Re: question about transparancy
On 22-4-2010 20:28, Michiel van Es wrote: Yes That is the default smtp failover setup but I want to balance the load via a load balancer setup Mx records can not balance load If you have 2 mx records with the same priority, your load should be balanced.. Or you could have a single mx record pointing to a hostname which has 2 A records.. DNS round robin will take care of the balancing. That is why there are almost no smtp balancers, because it is not needed. In the 1980's they already designed smtp for balancing and failover. For other protocols this was not so easy, that's why people wrote http balancers :) -- With kind regards, Angelo Höngens systems administrator MCSE on Windows 2003 MCSE on Windows 2000 MS Small Business Specialist -- NetMatch tourism internet software solutions Ringbaan Oost 2b 5013 CA Tilburg +31 (0)13 5811088 +31 (0)13 5821239 a.hong...@netmatch.nl www.netmatch.nl --
Re: question about transparancy
Angelo Höngens wrote: On 22-4-2010 20:28, Michiel van Es wrote: Yes That is the default smtp failover setup but I want to balance the load via a load balancer setup Mx records can not balance load If you have 2 mx records with the same priority, your load should be balanced.. Or you could have a single mx record pointing to a hostname which has 2 A records.. DNS round robin will take care of the balancing. That is why there are almost no smtp balancers, because it is not needed. In the 1980's they already designed smtp for balancing and failover. For other protocols this was not so easy, that's why people wrote http balancers :) Yes I understand, but what about settings features as weight or doe advanced load balancing? What is one of the mailservers are broken and you want to take it offline. With a normal TTL in dns it can take 1 or 2 days before other mailservers know it should not send a mail to that server and use the other. I like load balancers because they can let you decide how traffic must flow. I am trying now LVS on my HAproxy load balancer but can not get it working with just 1 public ip-adres (it is a vps). I am buying a 2nd ip to use as vip for LVS..perhaps that works. Kind Regards, Michiel
Re: question about transparancy
On 23-4-2010 11:19, Michiel van Es wrote: Angelo Höngens wrote: On 22-4-2010 20:28, Michiel van Es wrote: Yes That is the default smtp failover setup but I want to balance the load via a load balancer setup Mx records can not balance load If you have 2 mx records with the same priority, your load should be balanced.. Or you could have a single mx record pointing to a hostname which has 2 A records.. DNS round robin will take care of the balancing. That is why there are almost no smtp balancers, because it is not needed. In the 1980's they already designed smtp for balancing and failover. For other protocols this was not so easy, that's why people wrote http balancers :) Yes I understand, but what about settings features as weight or doe advanced load balancing? You can't do advanced balancing, true.. If you *must* have weight, you could go for the host records approach. Make 1 MX record pointing to mx-in.example.com, and create three host records: mx-in - x.x.x.1, mx-in - x.x.x.1, mx-in - x.x.x.2. This way, server 1 gets around 66% of the sessions, and server 2 gets around 33% of the sessions. What is one of the mailservers are broken and you want to take it offline. With a normal TTL in dns it can take 1 or 2 days before other mailservers know it should not send a mail to that server and use the other. I like load balancers because they can let you decide how traffic must flow. No problem if you use the MX way, just take the server offline, no need to change dns.. Remote mail servers will just try one mail server, and if it's down, they will use the other, failover is built into the way smtp and dns work together. I'm not saying you should not do what you are doing. If you really want to use your own balancer, and you feel better doing that, then by all means please do. What's I'm saying is that people have been balancing smtp servers for 30 years using the ways they though of in the 80's, and since that works for most organisations, it might work for you. KISS. Don't look blindly at the tools you're using, but choose the tools you need based on the goal you're trying to reach. Ah, who am I kidding, I'm just an IT-nerd wanting to play with cool balancers as well.. -- With kind regards, Angelo Höngens systems administrator MCSE on Windows 2003 MCSE on Windows 2000 MS Small Business Specialist -- NetMatch tourism internet software solutions Ringbaan Oost 2b 5013 CA Tilburg +31 (0)13 5811088 +31 (0)13 5821239 a.hong...@netmatch.nl www.netmatch.nl --
