locked
Only one external IP address for the different services RRS feed

  • Question

  • Hi,
    I have implemented an Edge server. During the test I use a private IP address from a different network to simulate the public IP address.

    Here is the configuration of my Edge :
    Internal interface
        IP address        10.254.248.9

    Access
        Federation external    192.168.10.1:5061
        Remote access external    192.168.10.1:443
        Internal IP        10.254.248.9:5061

    Web Conferencing
        External IP        192.168.10.1:444
        Internal IP        10.254.248.9:8057

    A/V
        External IP (TCP)    192.168.10.1:445
        External port range    50000-59999
        Internal IP (TCP)    10.254.248.9:443
        A/V authentication    10.254.248.9:5062

    So I tested it from the network 192.168. and the IM, A/V works.

    Is this configuration OK ? I use the same external IP address for the different service with different port. I read in the deploye
    ment guide that it may produce some port conflict. But I do not understand why as we indicate every port we use.
    Does someone already implement this kind of configuration ? Is it safe ?

    Thx

    Tuesday, January 27, 2009 11:27 AM

Answers

  • Technically you can run all threes Edge roles on a single publicly routable IP address since it meets the A/V Edge requirements, it's just typically very messy since you have to change many ports due to the roles competing over common ports like TCP443.  I have seen that some people have gotten it to work and others have given up; I think success is also dependent on the specific network infrastructure and is usally more trouble than it's worth.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • Marked as answer by BougRun Monday, February 2, 2009 6:59 AM
    Wednesday, January 28, 2009 1:17 PM
    Moderator

All replies

  • From what you have cited here, the best that I can say is - Maybe. 

    One issue of importance is what your NAT relationships are for your interfaces.  NAT is not supported, mainly the A/V and that would be internal and external interfaces.  Route is best used in this scenario.

    Plus, just as a caution - there are well known issues that are well documented when using multiple IPs per interface (and solutions as well):

    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=19

    https://blogs.pointbridge.com/Blogs/mcgillen_matt/Pages/Post.aspx?_ID=20

    Hope this helps....

    Rick, OCS UA

     

     

    Wednesday, January 28, 2009 1:19 AM
  • Ok.But i do not intend to use NAT for my interfaces. I  have two network card, one for the internal network and the other one for the external network which is going to have a public IP address (Not the 192.168., it was only for the test) which will then be fully routable.

    So accoding to you if I use only one public IP address for all the services, it will works correctly ?

    Thx
    Wednesday, January 28, 2009 4:54 AM
  • Technically you can run all threes Edge roles on a single publicly routable IP address since it meets the A/V Edge requirements, it's just typically very messy since you have to change many ports due to the roles competing over common ports like TCP443.  I have seen that some people have gotten it to work and others have given up; I think success is also dependent on the specific network infrastructure and is usally more trouble than it's worth.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    • Marked as answer by BougRun Monday, February 2, 2009 6:59 AM
    Wednesday, January 28, 2009 1:17 PM
    Moderator
  • Well, it is not really messy ;)

    YOu have a couple of services wanting to use port 443, but they can be moved...
    ...AND - the setup wizard actually has all those services on one page anyway, so it is really easy to coordinate that ;)

    I have that running now - and work on getting PIC going.
    Tuesday, February 24, 2009 3:34 PM