If you make used of DNS load balancing, the HLB will be used for HTTP/ HTTPS traffic (Pool Web Services).
Using DNS LB has both sites, an advantage and disadvantage.
Positive is, you can scale a HLB much higher if you only use it for HTTP traffic. The HLB can fully be utilized for SSL offloading.
Negative is, you are depending on availability of your DNS infra, as well DNS only works with an unintelligent method of Round Robin. Which means, even is e.g. one FE Server is dead, the DNS still provide the IP of the failed system. Sure, Lync Client is aware of this feature and will use some other Servers as they are available and respond. Other disadvantage is, DNS based load balancing will never consider the real load on a Lync Server. Other is, if you want to make use of PIC, you still need a Load Balancer.
Sum:
It depends all on your feature set, load calculation, the server count and sure your budget ;)
----------------------------
Gateway consideration (keep in mind):
There are differences for internal and external Setup of HLB.
Internal means, all internal Server or Interfaces, e.g. FE, Director, internal Edge Server NIC.
External is the NIC on an Edge Server communicating with the Default Internet Route.
While the Traffic on all internal Interfaces will be controlled by the client/ server itself, the Default Gateway is always the Network Gateway itself, or a dedicated persistent route to all internally involved Server/ Clients. Truly on the EDGE Server internal interface, it must be a persistent route to all involved LYNC Server only!
For Internet Traffic it is different, the HLB needs to control the traffic, so here it means, the HLB must be the Gateway ! (We call this requirement OUTBOUND SNAT)
Next I'm giving three examples (FE fully HLB, FE DNS + HLB Web Services and the EDGE external HLB) configuration:
Front-End Server fully load balanced:
These services must be included:
Service Name | Proto-col | Port | Virtual IP Address | Real Server | Persistence | Scheduling | SNAT | Layer | Notes |
| DCOM | TCP | 135 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | RPC /DCOM based operation |
| SIP | TCP | 5061 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | SIP/ TLS |
| App Share | TCP | 5065 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | Application Sharing |
| QoE | TCP | 5069 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | QoE Agent |
| Conf | TCP | 444 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | Conferencing |
| Web Int | TCP | 443 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | HTTPS internal Web Services |
| Web Ext | TCP | 4443 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | HTTPS external Web Services |
optional Services for Front-End:
Service Name | Proto-col | Port | Virtual IP Address | Real Server | Persistence | Scheduling | SNAT | Layer | Notes |
| WEB | TCP | 80 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | HTTP Root Cert Retrieval for UC Phones & int/ext Web Services |
| CAC | TCP | 448 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | Call Admission Control |
| SIPU | TCP | 5060 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | SIP unsecured |
| MED | TCP | 5067 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | Mediation Server SIP/ TLS |
| MED | TCP | 5068 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | Mediation Server SIP/ TCP |
| MED | TCP | 6070 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | Median Server FE |
| RSG | TCP | 6071 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | Response Groups |
| CAA | TCP | 6072 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | Conferencing Attendant |
| CA | TCP | 6073 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | Conferencing Announcement |
| OV | TCP | 6074 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | Outside Voice Control |
| TCP | 6075 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | ||
| TCP | 6076 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | ||
| TCP | 6080 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | ||
| WEB 8080 | TCP | 8080 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | HTTP external WEbServices |
Front-End Server DNS load balanced, WebServices Hardware load balanced:
| Service Name | Proto-col | Port | Virtual IP Address | Real Server | Persistence | Scheduling | SNAT | Layer | Notes |
| Web Int | TCP | 443 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | HTTPS internal Web Services |
| Web Ext | TCP | 4443 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | HTTPS external Web Services |
Edge Server fully load balanced (with out RevProxy):
Edge Server external Interface:
Service Name | Protocol | Port | Virtual IP Address | Real Server | Persistence | Scheduling | SNAT | Layer | Notes |
| SIP Access | TCP | 5061 | Pool IP | Server IP | Source IP | Least Connection | NO | L7 | SIP/ TLS |
| Remote Access | TCP | 443 | Pool IP | Server IP | Source IP | Least Connection | NO | L7 | Remote User |
| Conf | TCP | 443 | Pool IP | Server IP | Source IP | Least Connection | NO | L7 | Conferencing |
| AV TCP | TCP | 443 | Pool IP | Server IP | Source IP | Least Connection | NO | L7 | Fallback port TCP A/V, Sharing & File |
| AV UDP | UDP | 3479 | Pool IP | Server IP | Source IP | Least Connection | NO | L4 | Audio/ Video |
Edge Server external Interface optional:
Service Name | Protocol | Port | Virtual IP Address | Real Server | Persistence | Scheduling | SNAT | Layer | Notes |
| AV TCP High | TCP | 50.000-59.999 | Pool IP | Server IP | Source IP | Least Connection | NO | L7 | Fallback port Audio/Video High port Range. Desktop Sharing / CWA |
| AV UDP High | UDP | 50.000-59.999 | Pool IP | Server IP | Source IP | Least Connection | NO | L4 | Audio/Video High port Range. Federation/Remot e Users |
Edge Server internal Interface:
| Service Name | Protocol | Port | Virtual IP Address | Real Server | Persistence | Scheduling | SNAT | Layer | Notes |
| SIP | TCP | 5061 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | SIP/ TLS |
| Auth | TCP | 5062 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | A/V Authentication |
| HTTP | TCP | 443 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | TCP Audio, Video, Sharing & Files |
| CONF | UDP | 3478 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | Audio/ Video |
Director Server internal Interface:
Service Name | Protocol | Port | Virtual IP Address | Real Server | Persistence | Scheduling | SNAT | Layer | Notes |
| SIP | TCP | 5061 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | SIP/ TLS |
| SIPU | TCP | 5060 | Pool IP | Server IP | Source IP | Least Connection | Yes | L7 | SIP unsecured |
------------
General Statement MSFT Planning for external User Access:
The Lync Server 2010 scaled consolidated Edge topology is optimized for DNS load balancing for new deployments federating primarily with other organizations using Lync Server 2010. If high availability is required for any of the following scenarios, a hardware load balancer must be used for the following:
- Federation with organizations using Office Communications Server 2007 R2 or Office Communications Server 2007
- Exchange UM for remote users
- Connectivity to public IM users
You cannot use DNS load balancing on one interface and hardware load balancing on another. You must use hardware load balancing on both interfaces or DNS load balancing for both. A combination is not supported.
Regardless of whether you use hardware load balancing for your Edge Server pool, you will need a hardware load balancer if there are two or more reverse proxy servers deployed.