NTPpool to Cloudflare?

So, maybe some of you have read this:

It’s actually a nice read.

Some of you may know ‘icanhazip’, a very cool service that was operated by an enthusiastic individual, much like the pool is. Until things went a little crazy.

Long story short; ‘icanhazip’ now lives on at Cloudflare.

Obviously the story of the NTP Pool is a little different, but still; I couldn’t help thinking: will this fate also befall the NTP Pool at some point in the future? Cloudflare is already quite dominant as a pool member.

Are you on crack? The link just gives an IP and nothing else.
Or it this another attempt to push people into IPv6 that nobody wants?

It’s about nothing.

It does not:

https://major.io/2021/06/06/a-new-future-for-icanhazip/

Cloudflare is dominant only in zones that have a small number of servers or their speed is set too low. They have two servers in each zone, set at the maximum speed. That’s not enough for a proper NTP source selection with three or more sources.

The NTP load is distributed between volunteers’ servers. On the global scale, it doesn’t look like the NTP traffic is getting out of control yet. I suspect DNS traffic might be a bigger issue at some point. How much room there is for it to grow with the current number of DNS servers and their traffic limits?

1 Like

Good to know. My earlier superficial tests suggested otherwise, but they could have been wrong.

I just did this from a server in the Netherlands:

for a in $(for i in {1..100}; do dig +short A pool.ntp.org @a.ntpns.org; done); do dig +short -x $a; done | sort | uniq -c | sort -rn

The first line of the result was:

62 time.cloudflare.com.

Don’t get me wrong; I am happy with the contribution of Cloudflare to the pool. But I know people who deliberately want to stay away from time.cloudflare.com (‘big tech antipathy’), without realizing that pool.ntp.org brings them to there quite often too :wink:. And while pondering over this and over the huge amount of voluntary work that goes into keeping the pool up and running, I came up with this post. No offense intended.

So it seems, although China is causing me some concerns. Also, I measure a significant yearly growth on my systems (lots of Sonos and Amazon devices, along with other IoT-like embedded devices, from what I can tell).

Good point.

https://status.ntppool.org/ suggests some ~40k qps, which is not that much for the amount of servers there are, but I’m not sure how reliable this figure is.

I’ve been thinking of donating a few DNS servers to pool. but I was a little reluctant because of the requirement of providing access to the admins. Maybe I will reconsider if the DNS really becomes an issue.

Cloudflare will never allow third-party servers to maintain the NTP service. They will always want to manage their own servers within their own data center. It will never be an NTP Pool.

The Cloudflare servers appear to be well-maintained. Realize though that monsjc1 cannot monitor individual servers since the Cloudflare servers use anycast addresses.

2 Likes

Sounds like you may be right.

But they are member of the NTP pool and they are quite dominant too. In some 23 country-zones they are the only service present, like in [0123].il.pool.ntp.org.

(Like @stevesommars already stated; they run a pretty amazing anycast infrastructure to accomplish that. It’s fair to ask the question why any big, commercial company would do such a thing.)

What if the pool would be looking for a new maintainer, for whatever reason… (maintaining it is a lot of hard work!) would Cloudflare be willing to adopt it, just as they have with icanhazip? Is there a chance this might actually happen? Would they allow the volunteers to stay in some form or shape, or would they indeed run it completely by themselves with their own servers? And would all this be good or bad?

I don’t know (for sure). It was just a wild thought that crossed my mind.