On 19/12/2024 23:53, Maurice Janssen wrote:
On Thu, Dec 19, 2024 at 01:39:23PM +0200, Kapetanakis Giannis wrote:
On 18/12/2024 18:22, Maurice Janssen wrote:
I moved the rules for the NTP traffic to the top and this seems to improve
things. But I'll leave it overnight to have some better stats in the
morning.
Best regards,
Maurice
Jumping in since I've also recently added an ntp server in ntppool.org and saw
spikes on my states as well as pps.
I've added Net speed: 500Mbit on the server management on site in order to
limit connections.
I don't use a private IP and thought about removing keeping state but I
decided to keep it.
Rule is as far up as it can be and it's like this:
@70 pass in quick on $ext_if proto udp to $ntp_server port ntp set prio (1,1)
keep state (pflow, max-src-states 20, source-track rule, udp.first 30,
udp.multiple 30) tag to_internal
On the other hand, I don't have packet loss.
I have an average of 15K states all the time.
Interface is vlan on top of trunk on top of ix(4)
Thanks for jumping in ;-)
How many NTP requests per second do you get?
Maurice
Hi,
sorry for the big delay.
Haven't counted requests/sec. How do you measure them?
G
