[Pool] 8-10k pps in Brazil

Austin France adf at sorcerer.co.uk
Sat May 23 00:14:30 UTC 2015

I should add, I did add another server to the pool, much higher bandwidth,
unfortunately not in the same region.  I am also slowly raising the
bandwidth setting of the server that had the problem trying to find the
right balance.


On 22 May 2015 at 20:22, Austin France <adf at sorcerer.co.uk> wrote:

> I had similar issue, and coupled with having rate limiting configured, my
> server kept dropping out the pool, going back in the pool, back out etc
> almost rhythmic.
> I took rate limiting off, and adjusted the bandwidth configuration for my
> server in the pool right down to the lowest setting (384kbit)
> https://manage.ntppool.org/manage/servers and it has been stable since.
> Traffic is down, and its been stable 20 score in the pool since I made
> those changes.
> Regards
> Austin
> On 22 May 2015 at 19:28, Matt Wagner <mwaggy at gmail.com> wrote:
>> Does anyone else here run an NTP server in Brazil? I'm wondering if you
>> are
>> seeing the same crazy load I am.
>> For a long time I saw maybe 400 queries/second, but I got email last
>> weekend that I had fallen out of the pool for being unreachable. Indeed, I
>> couldn't even SSH in. It turns out that it's because my server (a t1.micro
>> instance) was dying under the load, which is close to 10,000 queries per
>> second right now. For giggles, I upsized to a larger instance and moved
>> the
>> IP to watch what was happening on a machine that could handle the load.
>> Yes, I'm patched against the old monlist exploit.
>> $ /usr/local/bin/ntpq -c sysstat
>> uptime:                 77729
>> sysstats reset:         77729
>> packets received:       670434339
>> current version:        10573419
>> older version:          659857017
>> bad length or format:   3276
>> authentication failed:  7916
>> declined:               3
>> restricted:             126
>> rate limited:           60293937
>> KoD responses:          10096867
>> processed for time:     636
>> There are definitely some abusive clients, but it's not a crazy DoS from
>> one IP or anything. Less than 10% of requests hit rate limits, and if I
>> watch tcpdump or something, it's from a huge range of IPs. Only a handful
>> of clients have made more than 50,000 requests (over the ~77000 second
>> uptime), and none are way over that. Trying to profile random IPs from
>> tcpdump, none seem to be behaving too wildly. It seems like I'm just
>> serving a huge number of clients.
>> My bandwidth is set at 100 Mbps, which it has been at for a while. The
>> jump
>> from a few hundred queries/second to 10,000 queries/second seems to have
>> come out of nowhere.
>> Is anyone else seeing this? I'm happy to keep soaking up some of the load,
>> but I'm not eager to pay for 50GB of NTP traffic a day for too long.
>> _______________________________________________
>> pool mailing list
>> pool at lists.ntp.org
>> http://lists.ntp.org/listinfo/pool

More information about the pool mailing list