Configuring an External Load Balanced UAG DirectAccess Array for an IPv4 Only Network
The article Configuring external load balancing for a Forefront UAG DirectAccess array at https://technet.microsoft.com/en-us/library/ee690463.aspx describes how you would configure a UAG DirectAccess array when using external load balancers. In the example provided on that page, you will see that both internal and external load balancers are required to complete the solution. However, the requirement for internal and external load balancers only exists when you have an IPv6 capable network. Another scenario you might want to consider is the IPv4 only network located behind the UAG DirectAccess array. In this scenario, you only need an external load balancer. In the IPv4 only network behind the UAG DirectAccess array scenario, the internal load balancer can be removed. Figure 1 depicts the topology for external load balancing when a UAG DirectAccess array is positioned in front of an IPv4 only network. Figure 1 You need to configure your external load balancer to load balance incoming connections for TCP port 443 (to support IP-HTTPS), and UDP port 3544 (to support Teredo. 6to4 will not work in an external load balancing scenario. You also need to configure UAG to use IPv6 addresses on its internal network interfaces, as external load balancing requires this. Since IPv6 is not deployed on your IPv4 only network, you should use a 6to4 based address space and give an address from that address space to each of the UAG array members internal interfaces, as shown in Figure 1. Suppose WWXX:YYZZ is the colon hexadecimal representation of w.x.y.z, which is the public IPv4 address you use in the external load balancer, you would use the 2002:WWXX:YYZZ:8000::/49 address space for generating addresses to the UAG machines (e.g. if the array has three servers they can get the following IPv6 addresses 2002:WWXX:YYZZ:8000::1, 2002:WWXX:YYZZ:8000::2, 2002:WWXX:YYZZ:8000::3) Once you run to UAG wizard you would be prompted to enter the IPv6 prefixes of you organization, you should use:
You can use the Windows Calculator to perform the conversions if you are not familiar with Hex notation. For example, for the IPv4 address: 192.0.2.31 W = 192 X= 0 Y= 2 Z= 30 Converting to Hex format WWXX:YYZZ: 192 = C0 0 = 0 2 = 2 31 = 1F Put them together, and you get: C000:021F Which can be used to determine the organization prefix: 2002:WWXX:YYZZ:8000::/49 which is in our example: 2002:C000:021F:8000::/49 To use the Windows calculator: 1. Open the Windows Calculator from the Start menu. 2. Click the View menu, and click Programmer. 3. Select the Dec option and enter the value for W, X, Y or Z 4. Select the Hex option. The display shows the conversion between decimal to Hex notation Authors: Ben Bernstein, Senior Program Manager Tom Shinder, Technical Writer |
Comments
Anonymous
October 18, 2010
Thanks for this, but I noticed a typo, "192.0.2.31 W = 192 X= 0 Y= 2 Z= 30" Should Z=30? or 31? and does it matter which IP on the external LB is used (1st IP or the 2nd Sequential IP)Anonymous
July 17, 2012
The comment has been removed