Bes Clients are switching back to Main Server from Relay

Anton 2018-09-13 15:03:52 UTC #1

Hi All.

LEGEND:

I have a network of ~1500 (450 relays and 1000 clients) computers. Due to specific physical location we created ~450 BigFix Relays. All of them have 2-3 assigned clients (1 Relay + 2-3 client are physically in one place). But the Main Server is on opposite side of the planet. When we are downloading big size files to 1500 clients… Our cross country channel goes off… because 450 relays simultaneously trying to download file from Main Server and it works as torrent. It takes all possible band wight that is available. (Download Throttling is not an option, we need that speed).

We decided to create 1 extra Top Lever Relay located in the same network as our 450 Relays. So the file can be downloaded once from Main Server to Top level Relay and when it can be spread to 450 Relays without any limitation using local network.

So now our architecture should look like:
1 Main Server --> 1 Top Level Relay --> 450 Relays --> 2-3 clients per one Relay.

Relays are using Main Server as a relay for them. We created “task” to assign Relays to Top Lever Relay.
Here the text:

setting "__RelaySelect_Automatic"="0" on "{now}" for client
setting "__RelayServer1"="http://relayname:52311/bfmirror/downloads/" on "{now}" for client

ISSUE:

Only 50-100 Relays are switched to Top Lever Relay.
More over some of them are automatically switching back to Main Server. Every morning i see only 50 Relays using Top Lever Relal as a Relay. By the end of day the amount is up to 100. But the next morning again only 50.

All of the 450 Relays have needed “__RelayServer1” setting in registry but the traffic still goes strict to Main Server passing by Top Level Relay.

Help please.

JonL 2018-09-13 16:07:34 UTC #2

First, I’d suggest at least two top level relays. If one has a hiccup for any reason, your second tier relays would bog down your root server in your current configuration.

Then I’d recommend creating a relay affiliation strategy for your top and 2nd tier relays. Finally, implement an affiliation seek strategy for your clients to leverage the relay affiliation groups that you’re advertising.

For a simple example, on the top relay side set:

setting "_BESRelay_Register_Affiliation_AdvertisementList"="[Top Relay group name];*" on "{now}" for client
setting "_BESRelay_Selection_AutoSelectableRelay"="1" on "{now}" for client

2nd tier relay set:

setting "_BESRelay_Register_Affiliation_AdvertisementList"="[2nd Relay group name (hint: use relevance substitution to make this variable by location business group etc)];*" on "{now}" for client
setting "_BESRelay_Selection_AutoSelectableRelay"="1" on "{now}" for client

For Clients set:

setting "_BESClient_Register_Affiliation_SeekList"="[2nd Relay group name (hint: use relevance substitution to make this variable by location business group etc)];[Top Relay group name];[optional failover relay name];*" on "{now}" for client
setting "__RelaySelect_Automatic"="1" on "{now}" for client

To make it more sophisticated, create a policy action that sets client affiliation seek groups by subnet. In this way, a laptop, for example, can use the local relay regardless which company location it happens to be at.

Then if you occasionally see clients drift to relays to which they are not normally affiliated, that is the clue that there was some communication and/or relay issue which prevented the preferred relay from servicing their request. When the communication or relay issue is resolved, simple run ‘relay select’ to push the clients back to their properly affiliated relay or simply wait for the clients to do this naturally over time.

JasonWalker 2018-09-13 21:00:45 UTC #3

All great suggestions. I’d also add configuring the FailoverRelayList option on your bottom-level relays pointing them to the top-level relay, so they will attempt registering to it even if ICMP/Ping is not available (by default a relay will only be “selected” if it responds to Ping, which is likely going to be blocked on an Internet connection), and I’d configure the lower-level relays to process Internet downloads directly.

Referencing https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli+Endpoint+Manager/page/Configuration+Settings what I mean are

_BESClient_RelaySelect_FailoverRelayList
and
_BESGather_Download_CheckParentFlag
and
_BESGather_Download_CheckInternetFlag

(though I’m honestly not sure why both of the last two exist, there may be some interaction between the two of them that I haven’t investigated.)

Anton 2018-09-26 13:39:57 UTC #4

Thanks to all who replies!

The problem is solved in very casual way…)
We just added IP and DNS of TOP Level Relay to “hosts” file.

jgstew 2018-09-26 21:13:59 UTC #5

I generally wouldn’t recommend that as a long term solution.

One of the most important things to do if using auto relay selection is to set the Root Server as NOT auto-selectable:

setting "_BESRelay_Selection_AutoSelectableRelay"="0" on "{now}" for client

DerrickD 2023-05-08 18:10:33 UTC #6

While working on retirement of some relays, and wanting to get some clients off my master and DSA server, I found this thread on “_BESRelay_Selection_AutoSelectableRelay”.

“_BESRelay_Selection_AutoSelectableRelay” only applies to a Relay, it does not work for the Master or DSA.

KB Article: https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0022489

“Use: Determines whether a relay is available for auto-selection. Ignored if set on a BES Server.”

The article seems to suggest it applies to a DSA, but I applied this setting and verified it does not work for Master and does not work for DSA. It does work as expected for relays though.