Re: High avaliabilty for IMAP/PROXY
Ken, k...@rice.edu schrieb (22.09.2014 15:43 Uhr): On Mon, Sep 22, 2014 at 03:09:13PM +0200, Marc Patermann wrote: k...@rice.edu schrieb (18.09.2014 21:43 Uhr): These are all located behind our Citrix Netscaler boxes. You should be able to replicate their function with either haproxy or nginx. What does the Netscaler do in this scenario? The Netscaler provides redundant and load-balanced access to the IMAP/POP3 backends with automated fail-over. I was not aware the Netscaler can do that, thank you for the hint! Marc Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: High avaliabilty for IMAP/PROXY
k...@rice.edu schrieb (18.09.2014 21:43 Uhr): On Thu, Sep 18, 2014 at 12:07:57PM -0700, Vincent Fox wrote: On 9/18/2014 11:58 AM, Fabio S. Schmidt wrote: Does anyone have any better ideas to improve the high availability? I was wondering about using HAPROXY vs NGINX but I do not know their behaviours in cases like I mentioned above. We have for about 8 years used Perdition for POP/IMAP proxy. 3 simple Linux boxes in a load balanced pool. Friends don't let friends do Round Robin DNS. You can't count on removing DNS entries, since propagation can be very slow and some clients don't even respect TTL. We also used Perdition here for our POP3/IMAP proxy. Unfortunately, its process per connection resulted in an enormous resource footprint when everyone was connected to the server. In addition, the startup stampede of processes completely swamped the frontends crippling the performance until a steady state was reached. As a result, we moved to using NGINX as our POP3/IMAP proxy. Now a single-box can carry the connection load that 4 or more boxes struggled with along with better responsiveness and performance to boot. These are all located behind our Citrix Netscaler boxes. You should be able to replicate their function with either haproxy or nginx. What does the Netscaler do in this scenario? Marc Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: High avaliabilty for IMAP/PROXY
On Mon, Sep 22, 2014 at 03:09:13PM +0200, Marc Patermann wrote: k...@rice.edu schrieb (18.09.2014 21:43 Uhr): These are all located behind our Citrix Netscaler boxes. You should be able to replicate their function with either haproxy or nginx. What does the Netscaler do in this scenario? Marc The Netscaler provides redundant and load-balanced access to the IMAP/POP3 backends with automated fail-over. Regards, Ken Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: High avaliabilty for IMAP/PROXY
Hi, Quoting Fabio S. Schmidt fa...@improve.inf.br: Hi, - Sorry if it seems to be a little off-topic - We have deployed Cyrus Aggregator and currently we provide load balancing and high availability for the Cyrus Front Ends through DNS. With this scenario, if a Frontend is unavailable it will receive connections unless we remove it from the DNS record for the IMAP service. Does anyone have any better ideas to improve the high availability? I was wondering about using HAPROXY vs NGINX but I do not know their behaviours in cases like I mentioned above. We use ClusterIP for load balancing and HA. With ClusterIP you use one IP for all of your Cyrus Front Ends. The ClusterIP will use a multicast MAC an the local firewall cluisterIP rule determin which of the frontends will be used, by hashing source IP, [source Port], [destination Port] in a hash. These hash is distributed to N buckets and each bucket must be serviced by one of your front ends. If one front end goes down you configure the buckets of that front end on the other front ends. http://www.rkeene.org/projects/info/wiki/102 http://www.linux-ha.org/ClusterIP M.MengeTel.: (49) 7071/29-70316 Universität Tübingen Fax.: (49) 7071/29-5912 Zentrum für Datenverarbeitung mail: michael.me...@zdv.uni-tuebingen.de Wächterstraße 76 72074 Tübingen smime.p7s Description: S/MIME Signatur Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: High avaliabilty for IMAP/PROXY
Thanks Ken and Michael for the answers ! Kind regards, Fabio On 19 September 2014 04:49, Michael Menge michael.me...@zdv.uni-tuebingen.de wrote: Hi, Quoting Fabio S. Schmidt fa...@improve.inf.br: Hi, - Sorry if it seems to be a little off-topic - We have deployed Cyrus Aggregator and currently we provide load balancing and high availability for the Cyrus Front Ends through DNS. With this scenario, if a Frontend is unavailable it will receive connections unless we remove it from the DNS record for the IMAP service. Does anyone have any better ideas to improve the high availability? I was wondering about using HAPROXY vs NGINX but I do not know their behaviours in cases like I mentioned above. We use ClusterIP for load balancing and HA. With ClusterIP you use one IP for all of your Cyrus Front Ends. The ClusterIP will use a multicast MAC an the local firewall cluisterIP rule determin which of the frontends will be used, by hashing source IP, [source Port], [destination Port] in a hash. These hash is distributed to N buckets and each bucket must be serviced by one of your front ends. If one front end goes down you configure the buckets of that front end on the other front ends. http://www.rkeene.org/projects/info/wiki/102 http://www.linux-ha.org/ClusterIP M.MengeTel.: (49) 7071/29-70316 Universität Tübingen Fax.: (49) 7071/29-5912 Zentrum für Datenverarbeitung mail: michael.me...