Poor performance drtr.rating_service seen in proxy hierarchy deployment

book

Article ID: 167714

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

High response times seen in Health Check Statistics

Dynamic real time rating (DRTR) slow or fails

Receive failed. Using service drtr_service_x_x_x_x  seen in the event logs

Proxy hierarchy deployment

Resolution

 

To resolve these issues, add the DRTR servers IP addresses to the "Set Reverse DNS restrictions" section of VPM (VPM -> Configuration -> Set Reverse DNS Lookup Restrictions…). of the parent proxy.

The best way to identify which IP addresses to add is to search the sysinfo for "drtr.rating_service" this is under the "Health check statistics" section of the sysinfo here you will find entries like

"IP address: 103.246.38.203              Enabled      OK      UP"

There is one for each IP address that you need to add Set Reverse DNS restrictions section of VPN plus the mask 255.255.255.255

As DRTR responses are cacheable you may find the parent proxy is caching the DRTR health check response and serving these to the child proxies to
prevent this apply the following policy on the parent proxies then flush the object cache on the parent proxy
 

define condition __CondList1DRTR-servers

    url.address=8.28.16.203

    url.address=103.246.38.203

    url.address=199.116.169.244

    url.address=199.116.169.245

    url.address=199.19.249.201

    url.address=199.19.249.203

    url.address=8.28.16.201

    url.address=103.246.38.201

end

 
<Cache>

    condition=__CondList1DRTR-servers cache(no)