Hi Experts,
I am deploying a UAG Array to be used for Direct Access. The Array will consist of two servers and use an F5 External Load Balancer. In addition and in similarity to 90% of the other corporate intranets out there, the internal network is IPv4 with no IPv6 transition technologies deployed. The article http://blogs.technet.com/b/edgeaccessblog/archive/2010/05/17/configuring-an-external-load-balanced-uag-directaccess-array-for-an-ipv4-only-network.aspxisgreat but to my mind has no information to support ‘Manage Out’ and throws up a number of questions: (Note that I want to enable ‘Manage Out’ capability and as far as I am aware that is achieved by using ISATAP)
- The article describes that you have to generate and configure your own IPv6 address for the internal interface when using an external load balancer. Does anyone know why? Why not let UAG assign the addresses as per the default?
- UAG by default configures itself as an ISATAP router when there is no IPv6 infrastructure deployed on the internal network to facilitate ‘manage out’. This still applies when using Windows NLB. Why does this no longer apply when using an external load balancer? I.e. Why does UAG no longer configure itself as a ISATAP router?
- In relation to question 2; you therefore need to move your ISATAP router to a different device (http://technet.microsoft.com/en-us/library/ee690463.aspx), in doing so how do you configure the ISATAP environment to traverse the UAG servers without some sort of load balancing on the internal interfaces? I’m assuming that you can only tell the ISATAP router to use the one default gateway i.e. either one UAG server or the other. This means that you would have all your outbound internally initiated traffic going via one server only – not very good for performance or fault tolerance.
- In relation to question 3; I thought therefore that NLB could be used on the internal interface to solve the above problem, except that I have read that you can’t mix and match external load balancing and NLB even though they are on separate networks due to bidirectional affinity. What does this actually mean and why does this not occur when load balancing is mixed in this manor?
Therefore when you wish to use external load balancers, do you:
A) Except the fact that you can’t use UAG as a ISATAP router and you do indeed need two devices
and deploy it as described here (http://technet.microsoft.com/en-us/library/ee690463.aspx)
or
B) Except the fact that that you can’t use UAG as a ISATAP router and any internal outbound traffic travels via the one UAG server only.
Apologies for the long post, but I wanted to make sure that I get my thoughts down concisely so that it may help others who come up with the same questionsJ
Thanks for your time everyone
Gary