Best Persistance profile to set in F5 for UAG servers? RRS feed

  • Question

  • Does anyone know the best persistance profile to use for an F5 to Load balance UAG servers? These UAg servers are point to SharePoint WFE servers. We are currently using Cookie.

    here are the options below:

    Persistence profile types
    You can configure persistence profile settings to set up session persistence on the BIG-IP system. You can configure these settings when you create a profile or after profile creation by modifying the profiles settings.
    The persistence types that you can enable using a persistence profile are:

    Cookie persistence

    Destination address affinity persistence

    Hash persistence

    Microsoft® Remote Desktop Protocol persistence

    SIP persistence

    Source address affinity persistence

    SSL persistence

    Universal persistence
    Reply  Quote

    Wednesday, February 8, 2012 11:27 PM

All replies

  • Hi,

    I would use Source IP for the UAG servers and then configure a Farm within UAG for the WFE servers.

    Using a hardware load balancer─You can use a hardware load
    balancer to balance servers configured as Forefront UAG array members. The
    hardware load balancer must support IP affinity. The main advantage of using a
    hardware load balancer is scalability. Using integrated NLB supports up to
    approximately 8 array members. For partner information on Forefront UAG and
    Forefront UAG DirectAccess hardware load balancing solutions, see Find a
    at the Microsoft site.

    Source: http://technet.microsoft.com/en-us/library/dd861441.aspx



    Jason Jones | Forefront MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Wednesday, February 8, 2012 11:31 PM
  • 1) Thanks for the Info, any reason for choosing Source IP? What is the benefit over Cookie that we are using?

    2) Also any idea what persistance we should use from the F5 load balancer to the SharePoint WFE servers?

    Flow is below

    F5 -->(Source IP Persistance) UAG1 & UAG2 --> F5 -->(Which persistance here?) WFE1 & WFE2


    Friday, February 10, 2012 1:12 AM
  • Since UAG relies on non-browser based client-server protocols, cookie persistence will not be a good option for persisting to the UAG servers. Jason is right in his recommendation for using source IP persistence. For the SharePoint WFEs, you will definately want to use cookie persistence. As long as your SharePoint traffic from the client is unencrypted (or the BIG-IP is decrypting it), cookie persistence is the best option, as it wont be adversely affected by UAG (or any other proxy for that matter) modifying the client source IP.
    Wednesday, June 13, 2012 9:21 PM
  • Are you saying it should be like this below with source then cookie?

    F5 -->(Source IP Persistance) UAG1 & UAG2 --> F5 -->(Cookie Persistant) WFE1 & WFE2

    Friday, June 15, 2012 12:13 PM
  • Yep, that is exactly how I would deploy it.

    The benefit of leveraging cookie persistence for the WFEs is that it works independantly of the connection to the UAG servers. So if a UAG server goes down, and the user gets load balanced to a new UAG server, they will still be persisted to the same WFE that they were originally sent to.

    • Edited by ryankorock Monday, June 18, 2012 4:33 PM
    Friday, June 15, 2012 2:10 PM