Allow limiting NTP pool server usage count
Summary: pfSense default NTP configuration using NTP Pool servers appears to result in polling of an excessive number of peers.
Steps to reproduce:
1. Install pfSense
2. Configure WAN & LAN interface
3. During installation, enter in any valid NTP Pool target (e.g. 0.au.pool.ntp.org)
4. Upon restarting pfSense and waiting ~5 minutes - observe number of NTP peers is 10 (including 1 placeholder entry)
Commentary: Based on https://www.pool.ntp.org/en/use.html it appears that the resulting pfSense NTP peer count exceeds the recommendations of NTP Pool maintainers:
Be friendly. Many servers are provided by volunteers, and almost all time servers are really file or mail or webservers which just happen to also run ntp. So don't use more than four time servers in your configuration, and don't play tricks with burst or minpoll - all you will gain is extra load on the volunteer time servers.
This behaviour appears to have originated upstream in NTP base with the ntpd.conf pool directive. The behaviour was subsequently introduced to pfSense in 2.4 release - which introduced specific support for ntpd.conf pool directive - https://redmine.pfsense.org/issues/5985
Possible solution: Based on https://docs.ntpsec.org/latest/discover.html it is possible to set upper limit on pool peers with ntpd.conf tos directive:
tos minclock 3 maxclock 4
Ideally maxclock would be a configurable knob...
#1 Updated by Jim Pingle about 1 year ago
- Tracker changed from Bug to Feature
- Subject changed from NTP pool peer count excessive to Allow limiting NTP pool server usage count
- Affected Version deleted (
- Affected Architecture deleted (
I agree, it would be best to allow the user to configure that value rather than limiting it unilaterally.
#3 Updated by David Burns about 1 year ago
Unfortunately I note a small spelling error (Maximun instead of maximum). Also the
tos maxclock directive sets the upper limit for candidate peers and not an absolute limit - so technically accurate support text should be something like Maximum candidate NTP peers