Spikes in traffic the past couple days?

My server usually has about 200 packets/sec traffic (50Mb/US setting), and I see the occasional spike to around 400-500 which is no big deal. However, day before yesterday there was a pretty significant, but short, jump to 1.4k/ps, and last night a spike to over 1k/ps that lasted about 20min+…

Times in the graph are US/CDT.

Those spikes will fill up my conntrack table and the server will start dropping packets…

My 2nd pool server I don’t have graphs like this, but did notice a huge drop in its score around the same time so that is a distinct possibility it was hit too.

Anyone else with pool servers seen these lately?

Regarding conntrack table – I would highly recommend NOT doing connection tracking for NTP traffic. I have this in my custom firewall script:

/sbin/iptables -t raw -A PREROUTING -p udp --dport 123 -j CT --notrack
/sbin/ip6tables -t raw -A PREROUTING -p udp --dport 123 -j CT --notrack
/sbin/iptables -t raw -A OUTPUT -p udp --sport 123 -j CT --notrack
/sbin/ip6tables -t raw -A OUTPUT -p udp --sport 123 -j CT --notrack

Not doing connection tracking does not prevent you from filtering the NTP traffic in some other way, if you prefer.

Thanks for the tip! I’ll see if I can’t get that worked into my firewall today.

Another odd spike went up to 650/ps at about 1:10am central. No messages about dropped packets so I think that fixed it! Thanks again.