Thursday, December 19, 2024

Re: pf.conf optimization for NTP pool traffic

On 18/12/2024 18:22, Maurice Janssen wrote:
I moved the rules for the NTP traffic to the top and this seems to improve  things.  But I'll leave it overnight to have some better stats in the  morning.    Best regards,  Maurice  

Jumping in since I've also recently added an ntp server in ntppool.org and saw spikes on my states as well as pps.

I've added Net speed: 500Mbit on the server management on site in order to limit connections.

I don't use a private IP and thought about removing keeping state but I decided to keep it.

Rule is as far up as it can be and it's like this:
@70 pass in quick on $ext_if proto udp to $ntp_server port ntp set prio (1,1) keep state (pflow, max-src-states 20, source-track rule, udp.first 30, udp.multiple 30) tag to_internal

On the other hand, I don't have packet loss.

I have an average of 15K states all the time.

Interface is vlan on top of trunk on top of ix(4)

Good luck,

G


No comments:

Post a Comment