NTP is an application-layer protocol that controls the synchronization of various devices over the internet to within a few milliseconds of Coordinated Universal Time (UTC). NTP is hierarchical, with servers organized into different strata. At stratum 0 are high-precision time devices such as atomic clocks. At stratum 1 are computers that are synchronized within a few microseconds to their directly connected stratum 0 devices. At stratum 2 are computers that are directly connected to stratum 1 computers, and so on. Synchronization is achieved by adjusting the system time based on an offset. The offset is calculated by taking an average of the differences of the timestamps on request and response packets between the client and the server. The clock frequency is then adjusted to reduce the offset gradually, and the newly adjusted clock provides timestamps for the next request and response packets, creating a feedback loop known as clock discipline.

The purpose of the Network Time Protocol (NTP) is to control the synchronization of internet-connected devices to UTC. If it is functioning properly, devices will be synchronized to within a few milliseconds of UTC. NTP is an application-level protocol. NTP is a hierarchical system with different strata of NTP servers. The highest strata (stratum 0) consists of high-precision devices. Stratum 1 devices should be synchronized within microseconds of stratum 0 devices. Stratum 2 devices are directly connected to stratum 1 devices. This continues through successively lower levels, with each level slightly less precise than the others. As you might have guessed, any time data is requested, it must take into account the fact that responses are not instantaneous; there is a latency that must be taken into account.

Therefore, there is a synchronization process that applies an offset to the system time. The offset is calculated by making a series of requests to the NTP server. The average of the differences of the timestamps between request and response packets becomes the offset. The clock frequency is adjusted gradually to rescue this offset. Then the process is repeated, with the newly adjusted clock providing a set of timestamps to calculate the new offset. This creates a feedback loop that is known as clock discipline.

NTP is often overlooked, mainly because it does its job and in pfSense, it requires minimal configuration. You may recall that in the Setup Wizard, you were asked to specify a time server, but a default time server was provided. Many users will give no further thought to NTP configuration. You may, however, have reason to deviate from the default settings:

• Your pfSense system may be involved in validating certificates as part of a PKI infrastructure, in which case time synchronization is essential.
• You may be running pfSense on an embedded system that does not have a battery to preserve the time and date settings.
• Even if you don't fall into either of these categories, maintaining the proper time is still important, since it determines the timestamp on logs.

pfSense's NTP service provides synchronization via a conventional NTP server, as well as from Global Positioning System (GPS) devices and Pulse Per Second (PPS) devices. We will cover all of these methods in the next section.