I’m in the US and I see a significant amount of my NTP traffic (about 40% of packets) coming from China… Which I have to scratch my head at too, you would think any Chinese overflow would be queried from the other Asia servers or even limited to the European Pool because of their proximity (lower latency & jitter) and # of physical pool servers.
Every few days too I will see a crazy spike in traffic, it will jump 4x or 5x normal levels briefly. I haven’t checked IPs as I don’t log that detailed normally but I have a strong hunch it comes from China. It’s not merely the same IPs querying faster, it’s different IPs (because I rate-limit queries per-ip).
For a country with almost 1.4 billion people, I know those few NTP Pool servers in the China zone get hit pretty hard (there is a recent thread with graphs and stats). I know there are a number of people active on the message boards with servers in Singapore, I wonder how much traffic those servers see in comparison, and if the bulk of their traffic is from China.
Another unknown factor is the bandwidth settings for pool servers, the only public info we see is the # of servers, but we don’t know if their average bandwidth is 1Mb or 500Mb… I think it would be interesting to see either cumulative bandwidth or even just average bandwidth per-zone.
When I was asking about port related peculiarities on the NTP list, Steven Sommars posted this link to a paper: https://tf.nist.gov/general/pdf/2818.pdf where they logged traffic from a couple NIST NTP servers for a month and analyzed it in all sorts of ways. A few pages in there is a heat map broken down by regional registry ownership which is interesting, I only wish they had a table of numbers.