I am tasked with configuring a Firewall for a Vodafone Phone System. I noticed, that for time, Vodafone is simply using the Pool, without Vendorzone, by simply CNAMEing to the DE Pool.
Does anyone have a proper Contact at Vodafone, to get
them to register a Vendorzone or use internal NTP Servers?
a. Feel free to contact me on (technical) matters of NTP Vodafone Germany. We have a project ongoing to create our own infrastructure in order to migrate that away. Unfortunately in large companies, that proceeds on a glacial speed. Servers are already bought and in place, the rest is still being worked on. We hope to complete the project within this calendar year.
b. In order to compensate this interim use you noted (and to learn about high load NTP) we (VF Engineering) have been running 2 server in the pool, for several years now, one of which with very high load. We currently serve a sustained load of 5-10k pool queries per second, with frequent micro-peaks jumping up into the 70k range.
Glad your company is doing that. But just to provide additional perspective, that’s not a lot of load, nor probably proportional compensation. I’m just an individual running a couple of Linode VMs (that I use for other things in addition to NTP) for $30/month handling the same load as your company’s servers. I would expect a big company deploying a lot of devices configured to use the pool should be contributing back to the pool a lot more than that. But it’s better than nothing, and I know how difficult these things are to accomplish in big corporations.
that’s not a lot of load, nor probably proportional compensation.
Well, we contribute substantially more capacity than our devices consume.
Given what I know about how many devices we have out there and how they work, I am quite confident that were I to redirect all our boxes to those servers and in turn unlink those servers from the pool, I would see something like a tenth of the load I see now. To me, that seems to qualify as “full compensation”.
Furthermore, on a side note, what you see on that graphic is the result of a server set to “Net Speed 2 Mbit” in the pool admin GUI. That can not even be set in the GUI, I needed Ask’s manual intervention to get that configured when we set that server up a few years ago. I’m a bit mystified how you would claim to get substantial higher load using standard settings and can dismiss ours as “not a lot of load”.
The (public) servers I setup with my company serve the CN pool. They receive an average traffic of ~80Mbits/s from millions of hosts. However, ou clients (if they’d ask time to the public pool) would use way less traffic. Yet we still serve the pool happily.
Everybody contributes with what they can; IMHO no need to throw the blame on anybody
Ah … so, different pool w less resources overall produces more load per server. How do you deal with such sustained loads? 80 Mbits should be something like 100k qps. Is that doable with a modern ntpd?
We use chrony instead of ntpd, so can’t really help you there. I found that most of the work went into tweaking iptables/netfilter rules in order to not overload the conntrack tables (and thus drop UDP packets).
Compute wise, the servers (Xeon 4116) are living a good life (load ~1).
I have some sympathy with this. In September 2018 I put in a request for a new vendorzone for my employer. I’ve followed up a few times and hear precisely nothing. We still don’t have a vendor zone. I expect Vodafone are similarly frustrated.
I would really like to get our vendorzone registered so treat this as yet another attempt to get it sorted out.
Best I can tell ntppool has stopped adding new vendor zones as of mid 2018 as one company I worked with received a vendor zone in March 2018 but another request for a different company I also worked with for a vendor zone a few months later was entirely ignored(they ended up just using the default zones in their product/firmware).
