Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Proxmox ntp or Qemu time synchronisation

    Scheduled Pinned Locked Moved
    Virtualization
    proxmox ntp virtualization
    1
    3
    4.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      Patch
      last edited by Patch

      What is the best practice for maintaining time of day accuracy for pfsense hosted on Proxmox?

      In particular

      • Should ntpd be used or can Qemu be used?

      • If ntpd is used by the pfsense virtual machine, can clients interfaces and the real time hardware clock 11 minute update be readily disable?

      • I assume this control is not available via the pfsense GUI, but I have also not been able to find where pfsense stores the relevant config files

      PS
      Sorry this post is split and all links were shown explicitly with a space breaking the base domain name to avoid the post being flagged as spam

      P 1 Reply Last reply Reply Quote 0
      • P
        Patch @Patch
        last edited by

        In more detail
        As far as I can determine it is advisable to run a sites ntp server directly on hardware (not virtualized). I believe the reason is a virtual computer may not actually be running when a real time interrupt is received. In the past real time was maintained by counting 100Hz interrupts. Since early 2000's tickless time keeping has been used however a virtual process has a higher jitter (timer interrupt delay variability) than a physical processes.

        Proxmox
        Runs on the physical computer so is better suited to being a sites time server. Very accurate real time synchronization is required between Proxmox hosts to ensure cluster function. They recommend a site have a local time server running on a physical host. Other members of the cluster all use this local host as the preferred reference time. To achieve the required time accuracy they no longer used ntpd. Instead:

        • chrony daemon (chronyd) is used which uses several techniques to model crystal behavior and adaptively correct for it.

        • Configured via /etc/chrony Parameters described here

        • ||chronyc|| is command-line interface for chronyd. Useful monitoring commands include: tracking, sources, clients

        • ||hwclock|| give time of day 1 microsecond resolution

        So in a home lab, the Proxmox server is probably a better ntp server host than the pfsense virtual machine.

        P 1 Reply Last reply Reply Quote 0
        • P
          Patch @Patch
          last edited by

          Proxmox with a FreeBSD guest
          Proxmox recommends using ntpd daemon in a FreeBSD client to maintain client real time synchronization. See pve.proxmox. com/wiki/FreeBSD_Guest_Notes and forum.proxmox. com/threads/time-drift-in-windows-7-guest.41268/#post-198848

          • Real time is set in the guest when it first starts. After which the guest clock drifts with the hosts processor crystal.

          • ntpd is the ntp daemon. See www.freebsd. org/cgi/man.cgi?query=ntpd&apropos=0&sektion=8&manpath=FreeBSD+12.2-stable&arch=default&format=html

          • Configured via /etc/ntp.conf

          • Command line interface ntpq See www.freebsd. org/cgi/man.cgi?query=ntpq&sektion=8&apropos=0&manpath=FreeBSD+12.2-RELEASE+and+Ports

          • 11 minute hardware real time clock update can be enable by adding the line "SYNC_HWCLOCK=yes" to /etc/sysconfig/ntpdate

          • date gives time of day to 1 second resolution

          Qemu guest agent
          I think qemu can also sync time between the guest and Porxmox host.

          • Doing so is suggested github. com/aborche/qemu-guest-agent/blob/master/supported_command_reference.md

          • Other virtualization systems such as vmware have time synchronization between host and guest via the agent

          Time synchronization should be done via only one system otherwise interaction between them decreases time system accuracy. Which mean if an agent and ntpd is used then there would need to be a way of disabling time synchronization via the agent. I'm not sure how to do this.

          pfsense guest on Proxmox host
          Given it is probably best to run ntp (chrony) on Proxmox then synch time in pfsense to the Proxmox host via ntpd over the LAN interface. Ideally I would like to do the following but not sure how to acheive that in pfsense

          • Enable ntpd on pfsense but not listening to clients on any interface. Selecting no interfaces in the GUI does the reverse.

          • Disable hardware real time clock update by pfsense. This is done every 11 minutes by chronyd on the Proxmox host. In pfsense the directory structure is different, so I can't goto to /etc/sysconfig/ntpdate and set SYNC_HWCLOCK=no

          1 Reply Last reply Reply Quote 0
          • First post
            Last post