On Sat, Dec 28, 2024 at 08:18:29PM +0200, Kapetanakis Giannis wrote:
>On 19/12/2024 23:53, Maurice Janssen wrote:
>> On Thu, Dec 19, 2024 at 01:39:23PM +0200, Kapetanakis Giannis wrote:
>> > On 18/12/2024 18:22, Maurice Janssen wrote:
>> > > I moved the rules for the NTP traffic to the top and this seems to improve
>> > > things. But I'll leave it overnight to have some better stats in the
>> > > morning.
>> > >
>> > > Best regards,
>> > > Maurice
>> > Jumping in since I've also recently added an ntp server in ntppool.org and
>> > saw spikes on my states as well as pps.
>> >
>> > I've added Net speed: 500Mbit on the server management on site in order to
>> > limit connections.
>> >
>> > I don't use a private IP and thought about removing keeping state but I
>> > decided to keep it.
>> >
>> > Rule is as far up as it can be and it's like this:
>> > @70 pass in quick on $ext_if proto udp to $ntp_server port ntp set prio (1,1)
>> > keep state (pflow, max-src-states 20, source-track rule, udp.first 30,
>> > udp.multiple 30) tag to_internal
>> >
>> > On the other hand, I don't have packet loss.
>> >
>> > I have an average of 15K states all the time.
>> >
>> > Interface is vlan on top of trunk on top of ix(4)
>> Thanks for jumping in ;-)
>> How many NTP requests per second do you get?
>>
>> Maurice
>>
>Hi,
>
>sorry for the big delay.
>
>Haven't counted requests/sec. How do you measure them?
There may be other ways, but I use the 'ifstat' page of systat(1).
No comments:
Post a Comment