Best practice for NTP source?

S

sjjh

New Member
Mar 17, 2023
11
1
3
I'm setting up a small PVE cluster, which should also contain a VM with a OPNsense firewall. The OPNsense-VM will provide among e.g., DHCP, also NTP to the clients of the network. Now I'm wondering what is best practice to set-up NTP on the proxmox nodes: Should the NTP server be the OPNsense-VM, like (like for other devices on the network), or should I use a public NTP server (e.g. from the debian pool)?
The OPNsese-VM itself is fetching the NTP data from a public NTP server.

Welcoming any advice!
Simon
 
Any cyclic dependency can lead to unpredictable issues down the road. OPsense depends on Proxmox to function, Proxmox depends on Opsense. Granted NTP may not be critical (except some cases).
If Proxmox can access outbound internet without relying on OPsense, then why not go directly to the source?

Blockbridge : Ultra low latency all-NVME shared storage for Proxmox - https://www.blockbridge.com/proxmox
 
  • Like
Reactions: spirit and sjjh
Thanks for thee fast reply.
Any cyclic dependency can lead to unpredictable issues down the road
Click to expand...
I had the same thought. This is, why I e.g., used static IP addresses defined on the nodes and not fixed addresses provided via DHCP (running on the OPNsense).
If Proxmox can access outbound internet without relying on OPsense
Click to expand...
Probably not. But still, functioning NTP on OPNsense is probably not needed for Proxmox to access the internet.
then why not go directly to the source?
Click to expand...
To lower the load on the public available NTP servers by using OPNsense as proxy, was my thought.
 
  • Like
Reactions: Kingneutron
I use pfSense but same difference and have all of my Proxmox hosts and VMs using pfSense for the NTP source of truth. I have pfSense going out to the internet to the an NTP time and while my pfSense is a VM within my cluster having 7 nodes running in a HCI setup I haven't had any issues other than some complaints of time being out of sync for Ceph when it's a cold start of the cluster.
 
  • Like
Reactions: Kingneutron and sjjh
I use pfSense but same difference and have all of my Proxmox hosts and VMs using pfSense for the NTP source of truth.
Click to expand...
If I may ask, what was the reason for this setup, why didn't you use a source directly from the internet?
 
I wanted all devices on my network to use the same time, this way only 1 device is going to the internet to get the time and the rest are getting it from that device. Eventually I would like to move to a raspberry pi or simular device thar can provide time through GPS but it will still probably provide it to pfSense for ever other device to get the time from pfsense still.

Because my firewall is virtual and on a HA setup the only single point of failure atm is my main switch but I will moving to a dual main switch at some point I already have redundancy in my internet connection.
 
  • Like
Reactions: Kingneutron and sjjh
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back