On Sat, Dec 28, 2024 at 08:18:29PM +0200, Kapetanakis Giannis wrote: >On 19/12/2024 23:53, Maurice Janssen wrote: >> On Thu, Dec 19, 2024 at 01:39:23PM +0200, Kapetanakis Giannis wrote: >> > On 18/12/2024 18:22, Maurice Janssen wrote: >> > > I moved the rules for the NTP traffic to the top and this seems to >> > > improve >> > > things. But I'll leave it overnight to have some better stats in the >> > > morning. >> > > >> > > Best regards, >> > > Maurice >> > Jumping in since I've also recently added an ntp server in ntppool.org and >> > saw spikes on my states as well as pps. >> > >> > I've added Net speed: 500Mbit on the server management on site in order to >> > limit connections. >> > >> > I don't use a private IP and thought about removing keeping state but I >> > decided to keep it. >> > >> > Rule is as far up as it can be and it's like this: >> > @70 pass in quick on $ext_if proto udp to $ntp_server port ntp set prio >> > (1,1) >> > keep state (pflow, max-src-states 20, source-track rule, udp.first 30, >> > udp.multiple 30) tag to_internal >> > >> > On the other hand, I don't have packet loss. >> > >> > I have an average of 15K states all the time. >> > >> > Interface is vlan on top of trunk on top of ix(4) >> Thanks for jumping in ;-) >> How many NTP requests per second do you get? >> >> Maurice >> >Hi, > >sorry for the big delay. > >Haven't counted requests/sec. How do you measure them?
There may be other ways, but I use the 'ifstat' page of systat(1).
