Exchange 2007 Load Balancing
I am far from an expert on load balancing. Weare usinga 3rd party hardware load balancing solution.It is my undertanding that clientsor lob appscan connect to a load balanced virtual ip for the cas and hub servers. However, the Exchange servers need to see each server by their "backend" ip address. Essentially, then the exchange servers themselves would not at all be using the load balanced virtual ip for communication. The reason I ask is that I was told by someone on my network team that the current config for all servers behind the load balancer is that they communicate outside of their network by using the virtual ip. So that would mean that the mailbox servers on a separate network would see the virtual ips during communication. That doesn't seem to be a supported config. Hopefully someone can just grant me some confirmation.Micah
January 27th, 2009 12:08am
Hi Micah,~ I think "outside of their network" means internet. On seperate network subnet or in different AD site(over the WAN),it should be still through indivudial IPs.~ Second thing, you mentioned that Hub Transport on load balanced hardware, make sure that port 25 & 465 are disabled on virtual IPs because HT load balancing is default through Exchange 2007 in same AD site.Exchange Server 2007 Hub Transport (HT) and Client Access Service (CAS) on the Same NLB Clusterhttp://msmvps.com/blogs/clusterhelp/archive/2007/10/05/exchange-server-2007-hub-transport-and-client-access-service-on-the-same-nlb-cluster.aspxDeployment Options for Hub Transport Servershttp://technet.microsoft.com/en-us/library/bb124398.aspxAmit Tank | MVP - Exchange | MCITP:EMA MCSA:M | http://ExchangeShare.WordPress.com
Free Windows Admin Tool Kit Click here and download it now
January 27th, 2009 12:20pm
Although written specifically with WNLB in mind, you should find the following article helpful:
http://www.msexchange.org/articles_tutorials/exchange-server-2007/planning-architecture/load-balancing-exchange-2007-sp1-hub-transport-servers-windows-network-load-balancing-technology-part1.html
I also cover this in the first question in in the Exchange Queue & A column in the TechNet Magazine back from July 2008:
http://technet.microsoft.com/en-us/magazine/2008.07.exchangeqa.aspx
Yes you often have LOBs on the internal network that only can have a single SMTP server specified. As you can see even MOSS only allows you to specify a single SMTP server.
Henrik Walther
Exchange MVP | MCM: E2K7 | MCITP: EMA/EA | MCSE: M+S - MSExchange.org
January 27th, 2009 10:09pm
Thank you for your responses. Like I said originally I am not a network guy by any means, so excuse me if my reply isn't what you would expect.
As explained to me by my network team our hardware load-balancer stands in front of a dedicatedsubnetand basically routes traffic based on ip and port. The load balancer rules are effective for the virtual ip port 25. The rules on the load balancer say that if any traffic is destined for either of these two backend ip address on port 25, it needs to come by way of the virtual ip. I cannot even establish a telnet session over port 25 without using the virtual ip.
My solution to this was to multi-home the hub server. I would place one nic on a subnet that was not load balanced and allow all exchange traffic, including edge servers, to speak to the hub servers over that ip. I would have the second nic on this "restricted" subnet behind the load balancer and allow all non-exchange smtp servers to talk to it using the virtual ip.
The problem with this directionis that the nics, being on two different subnets,will use two different gateways. This isn't a supported configuration so I would be forced to specify a gateway on only one nic and then use the route add command to configure static routes. The issue with this is that both nics, though on different subnets, will need to communicate with the same internal subnets. When you add a static route, it is a "server-wide" change that affects both nics. I wish I could add a route that said traffic from this ip rangedestined for this ip should use this gateway. But unfortunately it appears that all I can say is traffic from this ip range should use this gateway.
Is there something that I am not considering that could be used to tweak this configuration? Should I tear it down and start from scratch with another method? Am I overlooking a crucial step in one of your responses that would make this all better?
I realize that the turn this post has taken may require it to be routed (no pun intended) to a different forum. If that is the case, just let me know.
I really appreciate your assistance! Thank you.Micah
Free Windows Admin Tool Kit Click here and download it now
January 30th, 2009 7:49pm
I was able to resolve this issue by use of exception rules on the load balancer. Apparently you can create rules for certain source ips that can be routed directly to the backend ips without using the load balanced virtual ip.Thanks!Micah
February 2nd, 2009 6:09pm