F5 Configuration for OCS R2

This week I have been trying to help one of my peers with an F5 issue. Getting the configuration settings right with F5 for OCS R2 is an art form so I want to reprint the material from a previous post I did and add some new context to help people avoid probably the number one issue. Incorrectly setting the persistence and protocol settings.

Reprint of my original post with new content.

The table below should help anyone get the right settings to have all the different working parts of an OCS R2 deployment working when using an F5 to load balance multiple front end servers in a consolidated deployment.

You Virtual Server profile for the SIP ports used with OCS should look something like this when viewing the text file print out of the .conf file:

VS: ocs-pool-sip
Port: 5061
Type: Standard TCP
Profile: ocs-TCPtimeout-1200
SSL: None
SNAT: Automap
Persistence: source_addr

Things to be on the lookout for are the Type and persistence settings. If these are set to SIP, which F5 has a profile for, this will cause TCP sync issues. This leads to logon failures and dropped session among other things.

Also ensure that the F5 isn’t terminating the SSL session. In OCS’s case no encryption should be terminating on the F5 and should be passed through to OCS blindly as it were. I have seen some excetions to this in the case of CWA but as a general rule it should be set to none.

To configure a health monitor for 5061:
1.On the Main tab, expand Local Traffic, and then click Monitors. The Monitors screen opens.
2.Click the Create button. The New Monitor screen opens.
3.In the Name box, type a name for the Monitor.
4.From the Type list, select HTTPS.The TCP Monitor configuration options appear.
5.From the Configuration list, select Advanced. The advanced configuration options appear.
6.In the Configuration section, in the Interval and Timeout boxes, type an Interval and Timeout.
7.In the Alias Service Port box, type 5061.
8.Click the Finished button.

From the .conf file it will look something like this:
monitor ocs-frontend-sip-5061 {
defaults from https
interval 30
timeout 91
dest *:5061

Also, you will need to create a TCP profile with an Idle timeout of1200 seconds and enable TCP resets on idle timeout which will need to be applied to each of the VIP created.

Of course all this information is on the internet in various places. The following document is available from MSFT on load balancing requirements for OCS R2 but it’s a general document not specific for F5.

F5 have released an OCS R2 document which also covers the persistence setting I mentioned above. In the original documentation this was missing.In the document they recommend Source Address Affinity as the correct setting for persistence.

Comments welcomed


No comments:

Post a Comment

Note: Only a member of this blog may post a comment.