locked
NLB portal trunk add DA RRS feed

  • Question

  • Hi,

    If now I have one UAG NLB array with one https portal trunk, can I add DA function direct to this NLB UAG?

    I saw articles which said single DA to NLB DA. But no one said NLB UAG add DA function.

     

    George


    邁格行動 技術顧問 George 小顧 部落格: http://www.magg.com.tw/blog/
    Tuesday, November 29, 2011 12:47 AM

All replies

  • Yep.

    You will need the external network adapters to have public IP addresses and you will need at least two NLB VIPs for DA.


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Tuesday, November 29, 2011 8:57 AM
  • Assuming that you are IPv4 inside your corporate network (because most companies still are) you will also be needing a VIP on your internal network as well for DA. So you will be adding 3 VIPs - two public and one internal.

    Do not dual-purpose the IP that you already have for your trunk, you will not like the results :) Leave that IP dedicated to the UAG trunk, and use the new IPs for DA.

    Wednesday, November 30, 2011 3:32 PM
  • Yeah, good point on the internal VIP.

    I often see people saying that you can use the second DA IP address for UAG trunks, but I find it just makes things confusing later on...

    Cheers

    JJ


    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, November 30, 2011 3:34 PM
  • Yes you can (and I have probably said as much on these forums in the past) but I definitely agree with you that the best practice is to use separate addresses for everything unless you are very limited in public IP address availability :)

    In fact, technically you can actually use the primary IP for both but you stand a very good chance of at least temporarily breaking IP-HTTPS.

     

    Wednesday, November 30, 2011 3:44 PM
  • Hi,

     

    Not sure that using the second UAG DA IP is a good thing. If you enable OTP authentication, UAG will create a Trunk on this second IP, ...


    BenoitS - Simple by Design http://danstoncloud.com/blogs/simplebydesign/default.aspx
    Wednesday, November 30, 2011 4:29 PM
  • Yeah, good, we all agree...apart from Kai ;)
    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk
    Wednesday, November 30, 2011 4:48 PM