Net Neutrality and Tier 1s dropping non-US UDP traffic

Hello All

I have two very modest NTP servers running in the UK. I present them publicly (short leash NAT) via two separate UK connectivity providers. The first provider also provides IPv6 (flawlessly). Both are FTTC and terminate on the same Draytek router (dual WAN)

The first provider is well regarded, business class and dedicated solely to ntp traffic. Unfortunately it traverses Zayo and it occasionally performs poorly in the eyes of the NJ SJ (?) monitor. It happens in waves. It will go fine for days (based on monitoring) and then just zigzag below 10 for hours and occasionally days.

The second provider is a typical residential FTTC. All of the household traffic (Netflix, web, etc.) along with the ntp traffic goes through that circuit. It typically scores 20 for days on end.

The provider for the first circuit says there’s nothing they can do. They don’t block ntp traffic on their network; they can’t tell their peers what to do. And they’re probably right. Other operators outside of the US have complained about this before.

President Trump in his infinite wisdom downgraded/rescinded/repealed (???) the Net Neutrality principles. Earlier this month, Biden “encouraged the FCC to restore the net neutrality rules undone by the Trump administration”. (last sentence of the article on Wikipedia)

I have very little knowledge in this area. But say for argument’s sake, that the FCC re-embraced Net Neutraility, would that provide any grounds to ask the Tier 1s to stop dumping UDP traffic? I suspect they will claim these are measures taken in ‘defense’ and thus provide a better service for the greater number of users. And you know, UDP not being a guaranteed protocol and all anyway. But so much traffic (streaming, videoconferencing, YouTube via QUIC, etc.) these days is UDP (isn’t it?). This is the bit I read with interest:

Without net neutrality, ISPs may prioritize certain types of traffic, meter others, or potentially block traffic from specific services, while charging consumers for various tiers of service.

Maybe I’m barking up the wrong tree? Maybe they block defensively against threats?

All three of these ntp hosts are the my ‘first’ server. The graphs are IPv4 , IPv6, and lastly IPv4 presented on another circuit/provider.

And all three of these ntp servers are my ‘second’ server. Same as above; IPv4, IPv6, IPv4 another circuit/provider.

Any thoughts on the Net Neutrality angle? My ISP has absolutely nothing to say to me anymore. Not their problem. Shame, they have great native IPv6 support or I’d move in a flash.

Or better, anything strike anyone as an obvious issue that I can easily/arduously address. Provide tcpdumps, sure, provide configs, sure. Anything. I was just noticing how well performance (in terms of score) was last week and this week it has been pretty abysmal.

edit – just noticed that monitoring servers have moved recently. :blush: trace.ntppool.org is still being shown (per MaxMind) as being located in NJ. I’ve obviously missed something about the move to a new monitoring server. :frowning_face: But the second hop is in Sunnyvale, CA. The routes from the monitor (using trace.ntppool.org to my hosts are still littered with Zayo (4-5 hops).

Net neutrality is an interesting theory, but I suspect it won’t fly.

My tests indicate that IPv4 NTP (UDP port 123) is specifically targeted for rate limiting by a handful of ISPs, in particular Zayo and Telia.

NTP is “known” to be a DDoS source. See for example https://www.cloudflare.com/learning/ddos/ntp-amplification-ddos-attack/
Historically this was true, however the number of vulnerable NTP servers has dropped significantly in recent years.

Two really naive and seemingly unrelated questions (apologies in advance):

  1. Is there any validation of pool servers that they aren’t open to exploit (mrulist, etc.).

  2. Do US operators also suffer the same shenanigans from Telia/Zayo? Or is it just Europe (I haven’t looked to see if it’s a transatlantic hop)?

I wonder if vulnerable hosts in the pool are being used to initiate flood/amplification attacks. I think there would be some irony there.

I also wonder if non-North American operators wouldn’t benefit from a monitoring station outside of the US.

As an aside, I ran across the original Net Neutrality article on google news. A not intuitively authoritative source (PC Gamer - President Biden signs executive order calling for the restoration of net neutrality). But as the Wikipedia article mentions, it’s just a recommendation, not a declaration.