none
SFB Edge Server IP Requirments

    Question

  • HI,

    I have query on use of NAT IP address for Edge servers. Read many technet articles but still have few doubts.

    Below is the scenario: 2 edge servers in pool. Will use HLB for load balancing interval as well as external.

    This is confirm that we will need 9 Public IP address. 3 each for edge servers and 3 for VIP.

    Now, my query is on use of NAT address. Can we have NAT enabled on Firewall for all these 9 IP address. The Private IP should be routable.

    It is being said that we cannot use NAT for A/V. So, how should we approach the configuration on Firewall. Should we not assign NAT IP on A/V and assign the NAT Private routable IP for Access Edge and Webcon.

    Is there any other article apart from technet explaining the approach of using 2 edge server with NAT IP using HLB.

    Thanks

    Pawan

    Tuesday, May 17, 2016 10:28 AM

Answers

  • Based on my understanding, you probably using HLB for all traffics and also internal and external.

    If you are using HLB, then NAT is not supported.

    You must use the same type of load balancing method for internal and external interface of Edge servers. NAT is not supported on both internal and external firewall for Skype4B traffic.

    Ref: https://insidemstech.com/2015/09/27/load-balancing-skype-for-business-server-2015/

    NAT can only be used for scaled consolidated Edge Servers if you use DNS load balancing. If you use hardware load balancing (HLB), you need to use publicly routable IP addresses without NAT.

    Ref: https://technet.microsoft.com/en-us/library/mt346415.aspx

    Let me know if that clarifies..


    - Muralidharan. Please mark as answer/useful if my contribution helps you.

    • Proposed as answer by Akampa Wednesday, May 18, 2016 2:49 PM
    • Marked as answer by Eason HuangModerator Sunday, May 29, 2016 1:05 PM
    Tuesday, May 17, 2016 12:05 PM
  • Hi Pawan11,

    Do not use NAT on the internal or external firewall, if using NLB, NAT is not supported.

    Please refer to

    https://technet.microsoft.com/en-us/library/jj656815(v=ocs.15).aspx

    Best regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    • Proposed as answer by Akampa Wednesday, May 18, 2016 2:49 PM
    • Marked as answer by Eason HuangModerator Sunday, May 29, 2016 1:05 PM
    Wednesday, May 18, 2016 9:25 AM
    Moderator

All replies

  • Based on my understanding, you probably using HLB for all traffics and also internal and external.

    If you are using HLB, then NAT is not supported.

    You must use the same type of load balancing method for internal and external interface of Edge servers. NAT is not supported on both internal and external firewall for Skype4B traffic.

    Ref: https://insidemstech.com/2015/09/27/load-balancing-skype-for-business-server-2015/

    NAT can only be used for scaled consolidated Edge Servers if you use DNS load balancing. If you use hardware load balancing (HLB), you need to use publicly routable IP addresses without NAT.

    Ref: https://technet.microsoft.com/en-us/library/mt346415.aspx

    Let me know if that clarifies..


    - Muralidharan. Please mark as answer/useful if my contribution helps you.

    • Proposed as answer by Akampa Wednesday, May 18, 2016 2:49 PM
    • Marked as answer by Eason HuangModerator Sunday, May 29, 2016 1:05 PM
    Tuesday, May 17, 2016 12:05 PM
  • Hi Muralidharan,

    Internallly SFB FE servers. We are using HLB for only HTTPS traffic. For other traffic we are using DNS load balancing.

    So, you are saying we cannot have HLB configure with NAT IP address externally as well as for  Edge server internal interface.

    Tuesday, May 17, 2016 3:05 PM
  • Hi Pawan,

    I didnt see that you are using DNS load balancing for other than Https traffic.

    If you are using the DNS Load balancing then its supported. 

    Here is the way how it must be configured/worked it in firewall,

    https://technet.microsoft.com/en-us/library/gg425882%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396


    - Muralidharan. Please mark as answer/useful if my contribution helps you.


    Tuesday, May 17, 2016 5:02 PM
  • Hi Pawan11,

    Do not use NAT on the internal or external firewall, if using NLB, NAT is not supported.

    Please refer to

    https://technet.microsoft.com/en-us/library/jj656815(v=ocs.15).aspx

    Best regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    • Proposed as answer by Akampa Wednesday, May 18, 2016 2:49 PM
    • Marked as answer by Eason HuangModerator Sunday, May 29, 2016 1:05 PM
    Wednesday, May 18, 2016 9:25 AM
    Moderator