Project

General

Profile

Feature #10323

Allow limiting NTP pool server usage count

Added by David Burns 8 months ago. Updated 7 months ago.

Status:
Resolved
Priority:
Normal
Category:
NTPD
Target version:
Start date:
03/09/2020
Due date:
% Done:

100%

Estimated time:

Description

Summary: pfSense default NTP configuration using NTP Pool servers appears to result in polling of an excessive number of peers.

Steps to reproduce:
1. Install pfSense
2. Configure WAN & LAN interface
3. During installation, enter in any valid NTP Pool target (e.g. 0.au.pool.ntp.org)
4. Upon restarting pfSense and waiting ~5 minutes - observe number of NTP peers is 10 (including 1 placeholder entry)

Commentary: Based on https://www.pool.ntp.org/en/use.html it appears that the resulting pfSense NTP peer count exceeds the recommendations of NTP Pool maintainers:
Be friendly. Many servers are provided by volunteers, and almost all time servers are really file or mail or webservers which just happen to also run ntp. So don't use more than four time servers in your configuration, and don't play tricks with burst or minpoll - all you will gain is extra load on the volunteer time servers.

This behaviour appears to have originated upstream in NTP base with the ntpd.conf pool directive. The behaviour was subsequently introduced to pfSense in 2.4 release - which introduced specific support for ntpd.conf pool directive - https://redmine.pfsense.org/issues/5985

Possible solution: Based on https://docs.ntpsec.org/latest/discover.html it is possible to set upper limit on pool peers with ntpd.conf tos directive:
Example tos minclock 3 maxclock 4

Ideally maxclock would be a configurable knob...

Immagine4.jpg (105 KB) Immagine4.jpg Manuel Piovan, 03/09/2020 04:33 PM

Associated revisions

Revision 38fcf2c5 (diff)
Added by Manuel Piovan 8 months ago

Feature #10323

added knob for max peers min 3 max 10

Revision 91cbc62d (diff)
Added by Manuel Piovan 8 months ago

Feature #10323

Add min-max ntp peers default 4

Revision bfcf5d7c (diff)
Added by Viktor Gurov 7 months ago

NTP maxpeers default value fix. Issue #10323

History

#1 Updated by Jim Pingle 8 months ago

  • Tracker changed from Bug to Feature
  • Subject changed from NTP pool peer count excessive to Allow limiting NTP pool server usage count
  • Affected Version deleted (2.4.4-p3)
  • Affected Architecture deleted (All)

I agree, it would be best to allow the user to configure that value rather than limiting it unilaterally.

#3 Updated by David Burns 8 months ago

Thanks!

Unfortunately I note a small spelling error (Maximun instead of maximum). Also the tos maxclock directive sets the upper limit for candidate peers and not an absolute limit - so technically accurate support text should be something like Maximum candidate NTP peers

#4 Updated by Manuel Piovan 8 months ago

Thanks for checking and for the feedback!
corrected

#5 Updated by Jim Pingle 8 months ago

  • Status changed from New to Pull Request Review

#6 Updated by Renato Botelho 7 months ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • Target version set to 2.5.0
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#7 Updated by Viktor Gurov 7 months ago

It always require to fill the 'Max Pool Peers' field,

Fix allowing to use empty(default value) 'Max Pool Peers' field:
https://github.com/pfsense/pfsense/pull/4245

#8 Updated by Jim Pingle 7 months ago

  • Status changed from Feedback to Pull Request Review

#9 Updated by Renato Botelho 7 months ago

  • Status changed from Pull Request Review to Feedback

PR has been merged. Thanks!

#10 Updated by Viktor Gurov 7 months ago

  • Status changed from Feedback to Resolved

works fine on 2.5.0.a.20200404.2224

Also available in: Atom PDF