Just have everyone (internal/external) to connect to Edge, by changing all relevant DNS records to edge pool. (this will still require exposing FE server ports directly, but only to the inside of the organization, Manually configuring internal clients via GPO to connect to front end pool, and having everyone else connect to edge by changing DNS records to edge. I'm not even sure can F5 read this information form the stream, and/or redirect the connection this way. Is there a way around this problem - not having to open the server ports to the entire world? Ideally the F5 loadbalancer would have to detect the redirect request and find the FQDN of the home server then redirect the connection there, on behalf of theĬlient. Some here at work, however, are suggesting this is not adequate, and that means that Microsoft is essentially not supporting the F5 HW loadbalancer. My understanding it that this is a normal behavior for Skype client connectivity. Client will then attempt to connect to the FE server directly, bypassing the loadbalancer, and failing, because the FE server is not opened to communicate to the entire world (Ideally weĭon't want anything besides the loadbalancer and other servers to talk to FE servers). Resolves on the DNS (remember, DNS resolves to everyone, everywhere). however, if the loadbalancer routs the connection to the incorrect FE server (no user's primary FE server), then the client will get a redirect instruction ( SIP/2.0 301 redirect to home server) to go directly to the FQDN on the primary FE server - which Communication continues back and forth through the loadbalancer. If the loadbalancer routs the connection to the correct FE server (user's primary server), all is good and fine. When client attempts to connect, it will reach the FE pool through the loadbalancer, and: We are happy with this configuration, but here is the problem. Every client, inside or outside the organizations sees the same DNS records (effectively making all our authenticated clients internal, form Skype point of view, correct?). In our environment, we don't have Split-brain DNS, so our connectivity DNS records point to skype FE pool IP, which is hosted on the external side of the F5 loadbalnacer. We have a deployment scenario that is proving to be problematic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |