Re: Failover for business continuity
Ram wrote the following on 5/30/2012 8:53 AM: On 05/30/2012 02:26 PM, Eric Luyten wrote: On Wed, May 30, 2012 9:24 am, Ram wrote: On 05/30/2012 12:43 PM, Dmitry Banschikov wrote: On 05/30/2012 10:52 AM, Ram wrote: I am trying to setup a remote cyrus-replica to a different geographical location for business continuity. In case the main server goes down the users will get switched to the remote server by making a DNS change. The only issue is DNS replication would take a long time so the switch is not instantaneous. How would one make the switch instantaneous ? Moving the IP is not possible because the Remote server is on a different network You can set TTL of RR to very small value (say 60 seconds). In this case, DNS change will be propagated fast. But I have seen some DNS clients , especially on windows , do not honor TTL. For a 10 minute TTL , even after 4 hours the windows server keeps resolving to the old server Ram, Correct. Some OSes/applications/resolver libraries will keep on using the 'old' values until *they* see fit. DNS-based failover is (and always has been) a very low cost, halfbaked solution. Been there, done that... Eric. So if not DNS based fail over , what is the other alternative. I cant move the IP , or re-announce BGP I cant have both servers in active-active mode You could use a VPN to easily move the IP address from one location to another. This could be accomplished in several ways: a site-to-site L2 VPN allowing the use of a single subnet at both locations; an imap server to router VPN allowing whichever server has an active VPN connection to assume the active IP; I'm sure there are others. I would think a VPN would be simpler and thus more reliable than using a front end proxy. --Blake Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Failover for business continuity
On 05/30/2012 10:52 AM, Ram wrote: I am trying to setup a remote cyrus-replica to a different geographical location for business continuity. In case the main server goes down the users will get switched to the remote server by making a DNS change. The only issue is DNS replication would take a long time so the switch is not instantaneous. How would one make the switch instantaneous ? Moving the IP is not possible because the Remote server is on a different network You can set TTL of RR to very small value (say 60 seconds). In this case, DNS change will be propagated fast. -- Dmitry Banschikov smime.p7s Description: S/MIME Cryptographic Signature Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Failover for business continuity
On 05/30/2012 12:43 PM, Dmitry Banschikov wrote: On 05/30/2012 10:52 AM, Ram wrote: I am trying to setup a remote cyrus-replica to a different geographical location for business continuity. In case the main server goes down the users will get switched to the remote server by making a DNS change. The only issue is DNS replication would take a long time so the switch is not instantaneous. How would one make the switch instantaneous ? Moving the IP is not possible because the Remote server is on a different network You can set TTL of RR to very small value (say 60 seconds). In this case, DNS change will be propagated fast. But I have seen some DNS clients , especially on windows , do not honor TTL. For a 10 minute TTL , even after 4 hours the windows server keeps resolving to the old server Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Failover for business continuity
On Wed, May 30, 2012 9:24 am, Ram wrote: On 05/30/2012 12:43 PM, Dmitry Banschikov wrote: On 05/30/2012 10:52 AM, Ram wrote: I am trying to setup a remote cyrus-replica to a different geographical location for business continuity. In case the main server goes down the users will get switched to the remote server by making a DNS change. The only issue is DNS replication would take a long time so the switch is not instantaneous. How would one make the switch instantaneous ? Moving the IP is not possible because the Remote server is on a different network You can set TTL of RR to very small value (say 60 seconds). In this case, DNS change will be propagated fast. But I have seen some DNS clients , especially on windows , do not honor TTL. For a 10 minute TTL , even after 4 hours the windows server keeps resolving to the old server Ram, Correct. Some OSes/applications/resolver libraries will keep on using the 'old' values until *they* see fit. DNS-based failover is (and always has been) a very low cost, halfbaked solution. Been there, done that... Eric. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Failover for business continuity
On 05/30/2012 02:26 PM, Eric Luyten wrote: On Wed, May 30, 2012 9:24 am, Ram wrote: On 05/30/2012 12:43 PM, Dmitry Banschikov wrote: On 05/30/2012 10:52 AM, Ram wrote: I am trying to setup a remote cyrus-replica to a different geographical location for business continuity. In case the main server goes down the users will get switched to the remote server by making a DNS change. The only issue is DNS replication would take a long time so the switch is not instantaneous. How would one make the switch instantaneous ? Moving the IP is not possible because the Remote server is on a different network You can set TTL of RR to very small value (say 60 seconds). In this case, DNS change will be propagated fast. But I have seen some DNS clients , especially on windows , do not honor TTL. For a 10 minute TTL , even after 4 hours the windows server keeps resolving to the old server Ram, Correct. Some OSes/applications/resolver libraries will keep on using the 'old' values until *they* see fit. DNS-based failover is (and always has been) a very low cost, halfbaked solution. Been there, done that... Eric. So if not DNS based fail over , what is the other alternative. I cant move the IP , or re-announce BGP I cant have both servers in active-active mode Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Failover for business continuity
On Wed, 30 May 2012, Ram wrote: So if not DNS based fail over , what is the other alternative. I cant move the IP , or re-announce BGP I cant have both servers in active-active mode DNS failover is your best overall option for this case unless you an exceptionally large budget to spend on this. You would need to do some research on how many of your end-user clients suffer from non-conforming DNS resolution behaviours and just send them instructions on how to manually refresh the DNS records when they complain they can't reach the email server. Depending on which failure modes you regard as most likely or damaging, you could announce via DNS a proxy IP which redirects to a working back-end. You would need to be confident that proxy IP would provide higher availability than your mail server though. - Mark Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Failover for business continuity
On 05/30/12 19:23 +0530, Ram wrote: On 05/30/2012 02:26 PM, Eric Luyten wrote: On Wed, May 30, 2012 9:24 am, Ram wrote: On 05/30/2012 12:43 PM, Dmitry Banschikov wrote: On 05/30/2012 10:52 AM, Ram wrote: I am trying to setup a remote cyrus-replica to a different geographical location for business continuity. In case the main server goes down the users will get switched to the remote server by making a DNS change. The only issue is DNS replication would take a long time so the switch is not instantaneous. How would one make the switch instantaneous ? Moving the IP is not possible because the Remote server is on a different network You can set TTL of RR to very small value (say 60 seconds). In this case, DNS change will be propagated fast. But I have seen some DNS clients , especially on windows , do not honor TTL. For a 10 minute TTL , even after 4 hours the windows server keeps resolving to the old server Ram, Correct. Some OSes/applications/resolver libraries will keep on using the 'old' values until *they* see fit. DNS-based failover is (and always has been) a very low cost, halfbaked solution. Been there, done that... Eric. So if not DNS based fail over , what is the other alternative. I cant move the IP , or re-announce BGP I cant have both servers in active-active mode You could configure Cyrus frontends (proxies) located at both locations. If there is a backend failure, then you wouldn't need to depend on DNS propagation for restoration of service. That would gain you a higher level of availability in the case where your network, and your frontends, have greater stability than your backends. You could also implement BGP anycasting for your DNS servers and/or your frontends, which is how I understand the content distribution networks implement failover. -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
