Hi Grant,
On Tue, Jun 24, 2008 at 09:17:32PM +1000, Grant Maxwell wrote:
> Hi Folks
>
> I'm running an email environment and want to implement a HA/load
> balancing solution. I was looking at a low end solution, pen, which at
> first glance looked promising. It fell over for me because the mail
> server sees the connection as coming from the Load Balance (LB)
> server, rather than the original client. That seemed to be the only
> problem, understanding the limitations of pen product.
This is a common problem to all proxy-based LBs.
> So, on the hunt again I found haproxy. I've been looking at it but
> can't definitively determine if it will do what I want and therefore
> thought I would put it to you wise and knowledgeable folk.
>
> So
>
> My current arrangement is simple. Two mail servers behind one
> firewall. Each mail server is mapped to a public ip address. What I
> want to achieve is a single ip address mapped to a load balance
> server, which distributes connections to X mail servers with HA and LB
> functionality.
>
> All these servers are on one site & one subnet.
>
> I have a secondary site and would like to replicate the entire
> configuration at the second site.
>
> A critical property is that the original connecting client ip address
> must be presented to the mail server as the connecting address.
>
> The only protocol in use is SMTP.
>
> Is HAPROXY the right place to be?
You can make it work in transparent mode if you patch your kernel for that. Thus, it will present the client's IP address to the server. However, for what you're trying to achieve, why don't you simply set up LVS on your firewalls, using source-hash as the LB algorithm ? It would do exactly what you're looking for : a given IP always to the same server, and no undesired IP translation.
regards,
Willy
Received on 2008/06/25 06:54
This archive was generated by hypermail 2.2.0 : 2008/06/25 07:00 CEST