locked
Skype for Business Edge Server and NATing RRS feed

  • Question

  • HI,

    Please suggest, are NAT enabled IP addresses  supported to all three EDGE Services if hardware load balancer is being used to manage external traffic ?

    What does mean "A/V Edge Service is NAT enabled", what will be the impact if we do not check mark this option ? what is the significant of this option ?

    -DJ

    Monday, May 16, 2016 9:23 PM

Answers

  • When using a hardware load balancer for the Edge you can't use NAT'd IPs. 

    See: https://technet.microsoft.com/en-us/library/gg615011.aspx and https://technet.microsoft.com/en-us/library/gg398739(v=ocs.15).aspx

    As for the Topology, when you click the NAT enabled option in the Topology builder this allows you to specify the Public IP address that is NAT'd to the A/V service. This would not be used when deploying hardware load balancers.


    Please mark posts as answers/helpful if it answers your question.
    Blog
    Skype Validator - Used to assist in the validation and documentation of Skype for Business/Lync Server.

    • Proposed as answer by Liinus Tuesday, May 17, 2016 12:47 PM
    • Marked as answer by Eason Huang Sunday, May 29, 2016 12:53 PM
    Tuesday, May 17, 2016 1:35 AM
  • also i'd like to add that you will need 9 public IPs

    3  for each edge and 3 for HLB.

    • Marked as answer by Eason Huang Sunday, May 29, 2016 12:53 PM
    Tuesday, May 17, 2016 7:38 AM
  • Hi,

    If you choose HLB for Edge Pool for HA function, the NAT is not supported.

    Also, both Edge external and internal interface must choose the same load balance method (HLB or DNS load balance).

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    • Marked as answer by Eason Huang Sunday, May 29, 2016 12:53 PM
    Thursday, May 19, 2016 9:04 AM

All replies

  • When using a hardware load balancer for the Edge you can't use NAT'd IPs. 

    See: https://technet.microsoft.com/en-us/library/gg615011.aspx and https://technet.microsoft.com/en-us/library/gg398739(v=ocs.15).aspx

    As for the Topology, when you click the NAT enabled option in the Topology builder this allows you to specify the Public IP address that is NAT'd to the A/V service. This would not be used when deploying hardware load balancers.


    Please mark posts as answers/helpful if it answers your question.
    Blog
    Skype Validator - Used to assist in the validation and documentation of Skype for Business/Lync Server.

    • Proposed as answer by Liinus Tuesday, May 17, 2016 12:47 PM
    • Marked as answer by Eason Huang Sunday, May 29, 2016 12:53 PM
    Tuesday, May 17, 2016 1:35 AM
  • also i'd like to add that you will need 9 public IPs

    3  for each edge and 3 for HLB.

    • Marked as answer by Eason Huang Sunday, May 29, 2016 12:53 PM
    Tuesday, May 17, 2016 7:38 AM
  • Hi Michale/Hamed,

    Thanks for your reply.I would also like to know what is the limitation of using NATed IP with A/V edge Service with Hardware load balancer ?

    If we use DNS load balancing then we can use NATed IP and when we use HLB we need to use public routable IPs.What is the base logic behind this ?

    Best Regards,

    -DJ


    Tuesday, May 17, 2016 7:52 AM
  • That specific scenario is called out by Microsoft, so it wouldn't be supported. HLB for Edge - "Do not use NAT on the internal or external firewall."

    DNS LB can use Routed or NATed IPs, HLB can only use Routed.


    Please mark posts as answers/helpful if it answers your question.
    Blog
    Skype Validator - Used to assist in the validation and documentation of Skype for Business/Lync Server.


    Tuesday, May 17, 2016 3:29 PM
  • Thanks Michael,

    Please also suggest what are the scenario where we should use DNS load balancing ? What is Microsoft recommendation to balance EDGE server traffic.If NATING is not supported with HLB then we have only one option with 9 public IP as mentioned below :

    

    when traffic will hit from client to av.domain.com, it will resolve HLB VIP and then HLB will further communicate it either EDGE01 or EDGE02.Here also IP is getting changed from HLB VIP(public) to A/V EDGE IP(public).Will it be supported solution ?

    -DJ

    Tuesday, May 17, 2016 9:17 PM
  • I prefer DNS LB you only need HLB if you have OCS federated domain or XMMP federation.

    about the 9 public IPs solution you talked about i think it is valid solution.

    for more details please check below uri

    https://technet.microsoft.com/en-us/library/gg425716(v=ocs.15).aspx

    Wednesday, May 18, 2016 4:03 AM
  • Thanks Hamed,

    Anyone who has any other opinion or experience which can help here.If we go with 9 Public IP with F5 load balancer in between external firewall and Edge Server. Will it be only solution if we leverage F5 for load balance ?

    -DJ


    Wednesday, May 18, 2016 10:50 AM
  • Hi,

    If you choose HLB for Edge Pool for HA function, the NAT is not supported.

    Also, both Edge external and internal interface must choose the same load balance method (HLB or DNS load balance).

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    • Marked as answer by Eason Huang Sunday, May 29, 2016 12:53 PM
    Thursday, May 19, 2016 9:04 AM