Sample LTM Configuration for OCS 2007 Enterprise Pool with Scaled-site Edge servers Deployment

I'm also interested in this deployment since we're rolling out OCS this way. I'm basing my F5 configuration on the guideline but would like to double check...

I'm too.

I can probably put some details together on this. Are you guys deploying OCS2007 or OCS2007 R2? The options change a bit with R2.

I'm deploying OCS 2007 R2

I am currently having issues with the Web Conferencing portion of our deployment of the Edge. When I remove one of the Edge servers from the external pool the problem seems to go away. Some users are unable to join a meeting from outside the company when both edge server and in the Web Conferencing pool. I have enable persistence and disable persistence with the same results. There is no document on configuring this.

 

 

Is anyone else having this problem and if you are not can you post you settings?

 

 

Thank you,

 

Mac

 

I had similar issues but my problem turned out to be the OCS servers. Since we built OCS without the F5 and then once it was working fine, we introduced the F5. OCS didn't like that we moved the virtual server away from itself and there were windows firewall rules that needed to be opened.

Mac - Did you resolve your problem? I have the same or similar issue with my AV edge servers - it works when only one pool member is enabled, but degrades a lot when I enable the second AV edge. I'm currently set up for persistance (source addr) for all my virtual servers (I'm load balancing my edge servers - ext and int i/f's, FEs, and directors with a single ITM) but am getting ready to turn off persistance to see if that helps.

I've configured destination addr. persistence and I'm finding out that all traffic tends to go to only one server. I think it has to do with the long TCP timeouts that Microsoft wants.

What is the F5 (or Microsoft) recommendation on setting persistance when using OCS? I found the F5 deployment guide re: OCS 2007 to be somewhat lacking.

Here is what I found from Microsoft's Documentation: (I tried to format it the best I could)

 

 

Table 1.

 

Hardware Load Balancer Ports That Are Required for Office Communications Server 2007 R2

 

Port required Virtual IP Port use

 

5060Load balancer VIP used by the Front End ServersClient to server SIP communication over TCP

 

5061Load balancer VIP used by the Front End ServersClient to Front End Server SIP communication over TLS

 

SIP communication between Front End Servers over MTLS

 

5065Load balancer VIP used by the Front End ServersUsed for incoming SIP listening requests for application sharing over TCP

 

5069Load balancer VIP used by the Front End ServersUsed by QoE Agent on Front End Servers, needs to be open only if this pool sends QoE data to Monitoring Server

 

135Load balancer VIP used by the Front End ServersTo move users and perform other "pool" level Windows Management Instrumentation (WMI) operations over DCOM

 

444Load balancer VIP used by the Front End ServersCommunication between the internal components that manage conferencing and the conferencing servers

 

443Load balancer VIP used by the Web Components ServerHTTPS traffic to the pool URLs

 

 

 

Note:

 

 

If you deploy a load balancer for computers that are running applications such as Conferencing Attendant, Conferencing Announcement Service, Response Group Service, and Outside Voice Control, you must also configure the load balancer with the ports used by each application, as described in Dial-In Conferencing Support, Response Group Service Support, and Outside Voice Control, respectively.

 

 

•Provide TCP-level affinity. This means that the load balancer must ensure that TCP connections can be established with one Office Communications Server in the pool and all traffic on that connection will be destined for that same Office Communications Server.

 

 

•Each Front End Server must have an IP address that is directly routable within the internal network (specifically to allow communications between Front End Servers across different pools).

 

 

•The load balancer must provide a configurable TCP idle-timeout interval with its value set to 20 minutes or greater. This value must be 20 minutes or higher because it should be above the following values:

 

oMaximum SIP connection idle timeout of 20 minutes (this is the major determining value).

 

oSIP Keep-alive interval 5 minutes.

 

oMaximum REGISTER refresh interval of 15 minutes in absence of keep-alive checks.

 

 

 

•Enable TCP resets on idle timeout; also disable TCP resets when servers are detected to be down.

 

•Front End Servers within a pool behind a load balancer must be capable of routing to each other. There can be no NAT device in this path of communication. Any such device will prevent successful RPC between Front End Servers within a pool.

 

•Front End Servers behind a load balancer must have access to the AD DS environment.

 

•Front End Servers must have static IP addresses that can be used to configure them in the load balancer. In addition, these IP addresses must have DNS registrations (referred to as Front End FQDN).

 

•Any computer running Office Communications Server 2007 R2 administrative tools must be able to route through the load balancer to both the Pool FQDN as well as the Front End FQDN of every Front End Server in the pool or pools to be managed. In addition, there can be no NAT device in the path of communication to the Front End Servers to be managed. Again, this is a restriction enforced by the usage of the RPC protocol by DCOM.

 

•The load balancer should support a least-connections-based load balancing mechanism. This means that the load balancer will rank all Office Communications Server servers based on the number of outstanding connections to each of them. This rank will then be used to pick the Office Communications Server to be used for the next connection request.

 

•The load balancer must allow for adding and removing servers to the pool without shutting down.

 

•The load balancer should be capable of monitoring server availability by connecting to a configurable port for each server.

 

Important:

 

 

The monitor for ports 135 and 444 should open TCP connections to port 5060 or 5061 for determining server availability. Attempting to monitor ports 135 and 444 on the servers will cause the load balancer to incorrectly detect these servers to be available, because these ports are open even though Office Communications Server is not running.