REF: Planning Exchange 2010 DAG - Part 4 - Network Planning


還需要E2K7 CCR 的CMS name 嗎?


DAG Name and IP Address Requirements

During creation, each DAG is given a unique name, and either assigned one or more static IP addresses, or configured to use DHCP. Regardless of whether you use static or dynamically-assigned addresses, any IP address assigned to the DAG must be on the MAPI network.

Each DAG requires a minimum of one IP address on the MAPI network. A DAG requires additional IP addresses when the MAPI network is extended across multiple subnets. The following figure illustrates a DAG where all nodes in the DAG have the MAPI network on the same subnet.


Although the cluster's IP address and network name are used internally by the system, there is no hard dependency in Exchange 2010 that these resources be available. Even if the underlying cluster's IP Address and Network Name resources are offline, internal communication still occurs within the DAG by using the DAG member's server names. However, we recommend that you periodically monitor the availability of these resources to ensure that they aren't offline for more than 30 days. If the underlying cluster is offline for more than 30 days, the cluster CNO account may be invalidated by the garbage collection mechanism in Active Directory.

 

Network Planning

In addition to the specific networking requirements that must be met for each DAG, as well as for each server that's a member of a DAG, there are some requirements and recommendations that are specific to site resilience configurations. As with all DAGs, whether the DAG members are deployed in a single site or in multiple sites, the round-trip return network latency between DAG members DAG must be no greater than 250 milliseconds (ms). In addition, there are specific configuration settings that are recommended for DAGs that are extended across multiple sites:

  • MAPI networks should be isolated from Replication networks Windows network policies, Windows firewall policies or router access control lists (ACLs) should be used to block traffic between the MAPI network and the Replication network(s). This configuration is necessary to prevent network heartbeat cross-talk.
  • Client-facing DNS records should have a Time to Live (TTL) of 5 minutes The amount of downtime that clients experience is dependent not just on how quickly a switchover can occur, but also on how quickly DNS replication occurs and how quickly the clients query for updated DNS information. DNS records for all Exchange client services, including Outlook Web App, Exchange ActiveSync, Exchange Web services, Outlook Anywhere, SMTP, POP3, IMAP4, and RPC Client Access in both the internal and external DNS servers should be set with a TTL of 5 minutes.
  • Use static routes to configure connectivity across Replication networks To provide network connectivity between each of the Replication network adapters, use persistent static routes. This is a quick and one-time configuration that is performed on each DAG member when using static IP addresses. If you are using DHCP to obtain IP addresses for your Replication networks, you can also use it to assign static routes for the Replication, thereby simplifying the configuration process.

 

Blog Extended Reading


More Information & Reference

1. Planning for High Availability and Site Resilience

image

Comments

  1. MAPI networks should be isolated from Replication networks - How can we achieve this using Windows Firewall Policy? Any assistance or link on this please....

    ReplyDelete

Post a Comment

Popular posts from this blog

E15 CU3–Update Failed–AD replicated Exceeded the tombstone lifetime.

202301 - Exchange onpreme - PowerShell Serialization Payload Signing

Ticket: RemoteAPP certificate revocation check error