Ah, that's very useful information. Thank you for taking time to draw out the diagram and explain so well, really appreciate it.
Haproxy is pretty new to me so I ddn't realise you could do this direction to backend from frontend acl.. I've already done comprehensive tests with cookies, stick tables and so on, just missed that fairly obvious "routing" option. Forgive my ignorance! Thanks again andy -----Original Message----- From: Holger Just [mailto:[email protected]] Sent: 04 June 2015 21:29 To: Franks Andy (IT Technical Architecture Manager) Cc: HAProxy Subject: Re: Choosing servers based on IP address Hi Andy, Please always CC the mailing list so that others can help you too and can learn from the discussion. Franks Andy (IT Technical Architecture Manager) wrote: > Hi Holger, > Sorry, I will elaborate a bit more! > We are going to implement Microsoft exchange server 2010 (sp3) over > two AD sites. At the moment we have two servers, one at each site. > With a two site AD implementation with out-of-the-box settings, even > if the two sites are connected via a decent link, clients from site A > are not permitted to use the interface to the database (the CAS) at > site B to get to the database at site A, unless the whole site is down. > I would like to have 2 load balancing solutions - one at each site > with a primary connection to the server at same site, but then a > failover if that server goes down. > That's all fine, but it would be ideal if we had a load balancing > solution that could take connections from site A and route them to the > server at site B in normal situations too with some logic that said > "If client is from IP x.x.x.x, then always use server B" rather than > A/B depending on the hard coded weight. > It would open up lots more DR recovery potential for a multiple site > like this. Thinking about it, I can't really understand why it's not > done more - redirecting based on where something is coming from.. You > could redirect DMZ traffic one way and ordinary another without > complicated routing. > Am I missing a trick? > Thanks > Andy If I understood you right, you have two sites, each with an Exchange server and some clients. You normally want the clients on Site A to only connect to EXCH-A (exchange server at Site A). However, if the server is down, you want toe clients on Site A to connect to the exchange server on Site B instead. SITE A | SITE B --------------------------+-------------------------------- | Client-1A ---, | ,--- Client-2A \ | / Client-1B -- HAPROXY -----+---- HAPROXY -- Client-2B / \\ | // \ Client-1C ---' EXCH-A | EXCH-B `--- Client-2C | This is easily possible with a backend section where one server is designated as a backup server which will thus only used if all non-backup-servers are down: backend SMTP-A server exch-a 10.1.0.1:25 check server exch-b 10.2.0.1:25 check backup With this config, the primary server (exch-a) is used for all connections. If it is down, the backup server exch-b is used until exch-a is up again. Now, in order to route clients from Site B to their own exchange, even if they arrive on the HAproxy from Site A, you can define an additional backend with flipped roles: backend SMTP-B server exch-a 10.1.0.1:25 check backup server exch-b 10.2.0.1:25 check you can then route requests in the frontend to the appropriate backend based on the source IP: frontend smtp bind :25 acl from-site-a src 10.1.0.0/16 acl from-site-b src 10.2.0.0/16 use_backend SMTP-A if from-site-a use_backend SMTP-B if from-site-b default_backend SMTP-A I hope, this is clear. Please read the configuration manual regarding additional server options which can affect stickiness and handling of existing sessions on failover: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2 Regards, Holger
