Re: [chrony-users] Pros and Cons of acquisitionport directive |
[ Thread Index |
Date Index
| More chrony.tuxfamily.org/chrony-users Archives
]
- To: chrony-users@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [chrony-users] Pros and Cons of acquisitionport directive
- From: Bryan Christianson <bryan@xxxxxxxxxxxxx>
- Date: Wed, 10 Aug 2016 23:45:30 +1200
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=smtpcorp.com; s=a0-2; h=Feedback-ID:X-Smtpcorp-Track:To:Message-Id:Date: From:Subject; bh=hJJPf7lCyb1psCrhUiGQ8ny2pVrXl6OTLP2GI98oKis=; b=uLVwXLv8ncE8 FqiXnFckLd0Ay1fbjMfbCrMl3EQZsxjk7BUBb6/L4lEboQ4t24H3NZblSN266du5J9mdzqSFiMk+l d+T/87HqkQnjnjcv6Axsy3ZV3CUTPow2wOCbaLgJa9aLhe2fgF5lAKFXytuRNLWH6lyI2CTDeIXsL bNrpC8vPi5CSf0kgVVEZYAlCEjAsgQj5mMeOMWBxsM7/ezyPr8FF9fyx8PFn3zRUfe59ARl4lDHPi J7LK52EQml9fXI/Fu4XgqKFBlzCK6LINcO8X99b6m4kcM4B99oF3cqqZpFFg9xXtFzqoBpiKbGbEK OT+IzIs5xqX0aTETvrtwQQ==;
- Feedback-id: 149811m:149811acx33YQ:149811s6b_CXhIAC:SMTPCORP
> On 10/08/2016, at 10:27 PM, Miroslav Lichvar <mlichvar@xxxxxxxxxx> wrote:
>
> On Wed, Aug 10, 2016 at 08:04:20PM +1200, Bryan Christianson wrote:
>> I have been observing chronyd with a profiler (Apple Instruments - gui to dtrace) and noticed that open/close operations on the client sockets was responsible for 80% of the time used. It seems to take the kernel a while to cleanup a socket on close.
>>
>> I have specified acquisitionport in the config and resource use is significantly better.
>
> How much is that as a percentage of CPU time
With acquisitionport: 0.42s in 1800s => 0.02% CPU
Without acquisitionport: 0.51s in 600s => 0.08% CPU
i.e. about factor of 4 difference in cpu usage.
My usage is probably extreme and not optimal - 5 servers (all on the lan) each being polled every 16 seconds. This is a useful configuration for testing chrony and ChronyControl.
>
>> What are the disadvantages of using a non-random port? Security is my first guess (i.e. I have opened up a listening port for use as an attack surface) but are there any other disadvantages?
>
> I think it's just security.
>
Thanks for the detailed explanation.
Since the Mac on my lan is not internet facing, security is not an issue.
For the majority of users the poll rates won’t be as high as what I have and the open/close overhead will be lower.
I guess mostly I was surprised to see how expensive it is to close then reopen a socket on the darwin kernel.
Bryan Christianson
bryan@xxxxxxxxxxxxx
--
To unsubscribe email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "unsubscribe" in the subject.
For help email chrony-users-request@xxxxxxxxxxxxxxxxxxxx
with "help" in the subject.
Trouble? Email listmaster@xxxxxxxxxxxxxxxxxxxx.