Sysctl configuration for high performance NTP server

Hi friends, i was thinking: is any recommended directives for sysctl.conf for a high performance NTP stratum 1 server? Also, is a good idea think in a preempt-rt with HZ=1000 kernel?

Best regards,


If the server has enough RAM, you may want to reduce the chance of swapping pages to disk. This is controlled by the vm.swappiness setting. A lower setting reduces the swapping activity. Default is afaik 60, My server uses a value of 20, but you can set lower values if you want to.

vm.swappiness = 20

Another important performance setting is in the firewall where you have to switch off connection tracking for NTP packets. Assuming your server uses iptables, add the following lines to your iptables rules to stop connection tracking in the *raw table:

:OUTPUT ACCEPT     [0:0]
# Do not perform connection tracking for NTP traffic
-A PREROUTING -p udp --dport 123 -j NOTRACK
-A OUTPUT     -p udp --sport 123 -j NOTRACK

If you have a large firewall filter set in the *filter table, it is also worth putting an accept rule for all NTP packets early in your *filter rule set to reduce the amount of kernel time used to process NTP packets:

# Here only some really necessary rules
-A INPUT -p udp --dport 123 -j ACCEPT
-A OUTPUT -p udp --sport 123 -j ACCEPT
# Here your other firewall rules

Please note that these two rules open both incoming and outgoing NTP traffic which is needed to get the NTP response packets back to the client. Due to the NOTRACK rules in the *raw table the firewall effectively works stateless on NTP packets and therefore doesn’t know if an outgoing packet is a response to a client request.

That is absolutely not what vm.swappiness does, although your assertion is a common misunderstanding. That setting controls the balance between reclaiming anonymous pages via swap, and reclaiming file-backed pages by discarding them, and has nothing much to do with controlling the system’s overall propensity to substitute disk I/O for memory. In both cases, if the system is low on memory, it’ll hit the disk, regardless of your vm.swappiness setting. As a general rule, unless you have very specific workload requirements that require tuning it, leave it alone.

See here for a good explanation of this setting:

Also, for an NTP server, swap is fairly irrelevant anyway. Even for a pool server, the working memory required by the NTP daemon should be fairly trivial, and it won’t exhibit a notable churn of idle pages.

I would hardly count a howtogeek post written five days ago as an authoritative source. According to Redhat [site admin: I removed the trailing ‘:’ from the link so it works]

Overall, increasing this value will make the system more inclined to utilize swap space, leaving more memory free for caches. Decreasing this value will make the system less inclined to swap, and may improve application responsiveness.

Your link goes nowhere. But if it’s the article I’m thinking of, it’s out of date (applies to RHEL 4 & 5), and the way that setting works has changed since then.

Yes, my linked source is recent. I’m not relying on it as authoritative; I’m referencing it for you because it’s a good overview of what this setting actually does, and does a good job of demolishing the common fallacy regarding what this tunable is actually for, including a look at the relevant kernel source code.

That will bring you nothing as it will hurt other services that need to be performed by the kernel.
It may give network-delays and that is not good for NTP either.

This will bring nothing either, as swappiness just controls the aggressiveness your system will fallback to swapping, this will not happen if memory is not running out.
However you can stop swapping with it, but that is a bad idea.
In any case, swapping will not happen regardless the setting if you have enough memory because the Linux Kernel will always prefer memory over the swapfile.
My system runs many things (home-hosting, mail, motion, websdr etc) and has just 8GB, it never swaps.

In short, there isn’t much you can do if your CPU is fast and your connection fast enough to handle everything.

What you can do is exchange NTP with Chrony as Chrony is far better and faster.
Also is has a lot more information options to know what it’s actually doing.

1 Like