Application Delivery (ADX)

Reply
New Contributor
Posts: 2
Registered: ‎08-02-2010

Can't LB Exchange 2010 CAS

We have a SI ADX 1000 and are trying to get simple load balancing established for ssl, http, and MAPI RPC. Initial attempt is to just configure direct server return. There are two Exchange 2010 CAS instances running on a Hyper-V R2 cluster. The connectivity looks like this:

       

             |

                

     |                    |          |

            

The ADX and cluster NICs used by the CAS servers OWA and OWA2 are connected to the same routed VLAN (all ports untagged members of the VLAN)

The CAS VMs both have a loopback adapter configured with the IP of the VIP and mask 255.255.255.255 as per instructed by a Brocade engineer. We can ping anything, from anywhere.

We can go directly from clients to the CAS servers individually and use the Outlook Web App over HTTPs or use Outlook to connect to mailbox databases that are configured to home on the CAS servers. We also have another VM in cluster using the same NICs in that subnet and have no trouble at all with it (Web, management, whatever).

Leaving the entire CAS-Array out of the picture (forgetting about load balancing MAPI RPC for now) we still can't pass HTTPs to the VIP and connect to the CAS servers in that fashion. Have removed DSR out of the picture, disabled the loopback NICs in the VMs, and changed the ADX config to use source-nat for each of the real servers. Still no luck. When looking at "show server real" output ssl and http always show failed. Below is the pertinent config of the ADX.

As a matter of course, web server logs on the CAS systems never record a health check hit from ADX but I can ping the CAS VMs all day long from the ADX and vice-versa.

Please any suggestions would be greatly appreciated.

ver       12.1.00T401
!
context default
server real CAS-OWA 10.2.0.7
port ssl
port ssl keepalive
port ssl l4-check-only
port ssl server-id 1201
port ssl group-id  1 1
port ssl url "GET /owa"
port 135
port 135 keepalive
port 60000
port 60000 keepalive
port 60001
port 60001 keepalive
port http
port http keepalive
port http url "GET /owa"
port http l4-check-only
port http server-id 1201
port http group-id  1 1
!
server real CAS-OWA2 10.2.0.8
port ssl
port ssl keepalive
port ssl server-id 1202
port ssl group-id  1 1
port 135
port 135 keepalive
port 60000
port 60000 keepalive
port 60001
port 60001 keepalive
port http
port http keepalive
port http url "HEAD /"
port http server-id 1202
port http group-id  1 1
!
!
server virtual CAS-LB 10.2.0.10
predictor round-robin
port ssl
no port ssl sticky
port ssl persist-hash
port ssl dsr fast-delete
port 60000
port 60000 persist-hash
port 60000 dsr fast-delete
port 60001
port 60001 persist-hash
port 60001 dsr fast-delete
port 135
port 135 persist-hash
port 135 dsr fast-delete
port http
port http persist-hash
port http dsr fast-delete
bind ssl CAS-OWA ssl CAS-OWA2 ssl
bind 60000 CAS-OWA 60000 CAS-OWA2 60000
bind 60001 CAS-OWA 60001 CAS-OWA2 60001
bind 135 CAS-OWA 135 CAS-OWA2 135
bind http CAS-OWA http CAS-OWA2 http
!
vlan 1 name DEFAULT-VLAN by port
no spanning-tree
!
aaa authentication web-server default local
no enable aaa console
hostname ADX#1
ip address 10.2.0.9 255.255.0.0
ip default-gateway 10.2.0.1
no ipv6 enable
telnet server
username admin password .....
clock summer-time
clock timezone us Eastern
sntp server 10.1.1.1 3
no-asm-block-till-bootup

Super Contributor
Posts: 1,087
Registered: ‎12-13-2009

Re: Can't LB Exchange 2010 CAS

Hi,

     Suggest you have a read of the attached doco for ADX  and Exchange 2010.

Thanks

Michael.

New Contributor
Posts: 2
Registered: ‎08-02-2010

Re: Can't LB Exchange 2010 CAS

Received information from Brocade Tech Engineer that solved the problem. When using DSR and loopback adapter on Server 2008 you must modify IP Stack of 2008 to enable weakhostreceive on real server NIC and enable weakhostreceive and weakhostsend on the loopback adapter. Post to solve the issue is:

http://blog.loadbalancer.org/direct-server-return-on-windows-2008-using-loopback-adpter/

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook