On Thu, Dec 19, 2024 at 01:39:23PM +0200, Kapetanakis Giannis wrote: >On 18/12/2024 18:22, Maurice Janssen wrote: >> I moved the rules for the NTP traffic to the top and this seems to improve >> things. But I'll leave it overnight to have some better stats in the >> morning. >> >> Best regards, >> Maurice > >Jumping in since I've also recently added an ntp server in ntppool.org and saw >spikes on my states as well as pps. > >I've added Net speed: 500Mbit on the server management on site in order to >limit connections. > >I don't use a private IP and thought about removing keeping state but I >decided to keep it. > >Rule is as far up as it can be and it's like this: >@70 pass in quick on $ext_if proto udp to $ntp_server port ntp set prio (1,1) >keep state (pflow, max-src-states 20, source-track rule, udp.first 30, >udp.multiple 30) tag to_internal > >On the other hand, I don't have packet loss. > >I have an average of 15K states all the time. > >Interface is vlan on top of trunk on top of ix(4)
Thanks for jumping in ;-) How many NTP requests per second do you get? Maurice
