Forum Discussion

newf5learner_13's avatar
newf5learner_13
Icon for Nimbostratus rankNimbostratus
Jun 19, 2014

reverse proxy irule for Lync'13 setup - questions.

Hi, well most of the guys here aware of the reverse proxy irule configuration for lync10 & 13 servers. Let me explain the current setup that I'm working with. We have a WIP 'externallync.for4u.com' on our external facing GTM on which I have added aliases as below. alias 1 ) londonlync.for4u.com Alias 2) tokyolync.for4u.com Alias 3) hongkonglync.for4u.com

 

I have create a VIP (20.20.30.40) in my external LTM and pointed the WIP on to the VIP. I mean, WIP has a pool and pool member is 20.20.30.40 (A VIP in from the LTM). At the LTM, I have created a irule so that each site specific URL is pointed to respective regional servers.

 

VIP : 20.20.30.40 has SNAT enabled. below is the irule.

 

when HTTP_REQUEST { if { !([HTTP::uri] contains "WebTicket/WebTicketService.svc/Auth") } { switch [string tolower [HTTP::host]] { londonlync.for4u.com { pool pool_london_lync13 } tokyolync.for4u.com { pool pool_tokyo_lync13 } hongkonglync.for4u.com { pool pool_hongkong_lync13 } } } }

 

Pools and member server details: pool pool_london_lync13 contains 10.20.30.40 ---> (windows'12 server on which we have lycn2013 installed.) pool pool_tokyo_lync13 contains 10.30.40.50 ---> (windows'12 server on which we have lycn2013 installed.) lly for the hongkong. Also, I have assigned a http profile with X-Forwarded-For HTTP feature enabled.

 

Now, the issues I'm facing are that :

 

1) At the server end, I'm not seeing any of the client IP addresses(source IP addresses) though X-Forwarded-For HTTP is enabled. Let me know how insert X-Forward option in the irule configuration I have listed above. Server team wants to see the requestor IP addresses(client IP addresses) to be seen the server logs.

 

2) The above setup is not working when my regional servers are lync'13 servers, but works fine with same irule configuration for 2010 lync. on my external ltm I created a test VIP 20. 20.30.41 and put one of the 2013 lync servers as the members and it worked with no issues(I just isolated the irule and http profile settings from the picture).

 

can someone suggest me what and where is it breaking, servers team says its the problem with F5 reverse proxy irule and http profiles added.

 

thanks, Lokesh

 

5 Replies

  • When I first started to deploy Lync I tried creating VIPs for everything and eventually, I gave up because of the number of ports and VIPs needed. I was hesitant to use the iApp but it made publish Lync through the BIG-IP out to the web a breeze. The iApp built into the version I was using didn't support 2013 but here on Dev Central there is a newer iApp that supports both 2010 and 2013 and it worked great for us. It was a very well written iApp that made the process of integrating it in with our BIG-IP seamless. I highly recommend trying it.

     

    As for issue 2, I remember when I deployed Lync 2013 there were some configuration items related to load balancing, can't remember now if I had to configure them or not but in the Topology application is where you will find them.

     

    • newf5learner's avatar
      newf5learner
      Icon for Nimbostratus rankNimbostratus
      I believe that the configuration I have done will be very similar to the iApp one. But not sure why its not working.
    • boneyard's avatar
      boneyard
      Icon for MVP rankMVP
      there is a difference between very similar and similar. if you can run the iapp (possibly in different environment) and spot the differences.
    • mikeshimkus_111's avatar
      mikeshimkus_111
      Historic F5 Account
      The Lync iApp configures as many as 500 objects on BIG-IP. We absolutely recommend using the latest version of the iApp to deploy because it's very easy to miss something crucial. If you need a slightly different deployment, use the iApp and then disable strictness so you can make changes. Mike