reconfigurable logic device chosen. IPv6 may be implemented during the summer of code if time allows.

References

%FOOTNOTELIST%

Discussion and Comments

 
Edit | WYSIWYG | Attach | Printable | Raw View | Backlinks: Web, All Webs | History: r14 < r13 < r12 < r11 < r10 | More topic actions
 
SSL security by CAcert
Get the CAcert Root Certificate
This site is powered by the TWiki collaboration platform
IPv6 Ready
Copyright & 1999-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors. Ideas, requests, problems regarding the site? Send feedback