Feature #10323
closedAllow limiting NTP pool server usage count
100%
Description
Summary: pfSense default NTP configuration using NTP Pool servers appears to result in polling of an excessive number of peers.
Steps to reproduce:
1. Install pfSense
2. Configure WAN & LAN interface
3. During installation, enter in any valid NTP Pool target (e.g. 0.au.pool.ntp.org)
4. Upon restarting pfSense and waiting ~5 minutes - observe number of NTP peers is 10 (including 1 placeholder entry)
Commentary: Based on https://www.pool.ntp.org/en/use.html it appears that the resulting pfSense NTP peer count exceeds the recommendations of NTP Pool maintainers:
Be friendly. Many servers are provided by volunteers, and almost all time servers are really file or mail or webservers which just happen to also run ntp. So don't use more than four time servers in your configuration, and don't play tricks with burst or minpoll - all you will gain is extra load on the volunteer time servers.
This behaviour appears to have originated upstream in NTP base with the ntpd.conf pool directive. The behaviour was subsequently introduced to pfSense in 2.4 release - which introduced specific support for ntpd.conf pool directive - https://redmine.pfsense.org/issues/5985
Possible solution: Based on https://docs.ntpsec.org/latest/discover.html it is possible to set upper limit on pool peers with ntpd.conf tos directive:
Example tos minclock 3 maxclock 4
Ideally maxclock would be a configurable knob...
Files