Adding an NTP Server - Newbie questions

Dave · 2019-02-28 14:47:10 UTC

I find myself with a spare LeoNTP Networked Time NTP Server, and after using the pool service for many years thought it might be appropriate to ‘put something back into the community’.

I also have two ‘spare’ Internet routes, a VDSL service and an FTTP service, both with static IPs.

The VDSL achieves 25000kbps/1225kbps and the FTTP can be scalable to anything up to 350000kbps/50000kbps.

Preference is to use the VDSL service, but I wanted to check:

a) whether there is a need any more servers located in the UK?

b) would the VDSL service (described above) actually have sufficient overheads to make the contribution worthwhile, or should I rule that out as not compatible / useful for the NTP pool?

c) is there any way of controlling the inbound request bandwidth, so that the connection doesn’t become saturated?

Also apart from setting an appropriate DNS A record for the IP of the Server, is there anything else that needs to be considered for the LeoNTP – or rather it’s connection? E.g. reverse DNS, flow control, etc.?

Many thanks in advance if anyone is able to assist me as a ‘Newbie’…….if these questions appear very basic – apologies, and I appreciate the time taken to point me in the right / safe direction.

Dave

littlejason99 · 2019-02-28 18:04:38 UTC

Is the VDSL being used for other things? How much actual bandwidth are you wanting to dedicate to NTP? A NTP packet is 48 bytes (but figure closer to 90 bytes total for the ethernet frame to be conservative). From there you can figure how many “queries per second” you want to handle, then through monitoring your NTP server you can adjust the bandwidth settings on the NTP Pool website accordingly.

One Megabit of bandwidth should be able to support about 1,400 queries per second.

To answer your questions:

A - There is always a need for more servers as more devices are coming online worldwide.
B - Yes even the VDSL server would be helpful as long as the IP is static.
C - Yes, on the NTP Pool website you can configure a “bandwidth” setting which controls how often your IP shows up in the DNS rotation. I’ve found that after adjusting up / down on the website the actual usage seems to change pretty quick (well within an hour it will settle into the new level).

The pool doesn’t really need any sort of DNS record for your IP, you can use just the IP on the website as that is what any NTP client will use anyways.

One thing to pay attention to is your router hardware. All the NTP clients making requests can fill up a firewall’s connection tracking table if not configured properly. Since UDP is connectionless it’s easiest just to exclude inbound to 123 from being tracked (if possible). Some residential routers have settings like “UDP Session Control” and “UDP Session Timeout” that might require tweaking.

Dave · 2019-03-02 14:48:38 UTC

Thank you very much indeed for the detailed response - perfect.

Neither the VDSL or FTTP are being used for anything so the full bandwidth is free.

Thank you also for the tracking table ‘heads-up’. That’s something I wouldn’t have thought of, but makes so much sense and can easily be addressed (the SA/Router for this project will be dedicated to the traffic alone) – a great bit of advice and thank you.

I am guessing that as well as being able to select the bandwidth, you can select regions you want to participate in – correct? I guess I am going to find out anyway….

I’ll set it all up this weekend and go live next week. Looking forward to ‘putting something back’ into the community.

Once again many, many thanks.

Dave.

alica · 2019-03-02 14:58:11 UTC

The management system will auto select region/zone for you, based on your ip address whois info. Other edit request (whois info not related to physical location, opt-in to serve other zones, etc) shall be mailed to admins’ email address shown in the management page.

Dave · 2019-03-04 17:34:21 UTC

Thank you for this information - really helpful.

Hardware is ready, just finalising profiling of the WAN connection, and then I will go live.

Thank you both for helping out with simple basic questions, and I look forward to contributing to the community.

All the best,

Dave.

erayd · 2019-03-13 10:35:27 UTC

Since UDP is connectionless it’s easiest just to exclude inbound to 123 from being tracked (if possible).

Not just inbound - it’s important to make such a rule for the outbound packets also. Otherwise, the inbound traffic will be ignored for conntrack as per your original rule, and then the router will think that the outbound reply is actually a new connection and will start tracking when it sees that instead. The timeouts can be a bit different in this situation, because it looks like a non-replied connection rather than a reply-seen one (so it’ll usually drop out of the table faster), but it can still be something of a resource hog on the router if you’re seeing significant volumes of NTP traffic.

Also, avoid NAT if at all possible - most forms of NAT require connection tracking in order to work properly.

Dave · 2019-03-18 09:37:43 UTC

Thank you for these further tips and guidance - very much appreciated, with great thought and insight.

All is working as planned at the moment; gradually ramping up the operation - currently around 3 million requests served a day with peaks at 2K/s and all stable.

With all the good help here, I am confident to increase further.

Once again, many thanks and all the best.

Dave.