Ntp sync / reliability
-
I am running pfsense 2.0.1 (great work btw!) with great success. One thing I have noticed (this also applies to 2.0 which I was running previous to yesterdays upgrade) is that the ntp seems to not stay in sync all the time. I have several managed switches on the network which have their SNTP settings pointed at the pfsense box (running the OpenNTPD service available to my network at 192.168.1.1:123). They can all synchronize with the pfsense box which is great however at random times the pfsense is not able to provide service due to the following:
192.168.1.1: Server dropped: Leap not in sync
server 192.168.1.1, port 123
stratum 5, precision -28, leap 11, trust 000
…
20 Dec 22:39:21 ntpdate[3576]: no server suitable for synchronization foundBased on the numbers (failures & successes) over a 24-hour period the pfsense box is not in sync approximately 10% of the time. I have no other benchmark to compare with so I set one of my managed switches to point to one of the NIST IP's located here: http://tf.nist.gov/tf-cgi/servers.cgi. When I used one of these servers I had no sync issues over a 24-hour period and the switch was able to obtain time 100% of the period. My pfsense box (ntpd.conf) is currently pointed to 0.us.pool.ntp.org.
One thing I have observed is that if I make any changes to my pfsense box, e.g. ranging from changing the GUI theme to starting / stopping a service, the NTP service appears to be "reset" and requires an hour or so to get in sync. However once the server is in sync it randomly loses this leap sync.
I was curious what experience other folks have on this matter. Yes, for the most part the time is correct 90% of the time and lags slightly when the server is not in sync so certainly not a showstopper.
I would say that the overall goal is to simply have one machine (pfsense box) obtain time and serve it out to the entire local network.
-
you might try changing the upstream NTP server(s) to one(s) specifically closer to you in the ntp.org pool. They have lists for people all over the world, finding one closer to you may improve its accuracy and ability to stay in sync.