@zdv.uni-tuebingen.de Wächterstraße 76 72074 Tübingen Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus -- My best regards, Fabio Soares Schmidt Linux Professional Institute - LPIC-3 Microsoft Certified Technology Specialist: Active Directory Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: High avaliabilty for IMAP/PROXY
On 9/18/2014 11:58 AM, Fabio S. Schmidt wrote: Hi, - Sorry if it seems to be a little off-topic - We have deployed Cyrus Aggregator and currently we provide load balancing and high availability for the Cyrus Front Ends through DNS. With this scenario, if a Frontend is unavailable it will receive connections unless we remove it from the DNS record for the IMAP service. Does anyone have any better ideas to improve the high availability? I was wondering about using HAPROXY vs NGINX but I do not know their behaviours in cases like I mentioned above. We have for about 8 years used Perdition for POP/IMAP proxy. 3 simple Linux boxes in a load balanced pool. Friends don't let friends do Round Robin DNS. You can't count on removing DNS entries, since propagation can be very slow and some clients don't even respect TTL. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: High avaliabilty for IMAP/PROXY
Thanks Vincent and Simon for the answers ! I am studying the Perdition and LVS-DR solutions ! Kind regards, Fabio On 18 September 2014 16:38, Simon Amor simon.a...@daily.co.uk wrote: On 18 Sep 2014, at 19:58, Fabio S. Schmidt fa...@improve.inf.br wrote: Hi, - Sorry if it seems to be a little off-topic - We have deployed Cyrus Aggregator and currently we provide load balancing and high availability for the Cyrus Front Ends through DNS. With this scenario, if a Frontend is unavailable it will receive connections unless we remove it from the DNS record for the IMAP service. Does anyone have any better ideas to improve the high availability? I was wondering about using HAPROXY vs NGINX but I do not know their behaviours in cases like I mentioned above. We use LVS-DR with a cluster of 3 Cyrus pop/imap servers where servers 1 and 2 use heartbeat to failover the inbound IP in the event of an outage. They also handle outbound authenticated SMTP, again with LVS-DR. http://www.linuxvirtualserver.org/VS-DRouting.html Simon -- Simon Amor Daily Internet Services Ltd T: +44 (0)115 973 7260 W: http://www.daily.co.uk/ -- My best regards, Fabio Soares Schmidt Linux Professional Institute - LPIC-3 Microsoft Certified Technology Specialist: Active Directory Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: High avaliabilty for IMAP/PROXY
On Thu, Sep 18, 2014 at 12:07:57PM -0700, Vincent Fox wrote: On 9/18/2014 11:58 AM, Fabio S. Schmidt wrote: Hi, - Sorry if it seems to be a little off-topic - We have deployed Cyrus Aggregator and currently we provide load balancing and high availability for the Cyrus Front Ends through DNS. With this scenario, if a Frontend is unavailable it will receive connections unless we remove it from the DNS record for the IMAP service. Does anyone have any better ideas to improve the high availability? I was wondering about using HAPROXY vs NGINX but I do not know their behaviours in cases like I mentioned above. We have for about 8 years used Perdition for POP/IMAP proxy. 3 simple Linux boxes in a load balanced pool. Friends don't let friends do Round Robin DNS. You can't count on removing DNS entries, since propagation can be very slow and some clients don't even respect TTL. We also used Perdition here for our POP3/IMAP proxy. Unfortunately, its process per connection resulted in an enormous resource footprint when everyone was connected to the server. In addition, the startup stampede of processes completely swamped the frontends crippling the performance until a steady state was reached. As a result, we moved to using NGINX as our POP3/IMAP proxy. Now a single-box can carry the connection load that 4 or more boxes struggled with along with better responsiveness and performance to boot. These are all located behind our Citrix Netscaler boxes. You should be able to replicate their function with either haproxy or nginx. Regards, Ken Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
