OCS R2 Edge different subnets? RRS feed

  • Question

  • I thought I read somewhere that the preferred configuration for an OCS R2 Edge (consolidated) config is to have multiple NICs for each role (internal, access, webconf, and AV) and the internal should be in the DMZ but be  on a different subnet than the access,webconf, and av.  We only have 1 subnet designated as a dmz.  Is there a problem to have all edge interfaces in the same subnet?
    Friday, April 10, 2009 6:23 PM

All replies

  • I cover a range of supported an unsupported network configurations for the Edge server in this blog article:

    And this newer articles is specific to R2:

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, April 10, 2009 7:19 PM
  • Hi Jeff,
    So, assuming an "internal" network of which is where the FE server is located and the following diagram of a DMZ ( and a consolidated edge server with 4 physical NICs configured as follows:

                   |                      ------------ (Access Edge External IP (Nat'd to public))
                   |                    |------------- (WebConf External IP (Nat'd to public))
                   FW                  \ 
                                           ------------ (A/V External IP (Nat'd to public))
                                              ---------- (Edge Internal IP)

    This would not work/be supported?

    Could we set the Edge internal IP to something like on the internal network with the remaining interfaces as above?

    I just don't understand why the edge internal needs to be on a separate subnet than the other edge services if you explicitly tell OCS which is the internal and which is the external interface. 
    Friday, April 10, 2009 8:02 PM
  • This section under the 'fuzzy' configurations speaks to that scenario:

    Multiple physical network interfaces with multiple IP addresses in the same subnetwork. This configuration works and is supported, but is highly discouraged as to accommodate the need for separate interfaces you would have to configure gateways on both network adapters.  This is not recommended due to the Dead Gateway Detection feature of Windows Server.  By design, only one of the two gateways can be used by default and there is no load balancing or logic used for routing, Windows simply becomes a non-opportunistic router and traffic flow could be very spotty.  Networks with a single firewall appliance (e.g an ISA Server deployed in 3-leg Perimeter mode) fall into this category and the recommended configuration is discussed on page 18 of the Designing Your Perimeter Network for Office Communications Server 2007 White Paper from Microsoft.

    Part of this has to do with how Windows Server handles multiple network carsd in the same subnetwork and is not just and "OCS thing".

    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Friday, April 10, 2009 8:57 PM