none
Can anyone clarify this for me: ”Web Conferencing Edge internal ports should not be load-balanced.” RRS feed

  • Question

  • Hi everyone!

    I’m reading about hardware load balancing, and thought that I finally understood it, but then I was confused by this text: (The part in bold)

    I know that I have to HLB the traffic from:
     
    Internet -> Edge External NIC
    FrontEnd -> Edge Internal NIC

    But I don’t understand what they mean

     

    Redundancy for Edge Servers requires just adding more Edge Servers to a pool. Like a Front End pool, up to ten servers can be defined in an Edge Server pool. Load balancing can either be done with DNS load balancing requests or by using a hardware load balancer.

    DNS load balancing is done by entering multiple host records for the Edge Server pool name within DNS. When clients or servers attempt to reach a server that is unavailable, they will attempt to use an alternate server.

    A hardware load balancer can still be used for Edge Servers in Lync Server, which adds greater load-balancing capabilities at the price of greater complexity.

    As in prior releases, the internal Access Edge and A/V Authentication Edge interfaces should be load-balanced, but the Web Conferencing Edge internal ports should not be load-balanced.


    BR
    Monday, January 16, 2012 8:15 AM

Answers

  • Basically they tell you not to load balance this because if you are hosting a web conference and you have enabled load balancing, if your server pool consists of server1 & server2 and the web conference has been created on server 1, the load balancers could send someone trying to connect to that conference to Server2.

    Unfortunately all users in the web conference have to be connected to the same server on which the conference was created.


    Jamie Smith | MCITP: Lync 2010
    Monday, January 16, 2012 12:58 PM

All replies

  • Basically they tell you not to load balance this because if you are hosting a web conference and you have enabled load balancing, if your server pool consists of server1 & server2 and the web conference has been created on server 1, the load balancers could send someone trying to connect to that conference to Server2.

    Unfortunately all users in the web conference have to be connected to the same server on which the conference was created.


    Jamie Smith | MCITP: Lync 2010
    Monday, January 16, 2012 12:58 PM
  • Hi Jamie

    Thanks for the explanation – it makes good sense J

    But I’m unsure who to configure it / prevent it? Is it the Internal NIC on my Edge server they are talking about? But since it only have 1 NIC and 1 IP how can I prevent it?

     

    In my head I’m thinking about the flow like this, is that a correct perception?

    From the Internet the traffic goes to HLB VIP1,2,3
    From the HLB the traffic goes to Edge Server 1 or 2, external NIC, IP 1,2,3
    From Edge Server 1 or 2, traffic goes to Front End pool through DNS LB
    From Front End pool traffic goes to Edge Server 1 or 2, Internal NIC through HLB

     


    BR
    Monday, January 16, 2012 1:15 PM
  • Hi KaffeGoblen,

    Your perception is fine, the thing you will do in your case would be to dedicate one Front end to be your web conferencing server (or create a server just for that, if it will be heavily used) and under the Edge pool configuration in the topology builder set the Web Conferencing Edge Service to the specific server rather than the HLB.

    Set it to something like this below:

     


    Jamie Smith | MCITP: Lync 2010
    Monday, January 16, 2012 2:40 PM
  • Hi Jamie

    Thanks again, I really appreciate your help!
    But I’m afraid that I’m lost again… And this time I mean really really  lost… :-/

    I can’t understand how to avoid that traffic from the Edge which is going to the front-end pool is not load balanced?

    Don’t the Edge servers only know about their next hop which is fepool.domain.com, and to which I load-balance the traffic through DNS LB.

    I have a feeling that I might have a wrong picture in my head about how to load-balance the flow between the EDGE servers, to the FE-servers, and from FE-servers to EDGE.

     

    Is this drawing looking okay, or is there something terribly wrong?
    I really hope that you can help me to understand how to configure this!