Re: question about transparancy
On Fri, Apr 23, 2010 at 11:36:12AM +0200, Michiel van Es wrote: Don't look blindly at the tools you're using, but choose the tools you need based on the goal you're trying to reach. Ah, who am I kidding, I'm just an IT-nerd wanting to play with cool balancers as well.. That is the whole idea ;) I know DNS load balancing works (I have it up running right now) but I want to do load balancing with a load balancer..I want to have a setup which is flexible and a blueprint for let say: a 500+ mailserver setup with very heavy load (think Google or Hotmail). you will probably never be able to achieve that type of load through a single load balancer (even less on a VPS). So you *will* need to use DNS RR anyway. For SMTP, a load balancer will only bring a bit more control and reactivity. But if you're trying to install that on a VPS where precisely it's harder to route/spoof IP addresses, I really doubt you'll gain anything. Willy
Re: question about transparancy
I read this archive from 2008: http://www.formilux.org/archives/haproxy/0801/0507.html But the problem is that I can not recompile the kernel :( Isn't there any other way like the x-forward-for header to make this work? Kind regards, Michiel On 4/22/10 5:55 PM, Michiel van Es wrote: Hi, I am running 2 mailservers with ASSP as a spam proxy. I use haproxy to load balance between the 2 mailservers. The problem is that the spam filter is seeing every connection coming from the load balancer and not the originating ip. Do you know how I make the connections from my HAproxy load balancer to my 2 mailservers transparent? Kind regards, Michiel
Re: question about transparancy
Michiel van Es wrote: I read this archive from 2008: http://www.formilux.org/archives/haproxy/0801/0507.html But the problem is that I can not recompile the kernel :( Isn't there any other way like the x-forward-for header to make this work? As this runs on layer 4 headers can not be inserted. If you wish to be able to see the originating IP addresses you will probably want to use LVS loadbalancing. Chris
Re: question about transparancy
On 4/22/10 6:03 PM, Chris Sarginson wrote: Michiel van Es wrote: I read this archive from 2008: http://www.formilux.org/archives/haproxy/0801/0507.html But the problem is that I can not recompile the kernel :( Isn't there any other way like the x-forward-for header to make this work? As this runs on layer 4 headers can not be inserted. If you wish to be able to see the originating IP addresses you will probably want to use LVS loadbalancing. Hmmm..that is too bad..then I have to work out a new LVS setup after I finally got HAproxy up running :( Why isn't it possible with smtp but it is working with http? Chris Michiel
RE: question about transparancy
-Message d'origine- De : Michiel van Es [mailto:m...@pcintelligence.nl] Envoyé : jeudi 22 avril 2010 18:11 À : Chris Sarginson Cc : haproxy@formilux.org Objet : Re: question about transparancy On 4/22/10 6:03 PM, Chris Sarginson wrote: Michiel van Es wrote: I read this archive from 2008: http://www.formilux.org/archives/haproxy/0801/0507.html But the problem is that I can not recompile the kernel :( Isn't there any other way like the x-forward-for header to make this work? As this runs on layer 4 headers can not be inserted. If you wish to be able to see the originating IP addresses you will probably want to use LVS loadbalancing. Hmmm..that is too bad..then I have to work out a new LVS setup after I finally got HAproxy up running :( Why isn't it possible with smtp but it is working with http? Chris Michiel Hello, I think what you are looking for is XCLIENT support, which is described here : http://www.postfix.org/XCLIENT_README.html The support for this in haproxy has already been discussed on this ml (see for ex. : http://www.mail-archive.com/haproxy@formilux.org/msg00482.html) but I can't confirm if this has finally been implemented or not (I doubt it as there does not seem to be anything about it in the latest documentation). Emmanuel
