I should add, I did add another server to the pool, much higher bandwidth, unfortunately not in the same region. I am also slowly raising the bandwidth setting of the server that had the problem trying to find the right balance.
Regards Austin On 22 May 2015 at 20:22, Austin France <[email protected]> wrote: > I had similar issue, and coupled with having rate limiting configured, my > server kept dropping out the pool, going back in the pool, back out etc > almost rhythmic. > > I took rate limiting off, and adjusted the bandwidth configuration for my > server in the pool right down to the lowest setting (384kbit) > https://manage.ntppool.org/manage/servers and it has been stable since. > Traffic is down, and its been stable 20 score in the pool since I made > those changes. > > Regards > Austin > > > > On 22 May 2015 at 19:28, Matt Wagner <[email protected]> wrote: > >> Does anyone else here run an NTP server in Brazil? I'm wondering if you >> are >> seeing the same crazy load I am. >> >> For a long time I saw maybe 400 queries/second, but I got email last >> weekend that I had fallen out of the pool for being unreachable. Indeed, I >> couldn't even SSH in. It turns out that it's because my server (a t1.micro >> instance) was dying under the load, which is close to 10,000 queries per >> second right now. For giggles, I upsized to a larger instance and moved >> the >> IP to watch what was happening on a machine that could handle the load. >> >> Yes, I'm patched against the old monlist exploit. >> >> $ /usr/local/bin/ntpq -c sysstat >> uptime: 77729 >> sysstats reset: 77729 >> packets received: 670434339 >> current version: 10573419 >> older version: 659857017 >> bad length or format: 3276 >> authentication failed: 7916 >> declined: 3 >> restricted: 126 >> rate limited: 60293937 >> KoD responses: 10096867 >> processed for time: 636 >> >> There are definitely some abusive clients, but it's not a crazy DoS from >> one IP or anything. Less than 10% of requests hit rate limits, and if I >> watch tcpdump or something, it's from a huge range of IPs. Only a handful >> of clients have made more than 50,000 requests (over the ~77000 second >> uptime), and none are way over that. Trying to profile random IPs from >> tcpdump, none seem to be behaving too wildly. It seems like I'm just >> serving a huge number of clients. >> >> My bandwidth is set at 100 Mbps, which it has been at for a while. The >> jump >> from a few hundred queries/second to 10,000 queries/second seems to have >> come out of nowhere. >> >> Is anyone else seeing this? I'm happy to keep soaking up some of the load, >> but I'm not eager to pay for 50GB of NTP traffic a day for too long. >> _______________________________________________ >> pool mailing list >> [email protected] >> http://lists.ntp.org/listinfo/pool >> > > _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
