Unlike previous versions of Exchange, Exchange 2013 no longer requires session affinity at the load balancing layer.
To understand this statement better, and see how this impacts your designs, we need to look at how CAS2013 functions. From a protocol perspective, the following will happen:
- A client resolves the namespace to a load balanced virtual IP address.
- The load balancer assigns the session to a CAS member in the load balanced pool.
- CAS authenticates the request and performs a service discovery by accessing Active Directory to retrieve the following information:
- Mailbox version (for this discussion, we will assume an Exchange 2013 mailbox)
- Mailbox location information (e.g., database information, ExternalURL values, etc.)
- CAS makes a decision on whether to proxy the request or redirect the request to another CAS infrastructure (within the same forest).
- CAS queries an Active Manager instance that is responsible for the database to determine which Mailbox server is hosting the active copy.
- CAS proxies the request to the Mailbox server hosting the active copy.
Step 5 is the fundamental change that enables the removal of session affinity at the load balancer. For a given protocol session, CAS now maintains a 1:1 relationship with the Mailbox server hosting the user’s data. In the event that the active database copy is moved to a different Mailbox server, CAS closes the sessions to the previous server and establishes sessions to the new server. This means that all sessions, regardless of their origination point (i.e., CAS members in the load balanced array), end up at the same place, the Mailbox server hosting the active database copy.This is vastly different from previous releases – in Exchange 2010, if all requests from a specific client did not go to the same endpoint, the user experience was negatively affected.
The protocol used in step 6 depends on the protocol used to connect to CAS. If the client leverages the HTTP protocol, then the protocol used between the Client Access server and Mailbox server is HTTP (secured via SSL using a self-signed certificate). If the protocol leveraged by the client is IMAP or POP, then the protocol used between the Client Access server and Mailbox server is IMAP or POP.
Telephony requests are unique, however. Instead of proxying the request at step 6, CAS will redirect the request to the Mailbox server hosting the active copy of the user’s database, as the telephony devices support redirection and need to establish their SIP and RTP sessions directly with the Unified Messaging components on the Mailbox server.
Figure 1: Exchange 2013 Client Access Protocol Architecture
However, there is a concern with this architectural change. Since session affinity is not used by the load balancer, this means that the load balancer has no knowledge of the target URL or request content. All the load balancer uses is layer 4 information, the IP address and the protocol/port (TCP 443):
Taken from the site of Thanks Team Blog