7 Days of KB Articles ... Part 4 of 7 (SRP connections through a proxy)
Posted 08-21-2009 at 04:00 AM by hdawg
Tags kb19236, proxy 3101, proxy srp
This is actually an awesome KB article. It mostly only applies to people using the NA NOC ... but still a good read. Frankly, I never tell anyone to use a proxy for BES SRP connectivity (mostly because it adds another layer of complexity to something that people already don't usually understand) ... but if you're using / need to proxy SRP connections, here are two supportable ways to do it:
KB19236 - Recommended configuration for SRP connections through a proxy <!-- message -->
Environment
<content>
<hr class="section">
Overview
<content> The current BlackBerry® Infrastructure for Server Routing Protocol (SRP) connections is configured such that there are two different sites in North America, each with its own Internet Protocol (IP) address. Both IP addresses are returned in a round robin of Domain Name System (DNS). Under certain fail over conditions one node may be up if the other is down. Each IP may, also, still be routed to its respective site, while DNS still presents the IP addresses of both sites. To work with this model, the BlackBerry Enterprise Server is designed such that it can be aware of the multiple SRP sites. If a connection to one site fails, the BlackBerry Enterprise Server is designed to try the next site.
If the BlackBerry Enterprise Server connects to the BlackBerry Infrastructure through a proxy by specifying the proxy name in the BlackBerry Router configuration tab and configures the proxy forward to the DNS name of the BlackBerry infrastructure (srp.na.blackberry.net, srp.us.blackberry.net), the BlackBerry Enterprise Server will not be aware of both BlackBerry Infrastructure sites. Because the BlackBerry Enterprise Server will not have awareness of both Infrastructure sites, connecting the SRP to the 'up' site will be limited to the function of round robin DNS. Therefore, an extended outage of BlackBerry services may be observed and fail over will be dependant on which order the proxy receives the hosts from DNS.
</content>
<hr class="section">
Cause
<content> In the above configuration, the BlackBerry Enterprise Server will be aware of a successful or failed SRP connection and continue accordingly; however, the BlackBerry Enterprise Server will not have any awareness of multiple SRP hosts and it will be limited by DNS.
</content>
<hr class="section">
Resolution
<content> Configuration Option 1
<hr class="section">
Additional Information
For more information on firewall and connection requirements for the BlackBerry Enterprise Server, see KB03735.
KB19236 - Recommended configuration for SRP connections through a proxy <!-- message -->
Environment
<content>
- BlackBerry® Enterprise Server versions 4.0, 4.1 and 5.0
- Proxy server
<hr class="section">
Overview
<content> The current BlackBerry® Infrastructure for Server Routing Protocol (SRP) connections is configured such that there are two different sites in North America, each with its own Internet Protocol (IP) address. Both IP addresses are returned in a round robin of Domain Name System (DNS). Under certain fail over conditions one node may be up if the other is down. Each IP may, also, still be routed to its respective site, while DNS still presents the IP addresses of both sites. To work with this model, the BlackBerry Enterprise Server is designed such that it can be aware of the multiple SRP sites. If a connection to one site fails, the BlackBerry Enterprise Server is designed to try the next site.
If the BlackBerry Enterprise Server connects to the BlackBerry Infrastructure through a proxy by specifying the proxy name in the BlackBerry Router configuration tab and configures the proxy forward to the DNS name of the BlackBerry infrastructure (srp.na.blackberry.net, srp.us.blackberry.net), the BlackBerry Enterprise Server will not be aware of both BlackBerry Infrastructure sites. Because the BlackBerry Enterprise Server will not have awareness of both Infrastructure sites, connecting the SRP to the 'up' site will be limited to the function of round robin DNS. Therefore, an extended outage of BlackBerry services may be observed and fail over will be dependant on which order the proxy receives the hosts from DNS.
</content>
<hr class="section">
Cause
<content> In the above configuration, the BlackBerry Enterprise Server will be aware of a successful or failed SRP connection and continue accordingly; however, the BlackBerry Enterprise Server will not have any awareness of multiple SRP hosts and it will be limited by DNS.
</content>
<hr class="section">
Resolution
<content> Configuration Option 1
- Create two A records with very low Time to Live (approximately 10 seconds or so) on the same name on the DNS server (in your local domain) used by the proxy. Resolve these to the current IPs of the SRP infrastructure. Example:
Using nslookup of srp.us.blackberry.net, you can see IP addresses of 206.51.26.33 and 204.187.87.33
In the domain local create:srp IN A 206.51.26.33
srp IN A 204.187.87.33
- Alter the forwarding rules on the proxy to direct traffic to this DNS name.
- Configure the proxy such that there are two IP entry points (apply this to two physically different proxies, or virtual hosts).
- Configure internal DNS (accessible to the BlackBerry Enterprise Server) with two A records and low Time to Live (approximately 10 seconds or so) that resolve one name to both IP entry points of the proxy.
- Configure the proxy such that connections to IP entry point 1 are forwarded to 206.51.26.33 on Transmission Control Protocol (TCP) port 3101.
- Configure the proxy such that connections to IP entry point 2 are forwarded to 204.187.87.33 on TCP port 3101.
- Configure the BlackBerry Router to connect to the DNS name created in step 2 by opening the BlackBerry Server Configuration tool, select the BlackBerry Router tab, type the DNS name created under the SRP address. Note: Creating proxy forwards using forwarding mode instead, of using proxy mode (non-transparent) integrates better with the BlackBerry Enterprise Server and SRP infrastructure connection.
<hr class="section">
Additional Information
For more information on firewall and connection requirements for the BlackBerry Enterprise Server, see KB03735.
Total Comments 0
