Walkthrough: Supported Topologies for Load Balanced Edge Servers
Topic Last Modified: 2009-10-15
This topic defines two sample topologies to illustrate specific steps that are involved in moving to a load balanced edge configuration. The following diagrams illustrate these topologies: Figure 1 illustrates a one-armed topology, and Figure 2 illustrates a two-armed topology. These are the only two topologies that are supported in Office Communications Server 2007 R2. Note that the IP addresses of the corresponding servers in both diagrams are the same. The key difference is the networking topology and routing. In particular, notice the difference in subnets between the two diagrams.
Figure 1. One-armed edge topology
Figure 2. Two-armed edge topology
Your networking team may have an existing best practice for deploying load balanced services, which will probably have the biggest impact on which option you choose. If no precedent exists, following are factors to consider when you are deciding between a one-armed or two-armed topology:
- One-armed topology. A one-armed topology is easier to deploy from a networking perspective because the load balancers can reside on the existing networks without requiring any additional changes in routing. However, not all traffic goes through the load balancer VIP, such as media between clients and the A/V Edge Server. If one function of the load balancer is to be a firewall for the Edge Servers, this topology will not be sufficient. One benefit of this topology is that testing the Edge Server functionality independent of the load balancer is easier because there is no dependency on the routing functionality of the load balancer.
- Two-armed topology. In a two-armed topology, the Edge Server and reverse proxy server reside behind the load balancers on private networks. The intent is to abstract these servers away from the internal and external perimeter networks. This is possible with the reverse proxies, since only HTTP traffic is being handled. However, the Edge Servers cannot truly be hidden by the load balancer VIPs alone because clients on the Internet and corporate networks need to contact the A/V Edge Server directly to establish media. In addition, the Access Edge Server and A/V Edge Server need to be able to initiate connections out to the Internet for federation. This means that the load balancers that are servicing both the internal and external sides Edge Server interfaces must actually route packets in both directions. It also means that the internal private edge networks must use an IP address range that is routable from within the corporation and the external private edge network must use an IP address range that is publically routable from the Internet. This topology enables the load balancer to be a single point of entry for all packets to and from the Edge Servers, so you can perform firewall functionality in the two-armed topology. Remember that the networking load is considerably higher in the two-armed topology because all traffic destined for the Edge Servers goes through the load balancer.