Hi Guillaume, What you are seeing is normal ntp pool behavior.
The DNS gets reset every 15 minutes (I think) and it's impractical to reshuffle more often than that. I have seen peaks of up to 100 requests per SECOND (that's 6000 per minute), but usually they come in at half of that. http://www.dayww.net/ntpstats/weekly.php Good luck, and thank for joining the pool! ...Dave Yingling On Fri, March 31, 2006 10:08 am, Guillaume Filion wrote: > Hi all, > > I've been running a server in the pool for one week now and I have had a > couple occurrences of an interesting problem. According to the > ntp_clients_stats script made by Wayne Schlitt, my number of active > clients averages around 600-700 clients. > > But on three occurrences in the last week (03/24/06 14:20 EST, 03/26/06 > 16:30 EST and 03/31/06 10:45 EST), the number of active clients quickly > rose to 1500-2500. That high number of clients lasts for around an hour, > then goes down. Here's a RRDtool graph showing the last spike: > http://132.214.200.200/stats/clients-spike.png > > My Cisco router sees that as a DDoS attack, and starts to do all kind of > counter measures that affect our users' normal traffic. > > In case anyone is having the same problem, Cisco has a document > describing its DDoS counter measures: http://xrl.us/knnp > > Setting > #ip inspect one-minute high 1500 > #ip inspect one-minute low 1200 > seem to have solved the counter measures problem. From the Java GUI, > it's in Configure, Additional Tasks, Inspection Rule Editor, Global > Settings. > > However, I would be interested in knowing a bit more about the cause of > this surge in clients. I guess this is because, during that time, my NTP > server shows up in the DNS response for pool.ntp.org. If that's the > case, would it be possible for the DNS servers to return a server more > often but for shorter amounts of time, in order to spread the load on > the NTP servers? > > Have a good week-end, > GFK's > -- > Guillaume Filion, ing. jr > Logidac Tech., Beaumont, Québec, Canada - http://logidac.com/ > PGP Key and more: http://guillaume.filion.org/ > _______________________________________________ > timekeepers mailing list > [email protected] > https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers > _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
