F5 BigIP Hardware Load Balancer configuration RRS feed

  • Question

  • Hi there, we are implementing OCS 2007 behind a F5 BigIP HLB, but we are unable to find "good" configuration documentation regarding F5 and OCS. F5 has a document available, but that only lists half of the config. If that document is combined with the MS documentation we come a little bit further, but still we don't have a good feeling about it. We don't have direct issues at the moment, but I want to make sure the F5 is configured as it should be. Especially regarding the configuration of SNAT. We want to implement the F5 in a routing config and not in a "load balancer on a stick"config as F5 calls it. If we configure it in a routing config, I don't think we need SNAT configured on the F5, but I'm not sure. Also only the OCS Front Ends are behind the HLB. The SQL server, QoE and Mediation are located on the "normal"network.


    Any help would be appreciated.



    Tuesday, May 20, 2008 9:07 AM

All replies

  • Is this the F5 document that you're using?



    You are correct in running only FE pool servers behind the HLB as the others servers like SQL and mediation should not be.


    DNAT and SNAT are both supported depending on topology so if you'd like to include more detail that would help.


    Are you running multihomed FE servers?  If so, pay special attention to what addresses are being registered through DDNS - I have found it is best to turn off DDNS on the FE server interfaces in an OCS enterprise pool.

    Wednesday, May 21, 2008 6:16 AM
  • Hi

    I am having similar problems. I have deployed a Enterprise solution, the pool is in consolidated configuration (All roles on the same server).


    There are 3 server running all the roles in the pool (Front End, Web Confrencing, A/V Confr., Web components)


    There is a DNS record that points to the VIP of the F5


    The F5 is set up according to this http://www.f5.com/pdf/deployment-guides/microsoft-ocs-ltm94-dg.pdf


    When I go via the F5 I can not sign on but when I put a record in my host file to connect directly to the OCS server it works fine.


    Any Ideas?


    Monday, May 26, 2008 12:15 PM
  • Hi,


    It didn't work for us either when following the F5 docs. When you look at the MS OCS Enterprise Deployment doc, there is a list of ports that you must allow on the HLB. So we created the following Virtual Servers on the F5:


    - 443

    - 5061

    - 444

    - 135

    - Wildcard


    All on the same IP on the client side of the F5. Also ensure that on each VS the "VLAN Traffic" setting is set to "All VLANS". We first tried to limit this to specific VLANs based on the direction of the traffic but without success.


    After creating these VS's things started to work for us. But as I said, I would like to get some sort of confimation that this is the correct config.


    The only problem that we experienced after this, which we were not able to quickly solve (we borrowed the F5 for a pilot, and we had to return it shortly after we got OCS working), is an ARP problem. For some reason the F5 had the wrong ARP values in it arp table. What happened then was that we were not able to connect from one OCS FE server to the other and vice versa. This caused multi party conferencing to fail (and of course generated a lot of events).


    Any thoughts on that one are appreciated.





    Monday, May 26, 2008 2:16 PM

    Have you taken a network trace from your FE servers during your conference issues? 

    I've seen this kind where the FE servers are dual homed and DDNS registration is allowed on both interfaces.  There are then failures when conference clients try the LB facing IP instead of LAN side.  Not sure if this may give clues on ARP issue but traces certainly would help.

    Saturday, June 14, 2008 5:17 AM