(imported topic written by TKMQ_Henrik_Bytoft_Holm)
Hi,
All my relays are NAT’ed then they connects to TEM ROOT server… And therefore cannot recieve the notification UDP ping. The root server only see’s the relay local IP adress…
How to overcome this - our installation is painfully slow?
(imported comment written by PeterLoer)
Hi Henrik,
Well, if you are able to open traffic forwarding through the NAT to the relays on port 52311 (or whichever port you’re using) that would obviously give you the most responsive deployment. (By the way, between relays it is actually TCP, as opposed to the UDP that is used between relays and agents). But presuming that’s not possible, it sounds like you probably want to increase the “command polling” interval on the Relays.
The command polling interval is basically the frequency at which the relays will check in with their parent in order to find out if there is anything new. You can find details on configuring it at:
http://www-01.ibm.com/support/docview.wss?uid=swg21505846
You might also find some of the following resources relevant:
http://www-01.ibm.com/support/docview.wss?uid=swg21505647
http://forum.bigfix.com/viewtopic.php?id=2057
Hope that helps!
cheers,
peter
(imported comment written by TKMQ_Henrik_Bytoft_Holm)
So the whole installation would speed up, if I can manage to make a TCP connection between the root server to the relays on på 52311… Its going to be ugly but I’ll give it a shot
(imported comment written by SystemAdmin)
Most NATs allow you to forward a port to a specific machine within the network, however you have to have the parent know how to get down to that relay as well and I don’t believe we have a concept of an alias for relay to relay communication.
To describe what I mean, the relay is named relay.company.com and is IP 192.168.1.100 and reports itself as that to its parent when it reports. This flows through the NAT well. When the parent relay tries to contact that relay to deliver its messages through TCP it is going to try to either resolve the address if its a name (which probably won’t work as it may be using a different DNS) or try to go to the IP address directly (and as its non-routable most likely it won’t be able to get there) but the external address of the NAT is the only thing that is reachable.
You can give an “alias” to a relay with the client setting _BESClient_Relay_NameOverride but not sure if that will help in this situation as that is usually used to help with other DNS issues. If it does you could forward port 52311 to the real relay IP (or whatever port your deployment uses) on the NAT.
Let us know how it goes.
(imported comment written by SystemAdmin)
Just an added note here, when you create this forwarding rule on the NAT, anyone external to the NAT can access the relay so it does open your content etc on this relay.
A shorter Upstream Check period on the Relay might be sufficient for this type of environment