On 19/12/2024 23:53, Maurice Janssen wrote:
> On Thu, Dec 19, 2024 at 01:39:23PM +0200, Kapetanakis Giannis wrote:
>> On 18/12/2024 18:22, Maurice Janssen wrote:
>>> I moved the rules for the NTP traffic to the top and this seems to improve
>>> things. But I'll leave it overnight to have some better stats in the
>>> morning.
>>>
>>> Best regards,
>>> Maurice
>> Jumping in since I've also recently added an ntp server in ntppool.org and saw
>> spikes on my states as well as pps.
>>
>> I've added Net speed: 500Mbit on the server management on site in order to
>> limit connections.
>>
>> I don't use a private IP and thought about removing keeping state but I
>> decided to keep it.
>>
>> Rule is as far up as it can be and it's like this:
>> @70 pass in quick on $ext_if proto udp to $ntp_server port ntp set prio (1,1)
>> keep state (pflow, max-src-states 20, source-track rule, udp.first 30,
>> udp.multiple 30) tag to_internal
>>
>> On the other hand, I don't have packet loss.
>>
>> I have an average of 15K states all the time.
>>
>> Interface is vlan on top of trunk on top of ix(4)
> Thanks for jumping in ;-)
> How many NTP requests per second do you get?
>
> Maurice
>
Hi,
sorry for the big delay.
Haven't counted requests/sec. How do you measure them?
G
No comments:
Post a Comment