(hopefully my answers here cover the questions in the other posts
in this thread as well)
On Tue, 27 Mar 2007 15:59:12 -0500, Jeffrey Goldberg
<[EMAIL PROTECTED]> wrote:
>On Mar 27, 2007, at 3:06 PM, dave morgan wrote:
>
>> Hi,
>> just to let everyone know I have pulled my server from the UK and
>> EU DNS pools for the time being, as my network link cannot handle
>> the traffic peaks. I have 8Mbit down 512Kbit up, but when the
>> 10,000 queries a *minute* peaks come in my connection gets
>> totally unusable.
>
>>
>> For the last hour I have not been able to pick up email or browse
>> the web due to connection timeouts, this seem to happen each time
>> I get more than about 3,000 queries a minute coming in.
>
>Are you sure that the NTP traffic is the cause of your problems?
>While it is clear that there are abusive clients using your server
>(and mine, and just about everybody elses) it's not clear to me how
>that abuse is causing trouble.
Yes I am, NTP is the 99.9% of my WAN traffic packets when I am
not using web or email.
There is a very high correlation of WAN timeouts with traffic
spikes. This affects all the machines on my LAN running various
O/S's. This was not the first time I have had this issue, just
the one that caused me to say "enough!"
www.morgad.no-ip.info/mrtg/localhost_ntpuse.html
I am monitoring the 'packets received' line of 'ntpdc -c systat',
so this is just the packets that got through the firewall.
(note - the improved stability on the
www.morgad.no-ip.info/mrtg/localhost_ntp.html
page from Saturday onwards was due to me finally getting the MSF
rx software working)
>
>I do have greater bandwidth capacity and about 1/3 of the number of
>requests you are handling, so I don't rule out that NTP is your
>problem, but I am skeptical.
If I could limit incoming requests to <2.5k per minute hitting
the router I would most likely not even notice the traffic.
>
>> I am not actually turning the server off, just the DNS pool
>> access to it, until things get better.
>
>There are other things that you could try first.
>
>(1) Instead of removing it from the pool (which may take a long time
>to help you anyway) you could downgrade your connection speed listed
>in the pool.
I am already at minimum (UK+EU), unfortunately there is no
[ ] Global [ ] Europe [x] UK
type checkbox on the management screen for me to try.
>
>(2) If you are using the ISC ntpd, you can use its rate limiting
>features.
>I have
>
> # set up rate limiting
> discard
> restrict default limited kod
>
>in my /etc/ntp.conf
>
>(3) You can try to educate admins of abusive networks. I send off a
>boiler plate email that points them to
>
> http://www.goldmark.org/netrants/ntp-abuse/
>
>By the way, if anyone has comments on that newly minted document,
>please let me know.
>
>(4) You can block abusive nets at your firewall.
>
>Now (2) and (4) aren't going to reduce inbound traffic from badly
>misconfigured clients, but it will certainly reduce outbound traffic
>and probably will reduce inbound to some degree.
>
See my posts from previous years in this group about my
experiences with abusive clients. I came to the view that this
caused my inbound traffic to go up due to clients retrying.
I am *not* saying the clients are abusive in this case, it seems
to be an un-intended Distributed DOS of my router caused by all
the IP addresses it is being forced to keep track of.
I do not want to netblock whole ISP's.
>I've only tried (3) three times and so far have two successes.
>
>Cheers
>
>-j
best regards
Dave
--
http://www.morgad.no-ip.info/index.html gpg:0x64B5E037
Distributed Proofreaders: http://www.pgdp.net
The NTP server pool http://www.pool.ntp.org
The L&B is being rebuilt! http://www.lynton-rail.co.uk
_______________________________________________
timekeepers mailing list
[email protected]
https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
