Until Feb 2024 we never used to experience this issue which I will go on to describe. We have 1 BF server with 2 geographically separate head end relays which are connected by a 50mb MPLS connection. This is our Central infrastructure which has about 70 servers on it in total. We then have about 260 Customer servers connected to the central site by 256k circuits. Some of these 120 sites have a relay on as well to serve the other servers on that site and the most would be 5 servers on 1 site. of the 120 sites 50 of them have relays. The relays for customers sites use 1 of the head end relays and the load is managed manually and have 50% on each head end relay. The client machines are also split roughly 50% on each as well.
My question relates to relay to relay traffic. If we have say a new rollup patch to deploy to 1 client server only and it is also a relay. The patch would be about 650mb so not the sort of traffic we would want going over the clients 256K network during the day, apart form the 1 device we wish to update then test. We normally create a baseline each month which may have only the rollup patch or maybe other MS patches. If we deploy this to the one client server with a relay on does the head end relay only download to the relay on the client server that we deployed baseline to or does it download to all it subordinate relays. If it does download to all relays is this a new behaviour and can we influence this
Relays will only download action payloads when a Client registered to it requests the given download. So, if you’re distributing a large patch to 1 Client, it is expected that only the Relay chain down to that Client will download and cache the patch.
Note: depending on the internet connectivity of the target Clients, one option to consider is to have the Clients download the patch directly from the vendor rather than via the Relays. Check out Managing Downloads for more information.
So it look like we have an unexpected behaviour then. When we did this after patch release for May we kicked off the patch to1 reference server which is same as our customers use and our PA firewall logs seem to confirm that traffic was going to all of the subordinate relays thus overwhelming some of our customer connections. This first happened in FEB this year but has not ever happened before and we have been running this configuration for several years so I was a bit confused to see this evidence. I plan to do a test with a small payload but how do i check if payload exists on relays other than those involved in the download chain?
You could check the download cache folder on the Relays for the presence of a file matching the sha1 of the patch (which you can get from the actionscript). From the link above:
The caches are stored as subfolders of the program folder, which is created by default at %PROGRAM FILES%\BigFix Enterprise on Windows systems and /var/opt/BES Server on Linux systems. The server download cache is ..\BES Server\wwwrootbes\bfmirror\downloads\sha1...
Thanks Aram I will do my experiment!