    Thanks again, you are really helping me :)


    BR
    Monday, January 16, 2012 6:18 PM
  • Hi,Kaffe,

    I think the descriptions  is not very accurate  in the article you refered,the original statement is like this:

    If you are using a hardware load balancer, the load balancer deployed for connections with the internal network must be configured to load-balance only the traffic to the Access Edge service and the A/V Edge service. It cannot load balance the traffic to the internal Web Conferencing Edge service.

    Per my understanding this setting should be configured in Load balancer for traffic flow,but I can't figure out it exactly since I didn't have HLB in hand.You can check the HLB  deployment guide for Lync with the following link: http://technet.microsoft.com/en-us/lync/gg269419

    Regarding the Edge topology,hope the following links can clarify your question.

    With HLB deploed for Lync edge:  http://technet.microsoft.com/en-us/library/gg398478.aspx 

    Without HLB but DNS load balancing deployed http://technet.microsoft.com/en-us/library/gg398823.aspx

    Regards,

    Sharon


    Sharon Shen

    TechNet Community Support

    ******************************************************************************************************************************************************* Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community memb
    Wednesday, January 18, 2012 9:43 AM
    Moderator
  • Hi Sharon
    Thanks for your input, I really appreciates it!

    The description was a from the Lync Unleashed book, but compared to the info you have posted I think they have trimmed it a little to much :-) Anyway…

    I think that I only have two question left (sorry if I’m repeating myself):

    Question one:
    I have edited the pictures from these URL to better describe what I mean.
    If that’s against the rules in any way please let me know, and I will remove the pic instantly
    http://technet.microsoft.com/en-us/library/gg398739.aspx
    http://technet.microsoft.com/en-us/library/gg398478.aspx

    As the picture shows:
    These ports (443, 3478, 5061, 5062) should be load balanced.
    These ports (443.4443.3478.5061.8057) should not be load balanced, and the traffic should go directly to con01 or Con02

    But does the Front End pool knows of the individual edge servers (con01 & con02) and try to contact them directly? I thougth the Front End only knows about the poolname of the Edge (lsedge.contoso.net) and attempt to send the traffic to the nodes that way (which in this case is through the HLB). Is that not correct?

     

    Question two:
    I really don’t understand how it works or what it is Jamie is telling me:

    Your perception is fine, the thing you will do in your case would be to dedicate one Front end to be your web conferencing server (or create a server just for that, if it will be heavily used) and under the Edge pool configuration in the topology builder set the Web Conferencing Edge Service to the specific server rather than the HLB. Set it to something like this belowe:

    Is it because that it is these URLs the Front-end servers is looking for? (My assumption was that these URL’s should match the external URLs I have published and that they have nothing to do with the internal network?)

    Thanks to everyone reading this :)


    BR
    Wednesday, January 18, 2012 12:45 PM
  • Hi Martin,

    Sorry for the late reply. I think i understand your concern now.

    Firstly your setup should be ok from what i have read. You are not load balancing on a port level internally. You have DNS LB for your FE pool which wont have an issue.

    The issue is when you use a HLB internally that can load balance down to the port level. This is mainly used when people have a few servers load balanced on the same HLB, so people will tend load balance on the port level to seperate the services.

    A Lync session on the other hand uses multiple ports and if you where to HLB the ports to different servers you wouldnt be able to create any sessions. If you notice the ports mentioned not to load balance included the SIP 5061 port which essentially would run into the same problem.

    Hopefully that clears it up for you.

    PS: I would recommend using NLB over DNS LB as it will actually load balance rather then round robbin the connections.

    http://lallscreation.blogspot.com/2011/11/steps-to-configure-network-load.html#!/2011/11/steps-to-configure-network-load.html


    Jamie Smith | MCITP: Lync 2010
    Wednesday, February 1, 2012 11:34 AM
  • Hi Jamie
    Thanks again for replying, I really really appreciates it, but I still really really don’t get it… And it’s killing me… :-(

    I know that:
    A: The internal Access Edge and A/V Authentication Edge interfaces should be load-balanced
    B: Web Conferencing Edge internal ports should not be load-balanced.

