Hello, list. My ntp server is in the pool and since it was added I've been looking more closely at the network traffic (out of curiosity) and there's a few things that has me confused that I was hoping you guys could help me understand.
Looking at a tcpdump on my external interface I see, obviously, a lot of ntp requests and responses. Now, once in a while a response gets answered with an icmp port unreachable, transaction something like example.com.2690 > ntp.tp76.info.123: v4 client strat 0 poll 0 prec 0 (DF) ntp.tp76.info.123 > example.com.2690: v4 server strat 4 poll 0 prec -6 [tos 0x10] example.com > ntp.tp76.info: icmp: example.com udp port 2690 unreachable Why does it say "answer me on port 2690" and when I do I get "sorry, that port is unreachable"? (read on; graph coming up) My second question; why is the ntp traffic so spikey? For an hour I get about 150 requests per minute and then suddenly I get about 7000 requests per minute for a short time, and then it drops. I graphed the output of tcpdump for incoming udp/123 and icmp port unreachable, hoping I could see a correlation between the spikes of ntp queries and icmp port unreachable, though it's not as clear as I had hoped. Here's the graph -- http://tp76.info/rrd/ntp/still.png (see http://tp76.info/rrd/ntp/ for "live" graph). Note that the icmp port unreachable graph is not associated purely with ntp queries, though my link is basically idle except for the ntp traffic so it's pretty safe to assume they're highly related. Just to be clear; I'm not complaining. I'd just very much like to understand what I'm seeing. Thank you. Cheers, Thomas. _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
