Sysctl configuration for high performance NTP server

If the server has enough RAM, you may want to reduce the chance of swapping pages to disk. This is controlled by the vm.swappiness setting. A lower setting reduces the swapping activity. Default is afaik 60, My server uses a value of 20, but you can set lower values if you want to.

vm.swappiness = 20

Another important performance setting is in the firewall where you have to switch off connection tracking for NTP packets. Assuming your server uses iptables, add the following lines to your iptables rules to stop connection tracking in the *raw table:

*raw
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT     [0:0]
# Do not perform connection tracking for NTP traffic
-A PREROUTING -p udp --dport 123 -j NOTRACK
-A OUTPUT     -p udp --sport 123 -j NOTRACK
COMMIT

If you have a large firewall filter set in the *filter table, it is also worth putting an accept rule for all NTP packets early in your *filter rule set to reduce the amount of kernel time used to process NTP packets:

*filter
# Here only some really necessary rules
-A INPUT -p udp --dport 123 -j ACCEPT
-A OUTPUT -p udp --sport 123 -j ACCEPT
# Here your other firewall rules
COMMIT

Please note that these two rules open both incoming and outgoing NTP traffic which is needed to get the NTP response packets back to the client. Due to the NOTRACK rules in the *raw table the firewall effectively works stateless on NTP packets and therefore doesn’t know if an outgoing packet is a response to a client request.