Manual relay selection with ICMP blocked

If ICMP is completely blocked, will clients be able to connect to a relay, or server, when manual relay selection is enabled?

I found the following support doc, which pretty much tells me the client will not attempt to connect to it’s relay if it cannot ping:

During manual relay selection, the BES Client sends an ICMP packet at the Maximum TTL to first its primary, then secondary, and lastly its failover BES Relays prior to attempting registration (very similar to the “tracert” algorithm). If the ICMP does not reach a BES Relay the BES Client will not attempt to register with it. If the ICMP ping is successful and the BES Client registers with the BES Relay the hop count determined by the ICMP packet is reported in the Distance to BES Relay property.

Will the client try to connect to the BES Server still?

Is there any way to force a client to attempt connecting to a relay it cannot ping?

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Configuration%20Settings

You’ll need to set either _BESClient_RelaySelect_FailoverRelay or _BESClient_RelaySelect_FailoverRelayList

The client would normally fail to the root server if it cannot ping any relay. These settings will have it failover to a relay of your choice instead.

1 Like

I’m curious where you found that support document?

If you are leveraging manual Relay selection, the Clients (by default) will attempt to register with their configured primary and secondary relays regardless of distance and whether or not ICMP is blocked. This can be confirmed by checking the Client’s logs.

1 Like

Thanks Jason, that’s how I thought it worked.

Can I assume the client would also attempt to connect to relays in the _BESClient_RelaySelect_TertiaryRelayList if specified even if it cannot ping them? I’m thinking that could be a way to setup primary and secondary relays in this scenario.

Edit: I re-read Jason’s reply, I skipped over where he mentioned _BESClient_RelaySelect_FailoverRelayList, which would be the setting I would need to set for multiple failover relays.

_BESClient_RelaySelect_FailoverRelayList

This setting contains a list of failover relays to choose from when no relay listed as primary, secondary or specified in the tertiary list responded to pings. This setting, first introduced in IEM 9.0, is a semi-colon delimited list of relays to try. For automatic relay selection you should look at the document on relay affiliation. If specified, this setting overrides _BESClient_RelaySelect_FailoverRelay.
(Example: relay1.company.com;192.168.123.32;relay2.company.com)

Here is the source I referenced:

https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/Autoselection%20Failsafe%20Controls

See manual relay selection under technical details.

It’s my understanding that if the client doesn’t get a ping response back from it’s primary or secondary relay it will not even attempt the connection.

I noticed that the document you referenced is “Autoselection Failsafe Controls”

1 Like

Yes, but there is a section that talks about manual selection…

I’ll be darned! It does.
Under Technical Details\Manual Selection.