Hello Thomas
On 10.02.14 23:03, Thomas Pfaff wrote:
Looking at a tcpdump on my external interface I see, obviously, a lot
of ntp requests and responses. Now, once in a while a response gets
answered with an icmp port unreachable, transaction something like
example.com.2690 > ntp.tp76.info.123: v4 client strat 0 poll 0 prec 0 (DF)
ntp.tp76.info.123 > example.com.2690: v4 server strat 4 poll 0 prec -6 [tos
0x10]
example.com > ntp.tp76.info: icmp: example.com udp port 2690 unreachable
Why does it say "answer me on port 2690" and when I do I get "sorry,
that port is unreachable"? (read on; graph coming up)
As others pointed out, the system doing the request (or if his IP
address is spoofed), does block / reject upd traffic from port
123 do any other port in. If it just happens seldom, just ignore it.
My second question; why is the ntp traffic so spikey? For an hour I
get about 150 requests per minute and then suddenly I get about 7000
requests per minute for a short time, and then it drops.
I do not know how you do measure the requests. For my graphs [1]
I do measure the packets with the 'packets received' and 'packets
sent' from the 'ntpdc -c sysstats -c iostats' output. But I guess
they do correspond to requests.
[1] http://www.home4u.ch/ntp/
If you look at my graphs, I have much higher peaks. But it does
not affect the operation of the system itself, even if some of
them are only single core Xeon with 3 GHz.
My servers are also in the TR zone, from which we know, that
there are probably CPE from one large ISP, which are doing sntp
on fixed times.
bye
Fabian
_______________________________________________
pool mailing list
[email protected]
http://lists.ntp.org/listinfo/pool