     

    But I really, really, really don’t see how to instruct the Front End pool not to hit the VIP of the HLB when trying to get to the Web Conferencing Edge Service on port 8057

    Isn’t it true that the Front End server ONLY knows about the pool-name of the Edge-servers? And since the pool-name points to the VIP of the HLB all traffic will hit the HLB.

    But do I then have to create a rule in the HLB and send WebConf port 8057 to only ONE of the Edge servers? Or is it in this case that you would configure Windows NLB and then configure the HLB to send port 8057 traffic to the VIP of the Windows NLB?

     

    And lastly I really can’t understand what it is that you was trying to show me in the post Monday, January 16, 2012 2:40 PM.

    The FQDN you are changing, is it used by the external users, the internal Edge-servers or the Front-end servers or something 3.? And for which purpose?

    Thanks again for all your help!

    Thursday, February 2, 2012 12:22 PM
  • Hi Martin,

    You seem to be confusing yourself. The Front end pool can point to the VIP of the HLB without a problem.

    As long as the HLB isnt specifically load balacing on a port level it should be ok. If you set the HLB to load balance the traffic from the Front End pool (either using the IP or DNS FQDN) then it should be ok because it will load balance entire sessions (which use multiple ports) rather than the individual ports.

    A typical web conference will use ports 5062, 8057, 8058, 5063, 5064 & 57501-65335. These will travel together as a session. So if you use a HLB it will load balance the entire session which includes all those ports.

    But if you load balance them per port it could send different parts of the same session to different Front end server which will cause a problem

    If you read the statement it says you can can load-balance the interfaces but not the "internal ports". It can be confusing, just as long as you know they are talking about it on a port level.

     


    Jamie Smith | MCITP: Lync 2010
    Monday, February 6, 2012 12:27 PM
  • Hi Jamie

    I’m so happy every time you are answering because I know that I’m getting a bit closer to finally understand it :)

    But I’m still very confused and still have two questions which are killing me.

     

     

    This text is taken from the Unleashed Book about HLB:

     

    Many load balancers have the option to balance “All Ports” for a given pool. Avoid this configuration, no matter how tempting and easy it seems. Instead, load balance only the ports found in the tables that follow.

     

     

    Load Balancing from the Front end pool to Internal Edge:

     

    Virtual IP                                          Address Port      Function

    Edge Internal Interface                   TCP 5061             Signaling

    Edge Internal Interface                   TCP 5062             A/V Authentication

    Edge Internal Interface                   TCP 443               STUN

    Edge Internal Interface                   UDP 3478            STUN

    There is no entry here for load balancing the internal Web Conferencing Edge interface. That is not an omission or error; port 8057 on the internal interface should not be load balanced by the hardware load balancer. The Front-End pools automatically distribute requests to multiple Web Conferencing Edge Servers if configured. Don’t forget to include TCP 8057 in the firewall rules, though, because even though it’s not load balanced, the Front-End servers need to be able to reach that port on Edge Servers.

     

    Okay – it all seems fairly easy and then ‘if configured’ is confusing me…

    Question 1: How do I configure this?
    Question 2: Could you please one more time try to explain what you are meaning/doing with your post from
    Monday, January 16, 2012 2:40 PM.  I can’t figure out what you are meaning and I’m sure that this is a part of my confusion.

     

    Jamie – I really owe you one… your help means a lot to me! Thanks!

     

    Monday, February 6, 2012 2:19 PM
  • The documentation comment means don't load balance TCP 8057 on your internal edge FQDN.  TCP 443, 5061, 5062 and UDP 3478 are all required for sessions initiated internally.

    I have no idea why they didn't just put (TCP 8057 for PSOM traffic by default) at the end of the statement to clarify other than they didn't know any better.

    av-webconf-workflow

    Tuesday, March 6, 2018 2:35 PM