Walkthrough: Validating Load Balancers for Edge Servers
Topic Last Modified: 2012-02-21
Before using test clients to validate the newly configured load balancers, it is a good practice to use telnet to confirm that the load balancer is at least listening on the virtual IP (VIP) and directing connections to both Front End Servers. To do this, perform the following steps:
- On each Edge Server, run Netmon (or a similar protocol analysis tool) and add a filter to only display traffic coming in on the external Access Edge Server interface on Transmission Control Protocol (TCP) ports 5061 and 443.
- From a test client on the Internet, telnet to the Access Edge Server VIP on port 5061 and then again on port 443.
- Close the telnet session and reestablish these telnet sessions several times.
- On the Edge Server, the Netmon trace should show TCP connections in an alternating fashion.
- Repeat the above previous steps for the Web Conferencing Server interface using TCP port 443.
- Repeat the previous steps for the A/V Edge Server interface using TCP port 443.
- On each Edge Server, run Netmon (or a similar protocol analysis tool) and add a filter to only display incoming traffic to the internal Edge Server interface on Transmission Control Protocol (TCP) ports 5061, 5062, and 443. For User Datagram Protocol, apply a filter for incoming traffic over port 3478
- From a Front End server, telnet to the internal Edge Server VIP on the following ports:
- 5061/TCP/SIP(MTLS)
- 5062/TCP/SIP(MTLS) (for the media relay authentication service (MRAS))
- 443/TCP/STUN
- 3478/UDP/STUN
- On the internal Edge Server interface, the Netmon trace should show TCP connections in an alternating fashion, and also show connections associated with 3478/UDP.
To validate the load balancer configuration using test clients, we will employ similar hosts file configuration changes that were used to validate the Edge Server’s installation. The only difference is that the load balancer is now configured, so we can point the pool fully qualified domain name (FQDN) to the load balancer VIP. This simulates the behavior that occurs when the pool FQDN is updated in the production Domain Name System (DNS) server.
To perform this testing, first add a temporary host file entry on your Office Communications Server test pool, pointing the FQDN of the internal Office Communications Server Edge Server to the IP address of the particular Edge Server you want to test first. For example, in our sample topology:
- On ocsstd.contoso.com, add a hosts file entry that resolves to ocsedge.contoso.com to 172.24.0.40.
- On ocsstd.contoso.com, configure ocsedge.contoso.com as the Access Edge Server, webconf.contoso.com as the Web Conferencing Edge Server, and av.contoso.com as the A/V Edge Server.
- In a command window, run ipconfig /flushdns to clear the DNS cache.
- Restart all services on the Front End Server to ensure they use the updated IP address.
Next, prepare three test workstations with the Office Communicator, Outlook, and Live Meeting clients, and then perform the following:
- Add hosts file entries on each client resolving sip.contoso.com to 128.95.0.40, webconf.contoso.com to 128.95.0.50, av.contoso.com to 128.95.0.60, and ocsedge.contoso.com to 172.24.0.40.
- In a command window, run ipconfig /flushdns to clear the DNS cache.
- In Office Communicator, configure connection settings to Manual, specifying ocsstd.contoso.com as the internal server name and sip.contoso.com as the external server name.
- In the Live Meeting Client, configure the Office Communications Server to Manual, specifying ocsstd.contoso.com as the internal server name and sip.contoso.com as the external server name.
- Using the test clients homed on a combination of the Internet and the Corporate Network, login to Office Communicator using some test accounts homed on the Standard Edition server and verify all peer-to-peer (P2P) and conference modalities work. This includes instant messaging (IM), voice, video, and desktop sharing.
- Using one of the test clients, use the same test clients to schedule a Live Meeting conference using Outlook. Join the meeting and verify that all Live Meeting conference modalities work.
At this stage, you have validated the functionality of the newly added Edge Server load balancers. This provides confidence for doing the actual cut over in the production DNS. Before proceeding, take some time to simulate failure of an Edge Server or reverse proxy server (for example, stop the Front End service or pull the network cable), identify the client behavior, and document the procedure for responding to such a situation. Typically clients use their inbuilt keep-alive mechanisms, client retry logic, and server reconnection randomizations to detect when their Front End Server goes down and then will connect seamlessly to another Front End Server that is available behind the load balancer.
The final step is to remove the test settings that you configured are as follows:
- On ocsstd.contoso.com remove the hosts file entry that resolved ocsedge.contoso.com.
- In a command window, run ipconfig /flushdns to clear the DNS cache.
- Restart all services on the Front End server to ensure they use the updated IP address.
- On the test clients, remove the hosts file entry that resolved sip.contoso.com, webconf.contoso.com, av.contoso.com, and ocsedge.contoso.com.
- In a command window, run ipconfig /flushdns to clear the DNS cache.
- Reset Office Communicator and Live Meeting clients to use automatic server lookup.
- Restart the test clients to ensure they do not use any cached DNS entries.