Hi and welcome to the pool.
May I ask where in the world your server was running? The traffic patterns across the world are significantly different so that some locations are very difficult to serve so your server gets flooded as you have seen.
A few months ago I setup a server in Manila. It lasted a few days, if that. Below is the eth traffic from that server.
The first down spike of traffic was with no rate limit at all. The number of requests was more than the amount of traffic a chrony instance can handle (about 30 ~ 40 Mb/sec from my experience) the monitors could not get a response from the server so removed it from the pool. They did their job correctly.
I then added some rate limiting - Now people have different thoughts about that so feel free to start a new thread and I am happy to discuss. The rate limiting was 8 requests per second from an ip address and port combination - srcIp:srcPort. I then again set the connection speed to 512K. The second spike in requests flooded the whole instance. From the look of things there was some networking limit of 100Mb/sec. The incoming requests flooded the link, monitors could not get a response so correctly removed the server from the pool. It has not been put back in the pool as I, so far, have not come up with a way to add it without the server being flooded. Happy to hear ideas from people.
What I saw - There were a number of ip addresses that were sending up to/over 5000 requests per second all from the same ip and source port. People talk about CGNAT - There could have been a LOT of clients behind CGNAT but at 5000 per second how is the NAT going to send the requests back to the correct client. Interested to know.
It could have been a DDOS as some of the ip addresses were Starlink - no idea why people would want to disrupt that service.
What ever it was it meant that having an NTP server(VPS) in Manila was not going to work.
If I had setup a whitelist to avoid the flood as you seem to want to do then two things:
- Who would be on the whitelist? The monitors and who else. A client in Manila makes a request to the pool and asks the server provided by the pool dns system but they are blocked. The pool fails.
- In this location, even if there was a whitelist, if the servers ip address was given out then incoming requests would likely flood the server anyway to the point the monitors would remove it anyway.
Anyway happy to chat and see if we can get your server running in the pool.