Exchange 2010 COnfiguration

Question

I have a question regarding Exchange 2010 implementation.  I'm newer to working with LTM so forgive me if some of the questions I ask may seem basic.   I will be load balancing OWA, Active Synch, and Autdiscover and RPC using a single FQDN or VIP.  I'm thinking about using a one armed configuration.  Not sure if this is good or bad.&nbsp;
&nbsp; The way our internal network is setup, we kind of limited to a one armed configuration.     First off, is using a one -armed configuration better than using a routed.  The way our internal network is setup, the CAS servers sit on the same Vlan as the VIP.  I do realize I will be using a snat so the source IP address will look like the egress vlan IP of the F5.  All of the server logs will then show this and it may be difficult for a windows admin to look in the logs and troubleshoot.. &nbsp;
&nbsp; On the other hand, My understanding is, if using a routed configuration, I do NOT need to create a snat if the node's default gateway is the floating IP if the VLan the node is on.   The source IP address of the client would not be change and the server logs would show the true client IP address.  I would however also need to create a route so when that node sent its' traffic back to the BigIP as the DG he it would know where to send it.  Say if i'm using a 10.0.0.0 network, and I have 2 trunks going to 2 different sets of switches, how do I make sure that traffic coming in from Trunk A goes back out trunk A.  The 10.0.0.0 also lives on trunk B. Finally,how do I allow admins to be able to access their servers that sit behind the F5.  Do I need to create a seperate management VIP so they can telnet or connect to it?   Thanks in Advance..&nbsp;

nitass · Answer

Posted By jayson on 11/24/2010 07:58 AM 
&nbsp;Say if i'm using a 10.0.0.0 network, and I have 2 trunks going to 2 different sets of switches, how do I make sure that traffic coming in from Trunk A goes back out trunk A.  The 10.0.0.0 also lives on trunk B. Finally,how do I allow admins to be able to access their servers that sit behind the F5.  Do I need to create a seperate management VIP so they can telnet or connect to it?   Thanks in Advance..&nbsp;SOL11796: Overview of the Auto Last Hop setting &nbsp;http://support.f5.com/kb/en-us/solu...11796.html&nbsp;
&nbsp;for administration, you may configure either management vip or nat.

jason_l_40779 · Answer

I appreciate the input.  I'm newer to F5 and an really enjoying being an
 administrator for them, but want to get better.  I more used to doing a
 one armed configuration so this is all new to me...&nbsp;&nbsp;
 SO if the nodes are using the floating self IP of the Vlan on the LTM 
as their default gateway, I do NOT need to create snats for any of those
 VIPS associated with those nodes correct&gt;?  The whole reason for the
 snat is so that traffic sent to the node is returned back to the 
LTM.    I would also need some sort of route on the LTM so if any server
 were to initiate a connection and send it to the D.G (LTM) he would 
need to route that traffic.  &nbsp;&nbsp;
For administrators to get access to their servers, I would create a nat 
or a VIP which does a 1 to 1 mapping from a IP addresses which is 
routable to a node behind it.  Even though the nodes are routable on the
 network, if their default gateway is the F5, I would still need to do 
this being the only way to get to them is through the Bigip correct?&nbsp;&nbsp;
I'm thinking of staying with the one armed setup due to the simplicity. 
 I was just trying to look at all apsects.  I know that to the exchange 
administrators, all IP addresses in their logs will show it coming from 
the LTM do to the snat automap.   any other thoughts or input is 
appreciated... Thanks.

nitass · Answer

SO if the nodes are using the floating self IP of the Vlan on the LTM as their default gateway, I do NOT need to create snats for any of those VIPS associated with those nodes correct? 
&nbsp; yes 
&nbsp;  
&nbsp; I would also need some sort of route on the LTM so if any server were to initiate a connection and send it to the D.G (LTM) he would need to route that traffic 
&nbsp; yes 
&nbsp;  
&nbsp; Even though the nodes are routable on the network, if their default gateway is the F5, I would still need to do this being the only way to get to them is through the Bigip correct? 
&nbsp; yes

l4l7_53191 · Answer

Jayson: I'd have a listen to devcentral podcast 154, which deals with your use-case exactly. Joel Moses, who is the guest speaker for this session, has done some fantastic work with this and I'd strongly suggest anyone out there with a 2010 environment give it a listen. In particular, you'll learn about a bunch of specific gotchas that can arise if you're using SNAT with these environments. Joel also walks through solutions. 
&nbsp;  
&nbsp; Here's the direct link: http://devcentral.f5.com/weblogs/dcpodcast/archive/2010/11/11/devcentral-weekly-podcast-154-sticky-snat.aspx 
&nbsp;  
&nbsp; Enjoy! 
&nbsp; -Matt

Forum Discussion

Exchange 2010 COnfiguration

4 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

Related Content

Microsoft Exchange 2010 and 2013 iApp Template

Health Monitors for Exchange 2010

Exchange 2016

MS Exchange ProxyNotShell block implemented via iRules

APM authentication for Exchange 2010