Is there any advantage that the vendors gain by creating their own vendor zones and how exactly does this help the entire community?
I’m not sure I completely understand the purpose behind creating these zones. I mean I understand why a contribution should be taken from vendors who intend to use community ntp servers in their distributions or devices, but other than keeping a track of vendor wise requests and enabling the pool maintainers to collect a fee from the vendors, are there any other upsides to creating these zones both from the perspective of the vendors as well as the community in general ?
One of the main benefits is that if they DDoS the pool, the vendor zone can be disabled to cut them off.
Another one is that it sets up contact and a relationship so that they can be given an explanation about not DDoSing the pool, and if they accidentally do it anyway, they can be asked to stop.
(As you can see, I’m not an expert at PR or sales. )
Also means that a vendor who does unintentionally DDoS the pool can spin up servers to take over the load for their own devices, and remove that traffic from the public pool completely, without needing to reconfigure potentially millions of devices which may not be vendor-configurable once deployed in the wild.
So just to clarify, does it mean that when a vendor zone is created, a dedicated set of servers is assigned to the zone or does the normal server selection criteria(based on the geographic location + round robin) hold for the vendor zones ?
Only @Ask could definitively answer that. You could probably look over the pool / dns code (it’s on Github) to find out.
However, I don’t believe any serves are ‘dedicated’ to vendor zones. Instead, the vendor zone is just an overlay that pulls its selection from specified other zones (likely just ‘global’).
Yes, that’s correct. There are some options for vendor zones to work differently (IPv6 support, filtering certain servers, etc) that I’ve been working on adding.
The original intention was to have a way to protect the rest of the pool from vendors with poorly behaved devices.
However it turns out that the vendors who follow the process to sign up for a zone generally are thoughtful about all this (more or less; part of the process is often to talk to them about how to use the pool appropriately). This means in reality it’s more likely that during problems what we can do is protect the people who went through the process from whoever else is doing something stupid.
Anyway, yes – that’s the point: be able to help vendors better manage how they use the pool and give us a few more tools to manage the overall load.
For example during the event a couple years ago when an app developer put some terrible NTP code into their app and put huge load on a few country zones, we could mitigate by having those zones work differently. Having the vendor zones have also helped get some vendors to fix their code so they wouldn’t poll at the top of the hour, etc (which is still a big problem, but mostly on the “default” zone names).
Some of the next updates to the site will be to make the vendor zone setup a bit more sophisticated (and more automated!) which will make it more possible to proceed with other changes (IPv6 support, a more nuanced scoring system, etc).
I’m also wondering. I have made a request pending since January and have pinged 2 times in the meantime but I didn’t get any answer. I’m thinking about to go on with the default pool as the release approaches…
@iocc Do I recall correctly that you have managed to get some traction on vendor zones? This one needs some action, and the user is considering just going ahead with the public pool in lieu of a vendor zone. It’s a really bad look for the pool project IMO for it to have dragged on this long, especially as the user has gone out of their way for months to do the right thing.
Hi, I am also in need of a vendor zone and I was wondering whether this is still something that the NTP pool project pursues. By the way the online mailing form at https://manage.ntppool.org/manage/vendor seems to be down (I get a 504 Gateway Time-out error when I hit “Request help” to send my message). I emailed ask@develooper.com but I am not sure email is the best medium for such requests… Any advice/help would be greatly appreciated, thanks!
)