Lync 2013 Edge Config

Question

I am new to F5 and recently helped a client deploy an LTM for Lync 2013. Lync 2013 has some very specific requirements when load balancing the Edge server. Specifically, I am interested in knowing why Microsoft has a requirement for having public IP addresses on the Lync Edge server and VIP? Why can it not use NAT? See here for original documentation: http://technet.microsoft.com/en-us/library/gg425841.aspx&nbsp;
"If you have an Edge pool and are using a hardware load balancer, you must use public IP addresses on each of the Edge Servers and you cannot use NAT for the servers or the pool at your NAT device (for example, the firewall, or other infrastructure device that would NAT inbound or outbound traffic). For details, see Port Summary - Scaled Consolidated Edge with Hardware Load Balancers in the Planning for External User Access documentation."&nbsp;

mikeshimkus_111 · Answer

Hi Vegas588, this blog post explains the best practices for Lync Edge w/F5:  https://devcentral.f5.com/blogs/us/the-hopefully-definitive-guide-to-load-balancing-lync-edge-servers-with-a-hardware-load-balancer 
&nbsp;  
&nbsp; Basically, the Edge needs to be able to see the real IPs of external clients so it can set up peer-to-peer connections between them, rather than proxy all the connections. 
&nbsp; thanks 
&nbsp; Mike

phil_no_spill_1 · Answer

Hi Vegas588,
I guess you've implemented now using Public IPs, however I have the same question and I'm a newbie to F5.

Can anyone confirm whether the below is supported or works... or if I'm talking horsedung.
I've seen posts by users saying that some have implemented F5 and Lync using NAT at the firewall successfully.  We are going through the same issues, and are looking at redeploying the edge servers with Public rather than Private IPs to ensure a supported config.

My understanding is that if Lync is deployed and the "use NAT" option for AV services is enabled on the Edge Servers then provided the Edge server has a route out it "should work" using a private IP.   AV Clients would connect using their Public IP to the Firewall assigned Public AV IP which nats to internal Edge server directly (bypassing the F5).  Return traffic from the edge would embedd the public IP in the packet as its NAT aware.  The Edge server would require a route back via the Firewall as SNAT isnt used.

The Access and Web Conferencing clients connect  via the F5 to the edge using SNAT.
 
So the Firewall should be able to be set as the default gateway on the edge - whereas I've seen posts saying the Floating IP of the F5 DMZ should be the default gateway (which I don't get as this wouldn't forward unless it was setup to VIP back to the Firewall???).  
Keen to here from anyone doing things this way.

Thanks - Phil

Forum Discussion

Lync 2013 Edge Config

2 Replies

Recent Discussions

Need advise to setup a policy on F5

Web acceleration

What are the different phases in DevOps?

Create a CSR and Key using the BigIP LTM GUI when renewing a certificate

F5 Rseries HA

Related Content

Microsoft Lync Server 2013/2010 iApp template

Microsoft Lync Server

virtual server config

Radware config translation

Troubleshooting Lync/Skype for Business Reverse Proxy