Recommended configuration for SRP connections through a proxy

Article ID: KB19236

Type: Support Content

Last Modified: 08-26-2014

 

Product(s) Affected:

  • BlackBerry Enterprise Server for Microsoft Exchange
  • BlackBerry Enterprise Server for IBM Domino
  • BlackBerry Enterprise Server for Novell GroupWise
CollapseEnvironment
  • BlackBerry Enterprise Server 4.0 to 5.0 SP3
  • Proxy server
  • Load balancer
CollapseOverview

The current BlackBerry Infrastructure for Server Routing Protocol (SRP) connections is configured such that there are two different entry points, each with its own Internet Protocol (IP) address. Both IP addresses are returned in a round robin of Domain Name System (DNS). Under certain fail over conditions one node may be up if the other is down. Each IP may, also, still be routed to its respective site/s, while DNS still presents the IP addresses of both sites. To work with this model, the BlackBerry Enterprise Server is designed in such a way where it is aware of the multiple SRP sites. If a TCP connection to one site fails, the BlackBerry Enterprise Server is designed to try the next site.

When the BlackBerry Enterprise Server connects to the BlackBerry Infrastructure through a proxy or load balancer by specifying the proxy/load balancer name in the BlackBerry Router configuration tab and the proxy/load balancer appliance is configured to forward to the DNS name of the BlackBerry infrastructure (srp.na.blackberry.net, srp.us.blackberry.com, etc.), the BlackBerry Enterprise Server will not be aware of both BlackBerry Infrastructure entry points.  Because the BlackBerry Enterprise Server will not have awareness of both Infrastructure sites, successfully establishing the SRP connection to the 'up' site will be limited to the probability of the proxy/load balancer receiving the up IP first in order from DNS.  Therefore, an extended outage of BlackBerry Enterprise Server services may be observed and fail over of SRP entry points.

CollapseCause

In the above configuration, the BlackBerry Enterprise Server will be aware of a successful or failed SRP connection and continue accordingly;  however, the BlackBerry Enterprise Server will not have any awareness of multiple SRP hosts and it will be limited by DNS.  In addition it is common that queries to DNS cache on multiple proxy appliances do not round robin, thus causing a high probability of extended outages when one SRP entry point is not available.

CollapseResolution

Configuration Example 1

  1. Create two A records with very low Time to Live (approximately 10 seconds or so) of the same name on the DNS server (of the local domain) used by the proxy.  Resolve these to the current IPs of the SRP infrastructure.

    Example:

    Using nslookup on us.srp.blackberry.com,  IP addresses 68.171.242.33 and 216.9.242.33 are returned.

    In the local domain create:

    srp IN A 68.171.242.33
    srp IN A 216.9.242.33

  2. Alter the forwarding rules on the proxy to direct traffic to this DNS name.


Note: This example uses us.srp.blackberry.com.  To determine the SRP address assigned to the country in which the BlackBerry Enterprise is located, use the SRP Addresses lookup tool located on the BlackBerry website.  For a listing of specific IP Addresses for each region use KB03735


Configuration Example 2

Example:

  1. Configure the proxy such that there are two IP entry points (apply this to two physically different proxies, or virtual hosts).
  2. Configure internal DNS (accessible to the BlackBerry Enterprise Server) with two A records and low Time to Live (approximately 10 seconds or so) that resolve one name to both IP entry points of the proxy.
  3. Configure the proxy such that connections to IP entry point 1 are forwarded to 68.171.242.33 on Transmission Control Protocol (TCP) port 3101
  4. Configure the proxy such that connections to IP entry point 2 are forwarded to 216.9.242.33 on TCP port 3101.
  5. Configure the BlackBerry Router to connect to the DNS name created in step 2 by opening the BlackBerry Server Configuration tool, select the BlackBerry Router tab, type the DNS name created into the SRP address field.
  6. Create the RandomizeDNSResult registry key to enable better awareness of multiple proxy IPs by the BlackBerry Router. By performing the following:
    1. On your computer, go to Start > Run. Type regedit, and click OK.
    2. Go to HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerryRouter .
    3. Click Edit > New > DWORD Value and type RandomizeDNSResult for the DWORD name.
    4. Click on the new DWORD and enter 1 .  

Note: Creating proxy forwards using forwarding mode instead, of using proxy mode (non-transparent) integrates better with the BlackBerry Enterprise Server and SRP infrastructure connection.

Note: This example uses us.srp.blackberry.com as an example.  To determine the SRP address assigned to the country in which the BlackBerry Enterprise is located, use the SRP Addresses lookup tool located on the BlackBerry website.  For a listing of specific IP Addresses for each region use KB03735

CollapseAdditional Information

For more information on firewall and connection requirements for the BlackBerry Enterprise Server, see KB03735.

Disclaimer

By downloading, accessing or otherwise using the Knowledge Base documents you agree:

   (a) that the terms of use for the documents found at www.blackberry.com/legal/knowledgebase apply to your use or reference to these documents; and

   (b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.


Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.