Forum Discussion
Skype for Business: Using the Big IP as my Default Gateway
Hello All:
I am in the process of rolling out Skype for Business for my company. As it stands, I have my internal pool up and load balanced via the Skype for Business 2015 iApp template. The issue is that it is set to use SNAT (no routing enabled directly through the appliance). Skype for Business AV does not support NAT which is even referenced in the deployment guide so I need to set the Big IP as the default gateway for my three front end servers.
The short version of this story is that I do not have even the faintest idea of how to configure this on my F5.
The longer version is that I have readhttps://devcentral.f5.com/articles/ltm-per-vlan-default-gateways.U6LtcHWx3UZ which confused me more than it did help and I read https://packetpushers.net/stateless-routing-f5-ltm/ which seemed to be on the right track but I don't see how I'd set the next hop address to my actual router so that traffic can traverse VLAN's and the WAN if necessary after hopping through my F5.
Can someone please shed some light on this? Thanks!
- mikeshimkus_111Historic F5 Account
Hi David, check out page 28 of the Lync deployment guide:
http://www.f5.com/pdf/deployment-guides/microsoft-lync-iapp-dg.pdf
You can set up the next hop in Network>Routes on your Edge BIG-IP.
Mike
Hmmm, so that "worked" but then broke my internal skype services. So basically, I can now set the default gateway to the self IP address i set on on my F5 and i can access external networks through it, but it immediately stops my test clients from being able to log into Skype for Business. The instant i set my default Gateway back to my router, as it was before, everything starts working again.
Any idea why all of a sudden changing the gateway would result in Skype clients stopping being able to connect to Skype? The servers can still ping the clients and the clients can still ping the FE servers and the load balancer itself so it's not causing any breaks in network connectivity that I can see. Any advice would be appreciated. thanks!
- mikeshimkus_111Historic F5 Account
It shouldn't have broken your internal services. On your Edge servers, you have one static route pointing to the Edge LTM self IP for external networks, and another static route pointing to the self IP of the internal LTM for traffic bound for the internal Skype resources, correct?
Hey Mike, I have not yet made it to the Edge server deployment, I am still working on internal. Just FYI, I initially had internal working for IM, presence, and screensharing, but i wanted to revisit https://www.f5.com/pdf/deployment-guides/microsoft-skype-for-business-dg.pdf page 8 item c to ensure that I am properly set up for internal AV services before continuing on to the edge services deployment. (I needed to ensure that SNAT was not happening)
I followed the Fast L4 profile and virtual server steps EXACTLY, and then set up a route. The Route is setup so that Destination and netmask are both 0.0.0.0, the resource is set to use a gateway, and the gateway address is the router address on that VLAN (which is the address that works for my Front End servers when i set their default gateways to this same address).
Finally, in reference to part of your question, there are no static routes set on any of these servers, they solely use whatever default gateway I have set. I did test this several times, everything stops functioning on the client side as soon as i change the default gateway to the F5, even if I wait up to 30 minutesand try to sign in again. But as soon as i change the gateway over to my firewall as it used to be, i can immediately sign in again.
Is there any more info i could give that would help get to a resolution with this?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com