- BlackBerry® Enterprise Server 4.0 to 5.0 SP3
- Proxy server
- Load balancer
The current BlackBerry® Infrastructure for Server Routing Protocol (SRP) connections is configured such that there are two different entry points, each with its own Internet Protocol (IP) address. Both IP addresses are returned in a round robin of Domain Name System (DNS). Under certain fail over conditions one node may be up if the other is down. Each IP may, also, still be routed to its respective site/s, while DNS still presents the IP addresses of both sites. To work with this model, the BlackBerry® Enterprise Server is designed in such a way where it is aware of the multiple SRP sites. If a TCP connection to one site fails, the BlackBerry Enterprise Server is designed to try the next site.
When the BlackBerry Enterprise Server connects to the BlackBerry Infrastructure through a proxy or load balancer by specifying the proxy/load balancer name in the BlackBerry Router configuration tab and the proxy/load balancer appliance is configured to forward to the DNS name of the BlackBerry infrastructure (srp.na.blackberry.net, srp.us.blackberry.com, etc.), the BlackBerry Enterprise Server will not be aware of both BlackBerry Infrastructure entry points. Because the BlackBerry Enterprise Server will not have awareness of both Infrastructure sites, successfully establishing the SRP connection to the 'up' site will be limited to the probability of the proxy/load balancer receiving the up IP first in order from DNS. Therefore, an extended outage of BlackBerry Enterprise Server services may be observed and fail over of SRP entry points.
In the above configuration, the BlackBerry Enterprise Server will be aware of a successful or failed SRP connection and continue accordingly; however, the BlackBerry Enterprise Server will not have any awareness of multiple SRP hosts and it will be limited by DNS. In addition it is common that queries to DNS cache on multiple proxy appliances do not round robin, thus causing a high probability of extended outages when one SRP entry point is not available.
Configuration Example 1
- Create two A records with very low Time to Live (approximately 10 seconds or so) of the same name on the DNS server (of the local domain) used by the proxy. Resolve these to the current IPs of the SRP infrastructure.
Using nslookup on us.srp.blackberry.com, IP addresses 126.96.36.199 and 188.8.131.52 are returned.
In the local domain create:
srp IN A 184.108.40.206
srp IN A 220.127.116.11
- Alter the forwarding rules on the proxy to direct traffic to this DNS name.
Note: This example uses us.srp.blackberry.com. To determine the SRP address assigned to the country in which the BlackBerry Enterprise is located, use the SRP Addresses lookup tool located on the BlackBerry website. For a listing of specific IP Addresses for each region use KB03735
Configuration Example 2
- Configure the proxy such that there are two IP entry points (apply this to two physically different proxies, or virtual hosts).
- Configure internal DNS (accessible to the BlackBerry Enterprise Server) with two A records and low Time to Live (approximately 10 seconds or so) that resolve one name to both IP entry points of the proxy.
- Configure the proxy such that connections to IP entry point 1 are forwarded to 18.104.22.168 on Transmission Control Protocol (TCP) port 3101.
- Configure the proxy such that connections to IP entry point 2 are forwarded to 22.214.171.124 on TCP port 3101.
- Configure the BlackBerry Router to connect to the DNS name created in step 2 by opening the BlackBerry Server Configuration tool, select the BlackBerry Router tab, type the DNS name created into the SRP address field.
- Create the RandomizeDNSResult registry key to enable better awareness of multiple proxy IPs by the BlackBerry Router. By performing the following:
- On your computer, go to Start > Run. Type regedit, and click OK.
- Go to HKEY_LOCAL_MACHINE\Software\Research In Motion\BlackBerryRouter .
- Click Edit > New > DWORD Value and type RandomizeDNSResult for the DWORD name.
- Click on the new DWORD and enter 1 .
Note: Creating proxy forwards using forwarding mode instead, of using proxy mode (non-transparent) integrates better with the BlackBerry Enterprise Server and SRP infrastructure connection.
Note: This example uses us.srp.blackberry.com as an example. To determine the SRP address assigned to the country in which the BlackBerry Enterprise is located, use the SRP Addresses lookup tool located on the BlackBerry website. For a listing of specific IP Addresses for each region use KB03735
For more information on firewall and connection requirements for the BlackBerry Enterprise Server, see KB03735.
By downloading, accessing or otherwise using the Knowledge Base documents you agree:
(b) not to copy, distribute, disclose or reproduce, in full or in part any of the documents without the express written consent of RIM.
Visit the BlackBerry Technical Solution Center at www.blackberry.com/btsc.