We recently changed our edge router to the internet from a CISCO to an EXTREME S-Series. Which is flow-based. Now the sheer amount of flows is bogging the router down - which is why we’re trying to reduce the total number of flows.
Currently we’re forwarding DNS requests to 8.8.8.8 instead of doing recursion ourselves and in a next step we’'re turning off our public NTP server (just to test things).
We also have an S-Series, and it melted under the load of public NTP. http://lists.ntp.org/pipermail/pool/2016-December/007995.html has more details, but the money quote is “Apparently it has a limit of 512k flows over 120 seconds, which works out to be 4266 flows/second.” See also these KB articles: https://gtacknowledge.extremenetworks.com/articles/Solution/High-switch-packet-processing-CPU-use-on-N-Series-and-S-series https://gtacknowledge.extremenetworks.com/articles/Q_A/How-many-flows-are-supported-on-the-S-series-product-line/
In the end I reconfigured my network so traffic to the NTP server never touched the S-Series.