[ntp:questions] Test ntpd performance
cswiger at mac.com
Tue Sep 28 19:37:03 UTC 2010
On Sep 28, 2010, at 10:07 AM, Rick Jones wrote:
>> Even if you have a test program that blasts lots of packets, that
>> won't mimmic real traffic. It's bypassing all the setup of ARP and
>> router slots.
> I'm not quite sure if I'm parsing that accurately - yes, such a
> single-connection test between a pair of systems isn't doing much
> to/with the ARP cache or routing tables, which means that if anything
> for the 100000 client case the 350K transactions per second is
> optimistic (*). I should have been more clear - my main intent was to
> show/suggest that the server could very likely indeed bottleneck
> before a 1GbE link could. [ ... ]
> rick jones
> * then again, I'd hope there aren't 100000 clients in the same
> broadcast domain, which suggests (ok, yes, I'm extrapolating) that
> almost all the clients will be reached by the ntp server via its
> default route, and thus also have only one active ARP cache entry -
> much like the single-connection netperf test between systems on the
> same LAN.
In point of fact, most ethernet switches are limited to a few thousand MAC addresses-- for example, the ProCurve 26xx switches have a MAC table size of 8000. Even a core switch is unlikely to support larger than 65K MAC table size. But, if you wanted to assume that you have 100K clients locally, at default maxpoll they'd be generating one query every 1024 seconds, or an average of 2000pps, which ntpd will have no problems handling.
For a more normal case, the NTP server is handling requests from the Internet which are not coming from machines in the local broadcast domain-- in which case, agreed, there would only be a single ARP entry between the NTP server and it's upstream router. In such a case, your bottleneck is still much more likely to be the capability of the router/firewall to handle large numbers of tiny packets, especially if NAT is being used or if connection state is being kept by a firewall.
Anyone adding their NTP server to the pool will discover these issues, especially if they are using consumer-grade DSL/FiOS/cable router boxes rather than telco-grade T1/T3/100Mbs/OC3/OC12/GBE routers for their Internet connectivity. They'll also discover spikes of thousands to tens of thousands of NTP requests per second when your IP gets rotated into the pool's active DNS and Turk Telekom hits you. That probably does correspond to on the order of 100+K clients....
More information about the questions