Lync 2010 and ACE load balancing

glenne nelson · ‎09-05-2011

Hi there,

Has anyone deployed [or will be deploying] Lync 2010 utilising the ACE as a hardware load balancer. The ACE is not {yet] on the Microsoft list of supported devices for this product, but I am told this because of lack of documentation from Cisco.

The consensus from a few colleagues is that it should work as it did for OCS, which we have already deployed, so assuming that the set up and operation is similar, there shouldn't be much difference in the configurations.

regards,

Glenne.

Mark DeRosia · ‎02-23-2012

Were you able to get this set up without issue? The ACE is not on the supported HLB list so I am having alot of trouble finding example configurations. I would like to set my ACE to work with Lync mobility.

glenne nelson · ‎02-24-2012

Hi,

Have got a [quite big] working configuration currently in test. Our loadbalancing set up utilises DNS load balancing for SIP traffic and the ACE for Web based traffic.

I can't tell you much about the LYNC2010 set up, as that is administered by a different team. Happy to share any ACE related queries with you, however.

Mark DeRosia · ‎02-24-2012

Right, I am inquiring about the ACE setup you have for the web based load balancing. I am also using DNS load balancing for the sip access. Did you have to do any specialized setup on your ACE to work with the Lync web traffic? Or did you just have the basic web setup with cookie persistance? I just have a basic setup now but I am running into issues when going through the ACE with the cookie persistance which is required for Lync Mobility. Any specialized config you would be able to share will be greatly appreciated. I wish there was more documentation out there for the Cisco ACE and Lync but it is not even a supported load balancer for Lync so I cannot find any good info.

glenne nelson · ‎02-24-2012

See a heavily sanitised partial config attached, IP Addresses, vlans, names have been changed to preserve security and design copyright.

But the semantics should give an idea of how I've configured the ACE.

You can always drop me an email,

Regards

Mark DeRosia · ‎02-28-2012

Thank you much. You config in way more detailed and in depth than mine currently is. I will definitely use yours as a reference. Thanks again for the assistance. Have a great day.

Mark

adrianoden · ‎03-02-2012

Thank you for providing your sanitized config, My organization is planning to deploy this in the same fashion and I too am concerned about the persistence peice for external users.

I see that your using ip-netmask for your sticky configuration. Are you experiencing any issues with this? The Microsoft load balancing guide for Lync specifically mentions using cookies for session persistence.

http://technet.microsoft.com/en-us/library/gg615011.aspx

glenne nelson · ‎03-03-2012

Hi,

I am not aware of any problems. In the absence of any material from Cisco, I based my configurarions on OCS.

The design is currently been used by the Unified Comms team and not yet been piloted so it is posible that there is some fine tuning to do to the design.

But be aware that I took it up with Cisco in November and I am assured that they are now in collaboration with Microsoft and something is imminent.

regards.

Glenne

Don Brack · ‎11-27-2012

Glenne, from the looks of that config, is it missing probes? I'm currently working on a full deployment of Lync 2010. Hopefully I can add to this thread..

Thanks

glenne nelson · ‎12-07-2012

Hi Don,

I've only returned from holidays today hence no response.

In answer to your question, yes, probes are used. Remember that what I posted is a simpler sanitised version of whta is operational. After an evaluation period, I'm now advised that LYNC 2010 load balanced behind the ACE, is now rolled out and operational on our campus.

However, we will be evaluating the next generation load balancers to replace the ACE and are currently looking at pricing from A5, A10 and Citrix.

Regards,

Glenne.

Jorge Bejarano · ‎12-10-2012

Hey Glenne,

It seems you got that working already but I wanted to share this simple sample:

parameter-map type http PARAMETER

set header-maxparse-length 65535

set content-maxparse-length 65535

============================================

interface vlan 112

ip address 10.198.16.71 255.255.255.192

alias 10.198.16.124 255.255.255.192

peer ip address 10.198.16.72 255.255.255.192

mac-sticky enable

access-group input anyone

nat-pool 25 10.198.16.125 10.198.16.125 netmask 255.255.255.0 pat

service-policy input ANS-MGT

service-policy input VIPS

no shutdown

============================================

policy-map multi-match VIPS

class LYNC_VIP

loadbalance policy LYNC_POLICY

ssl-proxy server SSL_LYNC_TERMINATION

loadbalance vip icmp-reply active

nat dynamic 25 vlan 112

appl-parameter http advanced-options PARAMETER

============================================

class-map match-all LYNC_VIP

2 match virtual-address 10.198.16.125 tcp eq https

============================================

ssl-proxy service SSL_LYNC_TERMINATION

key tac-key

cert tac-cert

chaingroup tac-chaingroup

============================================

policy-map type loadbalance first-match LYNC_POLICY

class class-default

sticky-serverfarm LYNC_COOKIE

============================================

sticky http-cookie ACE_COOKIE LYNC_COOKIE

timeout 30

replicate sticky

serverfarm LYNC_FARM

============================================

serverfarm host LYNC_FARM

rserver LYNC_SERVER1 80

inservice

rserver LYNC_SERVER2 80

inservice

============================================

rserver host LYNC_SERVER1

ip address 10.198.16.93

inservice

rserver host LYNC_SERVER2

ip address 10.198.16.113

inservice

===========================================

Jorge

Don Brack · ‎12-11-2012

We have our Lync 2010 working with ACE except mobility. Any documention or examples. We are having login issues from mobile clients.

Jorge Bejarano · ‎12-11-2012

Don,

Could you paste the ACE configuration for your mobile users?

To my knowledge, there are no specific requirements for Lync and the sample above should be enough.

Jorge

Don Brack · ‎12-11-2012

I do realize some are in use and some are not. I was trying multiple commands

rserver host w8v-lyncfe1
ip address 10.201.233.13
inservice
rserver host w8v-lyncfe2
ip address 10.201.233.14
inservice
rserver host w8v-lyncfe3
ip address 10.201.233.25
inservice

serverfarm host lyncfe
description microsoft lync
predictor leastconns
rserver w8v-lyncfe1
    inservice
rserver w8v-lyncfe2
    inservice
rserver w8v-lyncfe3
    inservice

sticky http-cookie MS-WSMAN lyncfe-cookie-sticky
cookie insert
timeout 65535
replicate sticky
serverfarm lyncfe
sticky http-cookie lyncfe-sticky lyncfe
cookie insert
timeout 65535
replicate sticky
serverfarm lyncfe

class-map match-all lyncfe
2 match virtual-address 10.201.13.40 any

policy-map type loadbalance http first-match lyncedge-policy
class class-default
    sticky-serverfarm lyncedge
policy-map type loadbalance first-match lyncfe-https-class-l7slb
class class-default
    sticky-serverfarm lyncfe-cookie-sticky
policy-map type loadbalance http first-match lyncfe-policy
class class-default
    sticky-serverfarm lyncfe

policy-map multi-match client-vips
class lyncfe
    loadbalance vip inservice
    loadbalance policy lyncfe-policy
    loadbalance vip icmp-reply active

tporembski · ‎08-01-2013

I know this issue has been addressed over a year ago but we are just now geeting into Lync for mobility and cookie persistance. I am curious what additional load this has put on your ACE, and what ACE model are you using?

Thank you

Tony Porembski