< Home

Configuring KOD

Context

KOD is a modern access control technology implemented in NTPv4. It is used by the server to provide information to the client. The information provided includes status reports and access control.

With KOD enabled on the server, the server will send either the DENY or RATE kiss code to the client, according to the operating status of the system.

  • When receiving the kiss code DENY, the client terminates all connections to the server, and stops sending packets to the server.
  • When receiving the kiss code RATE, the client immediately reduces its polling interval to the server. The client will continue to reduce the interval if receiving subsequent RATE kiss codes.

KOD supports unicast client/server, symmetric peer, and manycast modes.

KOD functions only in NTPv4.

The following configuration is performed on the server.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ntp-service kod-enable

    The KOD function is enabled.

    By default, the KOD function is disabled.

  3. Configure the basic ACL.

    Before configuring the access control authority, create a basic ACL. For the creation procedure, see ACL Configuration in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Security.

  4. Run ntp-service access limited { acl-number | ipv6 acl6-number } *

    Control on the incoming NTP packet rate is enabled.

    By default, control on the incoming NTP packet rate is disabled.

    Before enabling control on the rate of incoming NTP packets, check the ACL rule configuration. When the ACL rule is deny, the server sends the kiss code DENY. When the ACL is permit and the rate of incoming NTP packets reaches the upper threshold, the server sends the kiss code RATE.

  5. Run ntp-service discard { min-interval min-interval-val | avg-interval avg-interval-val } *

    The minimum inter-packet interval and the average inter-packet interval of NTP are configured.

    By default, the minimum inter-packet interval of NTP is set to the first power of 2 in seconds, namely, 2 seconds, and the average inter-packet interval of NTP is set to the fifth power of 2 in seconds, namely, 32 seconds.

Parent Topic: Configuring NTP Access Control
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >