Load Balancing Microsoft Direct Access 2012 Servers

Question

Hi,
   We have inherited a customer that have f5's deployed &amp; one of the VIPs is load balancing some direct access servers. Currently the load balancing method is set for "Observed (Node)" &amp; the profile is using a default persistence profile of "dest_addr".
All of the connections are being pushed to the 1st server in the pool. 
We are thinking of changing the load balancing method to "Least connections (Node)" &amp; the persistence profile to use either "cookie" or "ssl".
My questions are, has anyone set this up &amp; have any different recommendations &amp; what is the impact on traffic when making these changes? 
i.e. would all existing connections be dropped &amp; will any devices that were previously connected immediately use the new persistence method on reconnection?&nbsp;
Thanks
Colin&nbsp;

ryan_korock_46 · Answer

What access protocols are you using Colin? IP-HTTPS, Teredo?&nbsp;
The persistence method is what is causing the clumping. Dest_addr is best used when load balancing transparent devices, such as a routers. I would definitely recommend changing that. In my testing, I did not see a need to set persistence. If you do set it, I would recommend setting it to source IP. Cookie will not work, as the BIG-IP is not able to inspect the payload (without doing SSL termination/re-encryption, which is not currently supported by MSFT for Direct Access).&nbsp;
My recommendation would be to use Least Connections for the load balancing method, and no persistence.&nbsp;
Changing lb &amp; persistence methods should not have an effect on existing connections. They will continue without disruption.&nbsp;

colinw_190728 · Answer

Ryan,
    I believe the access protocol in use is just IP-HTTPS.&nbsp;
Thanks for the response
Colin&nbsp;

john_tonks_2768 · Answer

You would need persistence for Remote Manage Out, else your would be constantly flipping between server connection Servers all day. &nbsp;
Also depending on how many clients you have this might risk port exhaustion with all this flip flopping about. &nbsp;

Forum Discussion

Load Balancing Microsoft Direct Access 2012 Servers

3 Replies

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Microsoft Skype for Business Server 2015

Microsoft Lync Server

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Microsoft Powershell with iControl

F5 BIG-IP Access Policy Manager (APM) - Google Authenticator and Microsoft Authenticator