On Mon, Apr 26, 2010 at 12:48:31PM +0200, Michiel van Es wrote: > > > >> What about outgoing smtp servers for mailing list servers etc? > > > > Can you not put a minimal SMTP service on those servers and make > > configure that service to be aware of multiple mail gateways within your > > datacentre? If your mailing list server is a *nix box, that's trivial. > > I know Postfix and ASSP can route it to several mailservers with a > simple failover scenario.
Then you don't need LVS for outgoing mail, unless some of your mail-generating systems *can't* cope with SMTP failures (e.g. some dumb router or other firmware device). > > > > >> I understood that LVS is capable of showing the source ip to the real > >> servers so there are no problems with the protocol's own resilience > >> features. > > > > I don't see what that has to do with it. The reason why load-balancing > > can cause problems is because when you use LVS to cluster SMTP services > > then multiple hosts appear to the outside world as one host; > > Huh? > The outgoing mailservers will not relay through the LVS load balancer > but directly to the internet (SPF and PTR correctly setup). > That is why the direct routing setup exists right? Ah, we're talking at cross purposes. I was talking about incoming mail. > > external SMTP host has a problem with the particular realserver it > > connects to, it will then back off and not try to connect to any of the > > other realservers (because it thinks there's only one host there). > > There are several ways in which this can delay mail delivery in ways > > which would not happen if you used simple DNS and MX load-balancing, as > > described above. I can talk you through them if you like. > > What is the diffirence between a connection forwarded through the load > balancer to one of the 2 broken mx hosts or a round robin setup where > one of the 2 is broken and stops accepting mails and the mail bounces? > If one of the mailservers is broken, I want to directly disable a host > in the load balancer not through DNS which has a nasty caching TTL... But without LVS all you have to do is shut down the mail service on the host, if the mail system is broken but still accepting tcp connections. This only adds a tiny, tiny delay to mail delivery as remote hosts will fail to connect and move on to the next MX host in the list. If you have two mail hosts and you use DNS/MX to spread the load, if one stops accepting tcp connections then, as I said, the impact is tiny. With LVS load-balancing, on the other hand, external hosts will think there is only one MX host (because that's what you made it look like). If one of the realservers stops accepting connections, then until the bad host is dropped from the load-balancing pool, any external hosts who have the bad luck to be connected to the bad host will simply give up and not try the other - perfectly healthy - host, because they think there only is one host and it's broken. So unless your automatic monitoring is checking the health of your mail hosts every single second (at least) and dropping broken hosts out immediately, you've actually introduced more delays than you would have seen with simple DNS/MX solutions. If one of your mail hosts breaks in a more subtle way, so that it is accepting SMTP connections but then failing to deliver the mail, LVS only gives you extra protection if your automatic monitoring/LVS-maintenance scripts can detect that and drop the realserver out. Otherwise, you're no better off than you were before - in fact, you're very possibly worse off because when you finally realise you have a problem you'll have to investigate all the mail hosts in the cluster (with standalone MX hosts the evidence pointing to the bad host is likely to be clearer). I appreciate you want to develop your LVS skills but I think you'd learn more from using LVS for a service that would benefit from it more. Mixing LVS and SMTP actually makes things more complex, fragile and hard to debug. SMTP is resilient and delays in delivery are an inevitable and accepted part of the system. -- Bruce I must admit that the existence of Disneyland (which I know is real) proves that we are not living in Judea in AD 50. -- Philip K. Dick _______________________________________________ Please read the documentation before posting - it's available at: http://www.linuxvirtualserver.org/ LinuxVirtualServer.org mailing list - lvs-users@LinuxVirtualServer.org Send requests to lvs-users-requ...@linuxvirtualserver.org or go to http://lists.graemef.net/mailman/listinfo/lvs-users
