Here at we have recently started the certification process of our product with Microsoft Office Communications Server (OCS). We already have several customers doing this with our units in Direct Routing mode but with the new - ENTERPRISE v6.8 you can do it with the Microsoft recommended SNAT mode. So how can you do this yourself for free with the open source load balancer HAProxy? Read on...

Or if you already have a load balancer from try  this page: Load balancing Microsoft OCS (Office Communications Server)

Right, couple of points first:

  1. I'm assuming that you have installed at least version 1.4.1 of HAProxy, plenty of blogs to show you how to do that around...
  2. You have already installed at least a pair of Microsoft OCS servers and know roughly what you want to achieve

The following ports need to be Load Balanced:

Ports Required

5060 : SIP communication over TCP.
5061 : SIP communication over TLS.
135 : To move users from a pool and other remote DCOM-based operations.
443 : HTTPS traffic to the pool URLs.
444 : Communication between the focus (Office Communications Server 2007 R2 component that manages conference state) and the conferencing servers.
5065 : SIP listening requests for Application Sharing.
5069 : Monitoring Server.
5071 : SIP listening requests for Response Group Service.
5072 : SIP listening requests for Conferencing Attendant.
5073 : SIP listening requests for Conferencing Announcement Server.
5074 : SIP listening requests for Outside Voice Control.
8404 : TLS (remoting over MTLS) listening for inter-server communications for Response Group Service.

So lets jump right to the configuration file (I will explain the important bits in a minute):

# HAProxy configuration file generated by load balancer appliance
#uid 99
#gid 99
stats socket /var/run/haproxy.stat mode 600 level admin
log /dev/log local4
maxconn 40000
ulimit-n 81000
pidfile /var/run/
log global
mode	http
contimeout	4000
clitimeout	1800000
srvtimeout	1800000
balance	roundrobin

mode	tcp
option	persist
balance leastconn
stick-table type ip size 10240k expire 30m
stick on src
server OCS_Node1 weight 1 check port 5061 inter 2000 rise 2 fall 3
server OCS_Node2 weight 1 check port 5061 inter 2000 rise 2 fall 3
server	backup backup
option redispatch
option abortonclose
maxconn 40000
log global
listen	stats :7777
stats	enable
stats	uri /
option	httpclose
stats	auth loadbalancer:loadbalancer

The important bits are:

The new source IP table sticky functionality (expire after 30mins inactivity):

stick-table type ip size 10240k expire 30m
stick on src

Listen to every single required port on the same front end:


Send to your backends but DON'T SPECIFY A destination port (i.e. use the original destination port)

server OCS_Node1 weight 1 check port 5061

Set a 30 minute timeout for long TCP connections (required for SIP):

clitimeout	1800000
srvtimeout	1800000

And try to balance fairly evenly even though we have 30mins persistence set:

balance leastconn

Simple isn't it....?

Any comments welcome,
Can this be split down into more than one cluster?