Observing high amount of bypassed traffic due to Dynamic Bypass

book

Article ID: 168734

calendar_today

Updated On:

Products

CacheFlow Appliance Software

Issue/Introduction

Resolution

Inspect the Dynamic Bypass List during incident to determine if there is a pattern, in particular the destination IP address(es) that has the highest Use Count. The list would state the reason why the IP(s) are added to the bypass list.

The command to view the bypass list is as below. In the example below, you may want to focus on the destination IP 6.6.6.6 due to the large 'Use Count'. The reason for the IP to be added is marked 'C' which is for Connect-Error

CF3x5#sh proxy-services dynamic-bypass
Reason legend:
  U - User policy           A - Asymmetric route      N - Non-HTTP
  C - Connect error         R - Receive error         5 - 5xx

Client IP address  Server IP address  Timeout (minutes)  Use Count    Reasons    
2.2.2.2                  5.5.5.5                         28                             2               C
3.3.3.3                  5.5.5.8                         15                             3               N
*                            6.6.6.4                         53                            10             C
*                            6.6.6.6                         24                            3578         C
*                            6.6.6.7                         53                            12             C
4.4.4.3                  5.5.5.8                         15                            3               N
...
...


PCAP can then be used to filter based on the IP address in an attempt to determine the root cause

Access log can also be used to determine how frequent the error occurs and if it's expected. If the number of failures is relatively miniscule compared to the total request per OCS, the failures could be expected.

As an example, if the proxy is setup for targetted caching, it would be processing large number of requests heading for the same or small number of OCSes. It would not be impossible that some of these requests failed within the configured dynamic bypass timeout period resulting in the OCS IP being made a wildcard bypass entry and therefore bypassing large number of transaction and bytes.

In this case, you can avoid the OCS IP being wildcarded by increasing the server-threshold (default 4) and/or reduce the timeout (default 60) period. The value to set depends on the number and frequency of failure observed in the accesslog.

Here are the commands:

CF3x5#(config dynamic-bypass)server-threshold 12
  ok
CF3x5#(config dynamic-bypass)timeout 30
  ok