Re: [Ntp] Microbursts of NTP packets
Steven Sommars <stevesommarsntp@gmail.com> Tue, 18 August 2020 02:42 UTC
Return-Path: <stevesommarsntp@gmail.com>
X-Original-To: ntp@ietfa.amsl.com
Delivered-To: ntp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AC72A3A1615 for <ntp@ietfa.amsl.com>; Mon, 17 Aug 2020 19:42:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Btb-5u_UjTLJ for <ntp@ietfa.amsl.com>; Mon, 17 Aug 2020 19:42:42 -0700 (PDT)
Received: from mail-ua1-x929.google.com (mail-ua1-x929.google.com [IPv6:2607:f8b0:4864:20::929]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 352483A1600 for <ntp@ietf.org>; Mon, 17 Aug 2020 19:42:37 -0700 (PDT)
Received: by mail-ua1-x929.google.com with SMTP id g20so5364149uap.8 for <ntp@ietf.org>; Mon, 17 Aug 2020 19:42:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ymh+dxtVxXB0JLPfdTf6+JrqsMdT85dbV3GcnziVTKE=; b=UHZloEjM2zCL4a+7NsCi0HKM2puvr60E5VYPtaSeiT30IxpemicQo/MvtM+u9Z6/jy WFobfs2KOFbAfl0kPKzpNOgy02VqCrgon2R3OulLlMljZpRzeRPAyWdTxspS10GTYlA7 DqvpT2ZVgdAX8HQSdmMRLoDFoKdE9jD9Kjnk7cnRxCV2o4oWUS7qdq9ygelbEM9oqQZO HwONffKNe1qNF0j9aLijYvd9J1Rvw7Z1sfj3+SVXh5hEwIjKg4vo+MgdQZsgSyLZWWA4 DVjsxKULdKAy4J3h8D35BpNWySmDW03hgCWehE19w2CZGA21TCUxdaP0oryIxyYVKCaB N37Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ymh+dxtVxXB0JLPfdTf6+JrqsMdT85dbV3GcnziVTKE=; b=goMcA3WWUErWFW3KydXR2s6zCG0t7gGLH3X/UgK++tqSn8n6u8+VEAStntYb2iLpSB c9hTCSc+sOqOiSYNJlwXXOn7MT5GokguUkarjVOGI4nbcFTbqrPr2VM59T4ZJzYN0jpO /gi1jozEfNvd0d/ZbZDTTLdLg+eI6jsmkIi3iNFJJrytLhnStnNFrwFHds+TjSVdSo8/ ZtzIHXJUIFhDc6KapTYTmz1RSb+CnjSCpm3c4P3WOHKjYOcf2wxeK65LNoG4eSFpI2qQ 1JZwOoKX54eGsYsfG0M6hQmvQ8Z2NPpHhCeNhv0VhD7+/+FzitO7DjFyJ0388dJrmB3z cTSA==
X-Gm-Message-State: AOAM533nta+IAbvZtz9pB7FYl+afNtvv/Ph8Re1ltgVCgnRZoVAzzbDR 1OpY9JmGt5DkfHR/Gn/65lOAewy8g+DQKnTjars=
X-Google-Smtp-Source: ABdhPJzI3BoKVnHwbv+0zPaRuzqRjxmC4aGoCYkYbMlDXYMF3YyRQLueQucjMDoE2oJPyEYYylCy6q1xoccM5p6+yr8=
X-Received: by 2002:ab0:e0b:: with SMTP id g11mr5946565uak.117.1597718556236; Mon, 17 Aug 2020 19:42:36 -0700 (PDT)
MIME-Version: 1.0
References: <CACsn0cm7PX-NzJBrA6RR_u=1c3PWjga8t+iccd3Am_VFsDWoKQ@mail.gmail.com>
In-Reply-To: <CACsn0cm7PX-NzJBrA6RR_u=1c3PWjga8t+iccd3Am_VFsDWoKQ@mail.gmail.com>
From: Steven Sommars <stevesommarsntp@gmail.com>
Date: Mon, 17 Aug 2020 21:42:24 -0500
Message-ID: <CAD4huA7FUfDQKB0nwXsK5o64G5YmwzS=d6EB7+yThHS7Z-Z-Ow@mail.gmail.com>
To: Watson Ladd <watsonbladd@gmail.com>
Cc: NTP WG <ntp@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000feddea05ad1dd61a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ntp/pwb6UerKqgSfKzjbEVdN62lIyZQ>
Subject: Re: [Ntp] Microbursts of NTP packets
X-BeenThere: ntp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <ntp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ntp>, <mailto:ntp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ntp/>
List-Post: <mailto:ntp@ietf.org>
List-Help: <mailto:ntp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ntp>, <mailto:ntp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 18 Aug 2020 02:42:44 -0000
These may be the same 10 second NTP request bursts seen by administrators of NTP pool servers; typically in the 1K to 20K Pkts/sec range, though we've seen higher. The bursts come from buggy FortiGate firewalls. FortiNet tells me that FortiOS version 6.2.5, scheduled for release at the end of this week, will correct the problem. There's no telling when the individual FortiGates will upgrade to that release. I can provide further details, if there is interest. Steve Sommars On Mon, Aug 17, 2020 at 8:20 PM Watson Ladd <watsonbladd@gmail.com> wrote: > Dear NTP WG, > > We're observing short bursts of high numbers of NTP queries at one > point of presence, exceeding the queue length of the listening ntp > socket, and leading to drops. The bursts are very short, so the > overall qps is nothing special. I'm quite mystified as to what the > possible causes could be. > > This is unfortunately leading to packet drops. If any operators have > seen this, their input on possible causes and solutions is welcome. > > Sincerely, > Watson Ladd > > _______________________________________________ > ntp mailing list > ntp@ietf.org > https://www.ietf.org/mailman/listinfo/ntp >
- [Ntp] Microbursts of NTP packets Watson Ladd
- Re: [Ntp] Microbursts of NTP packets Steven Sommars
- Re: [Ntp] Microbursts of NTP packets Ask Bjørn Hansen
- Re: [Ntp] Microbursts of NTP packets Hal Murray
- [Ntp] Antw: [EXT] Microbursts of NTP packets Ulrich Windl
- Re: [Ntp] Antw: [EXT] Microbursts of NTP packets Steven Sommars