Re: question about transparancy
Hi, Why dont you use 2 MX record with the same weight All email will come in to youre 2 servers. Just my 2¢ Bye Michiel van Es a écrit : Hi, I am running 2 mailservers with ASSP as a spam proxy. I use haproxy to load balance between the 2 mailservers. The problem is that the spam filter is seeing every connection coming from the load balancer and not the originating ip. Do you know how I make the connections from my HAproxy load balancer to my 2 mailservers transparent? Kind regards, Michiel -- Guillaume Bourque, B.Sc., consultant, infrastructures technologiques libres ! 514 576-7638
Re: question about transparancy
Yes That is the default smtp failover setup but I want to balance the load via a load balancer setup Mx records can not balance load Regards Michiel van Es Op 22 apr 2010 om 19:06 heeft Guillaume Bourque guillaume.bour...@gmail.com het volgende geschreven:\ Hi, Why dont you use 2 MX record with the same weight All email will come in to youre 2 servers. Just my 2¢ Bye Michiel van Es a écrit : Hi, I am running 2 mailservers with ASSP as a spam proxy. I use haproxy to load balance between the 2 mailservers. The problem is that the spam filter is seeing every connection coming from the load balancer and not the originating ip. Do you know how I make the connections from my HAproxy load balancer to my 2 mailservers transparent? Kind regards, Michiel -- Guillaume Bourque, B.Sc., consultant, infrastructures technologiques libres ! 514 576-7638
Re: question about transparancy
Hmm, I found out that it is not supported for mode tcp: Starting HAproxy: [WARNING] 111/213701 (5089) : config : 'option forwardfor' ignored for proxy 'load_balanced_smtp' as it requires HTTP mode. [ OK ] Is this possible for the mode tcp and smtp and Haproxy? Michiel On 4/22/10 9:34 PM, Michiel van Es wrote: I am running ASSP on the mailservers, since 1.6.2 ASSP understands headres like x-forward-for : - Text to Identify Originating IP Header* (OriginatingIP) If ASSP runs behind another server(s), no IP/HELO based filter will work. If a special header with the originating IP is inserted from the frontend serber ASSP will use the originating IP to perform IP and HELO checks. For example: X-Forwarded-For|X-Originating-IP Is it possible to let HAproxy push such an header for smtp without recompiling the kernel on my load balancer with Tproxy support? I hope it works as it works for http out of the box :) Kind regards, Michiel On 4/22/10 8:28 PM, Michiel van Es wrote: Yes That is the default smtp failover setup but I want to balance the load via a load balancer setup Mx records can not balance load Regards Michiel van Es Op 22 apr 2010 om 19:06 heeft Guillaume Bourque guillaume.bour...@gmail.com het volgende geschreven:\ Hi, Why dont you use 2 MX record with the same weight All email will come in to youre 2 servers. Just my 2¢ Bye Michiel van Es a écrit : Hi, I am running 2 mailservers with ASSP as a spam proxy. I use haproxy to load balance between the 2 mailservers. The problem is that the spam filter is seeing every connection coming from the load balancer and not the originating ip. Do you know how I make the connections from my HAproxy load balancer to my 2 mailservers transparent? Kind regards, Michiel -- Guillaume Bourque, B.Sc., consultant, infrastructures technologiques libres ! 514 576-7638
Re: question about transparancy
On Thu, Apr 22, 2010 at 09:47:51PM +0200, Michiel van Es wrote: Hmm, I found out that it is not supported for mode tcp: Starting HAproxy: [WARNING] 111/213701 (5089) : config : 'option forwardfor' ignored for proxy 'load_balanced_smtp' as it requires HTTP mode. [ OK ] Is this possible for the mode tcp and smtp and Haproxy? No, it is not supported. Maybe we'll support X-client one day, I don't know. It's easier to implement now with version 1.4 than it was in earlier versions. I don't see why you want to remove your LVS. It's perfectly fit for SMTP. Willy