Hi everyone,
We[1] are running some public NTP servers that are included in the NTP Pool[2]. In recent months we've had some issues with our servers being marked as unavailable by the monitoring host that tracks availability for the pool. The logs from the NTP pool website showed high packet loss.
However we could not see any issues on our side and pings from the looking glass closest to the monitoring host didn't show any packet loss at all.
After quite some debugging we realized that the packet loss only occurs for NTP packets via one of our transit providers, namely Liberty Global (AS6830). We queried their support, our theory being that they're trying to do some sort of DDoS protection for NTP reflection attacks. However they aren't aware of anything like this and also couldn't figure out why this is happening.
So I was wondering, has anyone else encountered this issue or something similar? We worked around the issues by routing the traffic around AS6830 but this still bothers me somehow.
Kind regards and see you soon at Swinog #35, Stefan