The (hopefully) definitive guide to load balancing Lync Edge Servers with a Hardware Load Balancer

  Having worked on a few large Lync deployments recently, I have realized that there is still a lot of confusion around properly architecting the network for load balancing Lync Edge Servers. Guida...
Published Jul 14, 2011
Version 1.0
BIG-IP Access Policy Manager (APM)
edge
industry
microsoft
security
us
Phil_no_Spill_1's avatar
Phil_no_Spill_1
Icon for Nimbostratus rankNimbostratus
Feb 18, 2014
Great article – thanks. We deployed and couldn’t get AV going at all from External until as above we put Public IPs on the Edge Server external interfaces and the F5 DMZ Interfaces connecting to the edge external. The bit that confused me was how routing outbound from the edge could work via the F5. We ended up logging a call and setup a Wildcard VS outbound on the DMZ (VLAN 9) in only as per SOL7595. VS Settings ; Type :Forwarding IP, Source IP :x.x.x.x%9/29 (mask covers all our possible edge IPs, as we found edge initiates traffic from each IP assigned).

 

Dest Network 0.0.0.0%9, mask 0.0.0.0, service: all ports, all protocols, enabled on DMZ_VLAN only, Source addr translation None, Protocol Profile FastL4_Loosinit_LooseClose

 

Where the above FastL4_Looseinit_Loosclose profile has the settings; Parent : fastL4, Reset on Timeout: Enabled, Idle Timeout: Immediate, Loose Init: Enabled, Loose Close: Enabled

 

We then set the default gateway on the Edge server to the floating Self IP assigned to the F5 DMZ, and it all worked nicely.

 

Couple of gotchyas we had on the way.

 

Error 1 : Incorrectly setting the iApp to say Edge Internal Route is via the BIG IP, when in fact the edge routes directly to the internal VLAN via its internal interface, is bad. We could do external to external av calls, and internal to internal av, but internal to external or vice versa would not connect at all. Was getting a message “Call failed to establish due to a media connectivity failure when one endpoint is internal and the other is remote” :

 

Error 2: Found av calls to internal would work for 5 seconds, and then the session would drop after 35 seconds. Audio inbound would work for the full 35 seconds, and audio outbound would work for 5 seconds only before terminating with Network Failure. Error in logs was “Call terminated on a mid-call media failure where one endpoint is internal and the other is remote”. This was due to our initial setup of the wildcard VS to route outbound, only accepting traffic from the primary IPs on the edge servers. Once we expanded the the Source IP to include the entire edge Server External IP range, traffic flowed no problem.

 

Hope this helps someone else. Cheers