Load Balancer, Gateway and Session consideration

Untitled Document Generally Load Balancer in Lync must be used along with DNS load balancing or in an entire configuration.
If you make used of DNS load balancing, the HLB will be used for HTTP/ HTTPS traffic (Pool Web Services).
Using DNS LB has both sites, an advantage and disadvantage.

Positive is, you can scale a HLB much higher if you only use it for HTTP traffic. The HLB can fully be utilized for SSL offloading.

Negative is, you are depending on availability of your DNS infrastructure. Other disadvantage is, DNS based load balancing will never consider the real load on a Lync Server, since the algorithm cannot be aware about the real load. The Client make the decision which server it will connect to. Other is, if you want to make use of PIC, you still need a Load Balancer.

Sum:
It depends all on your feature set, load calculation, the server count and sure your budget ;)
----------------------------

Gateway consideration (keep in mind):
There are differences for internal and external Setup of HLB.

Internal means, all internal Server or Interfaces, e.g. FE, Director, internal Edge Server NIC.

External is the NIC on an Edge Server communicating with the Default Internet Route.
While the Traffic on all internal Interfaces will be controlled by a static route itself, the Default Gateway is always the Internet Gateway itself.
Again, on the EDGE Server internal interface, it must be a persistent route to all involved LYNC Server only!



Next I'm giving three examples (FE fully HLB, FE DNS + HLB Web Services and the EDGE external HLB) configuration:

Front-End Server fully load balanced:


These services must be included:

Service Name
Proto-colPortVirtual IP AddressReal Server PersistenceSchedulingSNATLayerNotes
DCOMTCP135Pool IPServer IPSource IPLeast ConnectionYesL7RPC /DCOM based operation
SIPTCP5061Pool IPServer IPSource IPLeast ConnectionYesL7SIP/ TLS
App ShareTCP5065Pool IPServer IPSource IPLeast ConnectionYesL7Application Sharing
QoETCP5069Pool IPServer IPSource IPLeast ConnectionYesL7QoE Agent
ConfTCP444Pool IPServer IPSource IPLeast ConnectionYesL7Conferencing
Web IntTCP443Pool IPServer IPSource IPLeast ConnectionYesL7HTTPS internal Web Services
Web ExtTCP4443Pool IPServer IPSource IPLeast ConnectionYesL7HTTPS external Web Services

optional Services for Front-End:

Service Name
Proto-colPortVirtual IP AddressReal Server PersistenceSchedulingSNATLayerNotes
WEBTCP80Pool IPServer IPSource IPLeast ConnectionYesL7HTTP Root Cert Retrieval for UC Phones & int/ext Web Services
CACTCP448Pool IPServer IPSource IPLeast ConnectionYesL7Call Admission Control
SIPUTCP5060Pool IPServer IPSource IPLeast ConnectionYesL7SIP unsecured
MEDTCP5067Pool IPServer IPSource IPLeast ConnectionYesL7Mediation Server SIP/ TLS
MEDTCP5068Pool IPServer IPSource IPLeast ConnectionYesL7Mediation Server SIP/ TCP
MEDTCP6070Pool IPServer IPSource IPLeast ConnectionYesL7Median Server FE
RSGTCP6071Pool IPServer IPSource IPLeast ConnectionYesL7Response Groups
CAATCP 6072Pool IPServer IPSource IPLeast ConnectionYesL7Conferencing Attendant
CATCP 6073Pool IPServer IPSource IPLeast ConnectionYesL7Conferencing Announcement
OVTCP 6074Pool IPServer IPSource IPLeast ConnectionYesL7Outside Voice Control
TCP 6075Pool IPServer IPSource IPLeast ConnectionYesL7
TCP 6076Pool IPServer IPSource IPLeast ConnectionYesL7
TCP 6080Pool IPServer IPSource IPLeast ConnectionYesL7
WEB 8080TCP 8080Pool IPServer IPSource IPLeast ConnectionYesL7HTTP external WEbServices





Front-End Server DNS load balanced, WebServices Hardware load balanced:

Service NameProto-colPortVirtual IP AddressReal Server PersistenceSchedulingSNATLayerNotes
Web IntTCP443Pool IPServer IPSource IPLeast ConnectionYesL7HTTPS internal Web Services
Web ExtTCP4443Pool IPServer IPSource IPLeast ConnectionYesL7HTTPS external Web Services


Edge Server fully load balanced (with out RevProxy):

Edge Server external Interface:

Service Name
ProtocolPortVirtual IP AddressReal Server PersistenceSchedulingSNATLayerNotes
SIP AccessTCP5061Pool IPServer IPSource IPLeast ConnectionNOL7SIP/ TLS
Remote AccessTCP443Pool IPServer IPSource IPLeast ConnectionNOL7Remote User
ConfTCP443Pool IPServer IPSource IPLeast ConnectionNOL7Conferencing
AV TCPTCP443Pool IPServer IPSource IPLeast ConnectionNOL7Fallback port TCP A/V, Sharing & File
AV UDPUDP3479Pool IPServer IPSource IPLeast ConnectionNOL4Audio/ Video

Edge Server external Interface optional:

Service Name
ProtocolPortVirtual IP AddressReal ServerPersistenceSchedulingSNATLayerNotes
AV TCP HighTCP50.000-59.999Pool IPServer IPSource IPLeast ConnectionNOL7Fallback port
Audio/Video High
port Range.
Desktop Sharing /
CWA
AV UDP HighUDP50.000-59.999Pool IPServer IPSource IPLeast ConnectionNO L4Audio/Video High
port Range.
Federation/Remot
e Users

Edge Server internal Interface:
Service NameProtocolPortVirtual IP AddressReal ServerPersistenceSchedulingSNATLayerNotes
SIPTCP5061Pool IPServer IPSource IPLeast ConnectionYesL7SIP/ TLS
AuthTCP5062Pool IPServer IPSource IPLeast ConnectionYesL7A/V Authentication
HTTPTCP443Pool IPServer IPSource IPLeast ConnectionYesL7TCP Audio, Video, Sharing & Files
CONFUDP3478Pool IPServer IPSource IPLeast ConnectionYesL7Audio/ Video





Director Server internal Interface:

Service Name
ProtocolPortVirtual IP AddressReal ServerPersistenceSchedulingSNATLayerNotes
SIPTCP5061Pool IPServer IPSource IPLeast ConnectionYesL7SIP/ TLS
SIPUTCP5060Pool IPServer IPSource IPLeast ConnectionYesL7SIP unsecured

------------

General Statement MSFT Planning for external User Access:

The Skype for Business, Lync Server 2013/ 2010 scaled consolidated Edge topology is optimized for DNS load balancing for new deployments federating primarily with other organizations. If high availability is required for any of the following scenarios, a hardware load balancer must be used for the following:
  • Federation with organizations using Office Communications Server 2007 R2 or Office Communications Server 2007
  • Exchange UM for remote users (only older than Exchange 2007 SP1) 
  • Connectivity to public IM users and SKYPE
(Office 365 is aware about DNS load balancing)
Important:
You cannot use DNS load balancing on one interface and hardware load balancing on another. You must use hardware load balancing on both interfaces or DNS load balancing for both. A combination is not supported.
Regardless of whether you use hardware load balancing for your Edge Server pool, you will need a hardware load balancer if there are two or more reverse proxy servers deployed.

Comments

Popular posts from this blog

How to hide users from GAL if they are AD Connect synchronized

Cannot join external Lync Meeting: Lync Edge Server Single IP Address (Lync Edge Server Single IP Web Conferenceing Problem)

MFA with Guest Access and different tenants settings