Max Berger writes: > 4kbytes/s is not a problem, but 36000 connects/min is.
> A lot of routers/firewalls are using linux/iptables. There the default > value of "ip_conntrack_max" is 16k, the default value of > "ip_conntrack_udp_timeout" is 30s. That means the router can handle 16k > new ntp connections in 30s. Every new connection is dropped if the limit > is reached. > If its your own server and your own firewall, you can correct > conntrac_max, but not everyone can configure his companies firewall or > the firmware of his router. Maybe I'm just a networking dinosaur, but why a router or firewall would even want to connection tracking on a connectionless protocol like NTP over UDP is beyond me. Seems like creeping featurism is the problem, not actual network traffic. I'll just bow out of this discussion now because, as Jeff Goldblum said in _Jurassic Park_, "ARRRRGGGHHH!!! AUUUUUGUGGGGGHHHH!" Tim. _______________________________________________ timekeepers mailing list [email protected] https://fortytwo.ch/mailman/cgi-bin/listinfo/timekeepers
