Hi Alberto,
On Fri, Jun 27, 2008 at 08:43:55PM +0200, Alberto Giménez wrote:
> >> My current arrangement is simple. Two mail servers behind one
> >> firewall. Each mail server is mapped to a public ip address. What I
> >> want to achieve is a single ip address mapped to a load balance
> >> server, which distributes connections to X mail servers with HA and LB
> >> functionality.
> >>
> >
> > You can make it work in transparent mode if you patch your kernel for that.
> > Thus, it will present the client's IP address to the server. However, for
> > what you're trying to achieve, why don't you simply set up LVS on your
> > firewalls, using source-hash as the LB algorithm ? It would do exactly
> > what you're looking for : a given IP always to the same server, and no
> > undesired IP translation.
>
> Hi Willy, I think you misunderstood Grant. I think he doesn't want one
> IP per server, but one only VIP mapped to haproxy and let it balance
> connections to the backends.
Ah, you're right. I understood that he wanted that one source IP address would always be balanced to the same server, hence the source hash.
> Why would you recommend another software for a job that haproxy makes
> quite well? ;)
Without transparent mode, using haproxy in front of an incoming SMTP relay or server is not always the best thing to do, because it will not add any "Received:" header, and the server will only see haproxy's IP address. It is often very useful to be able to filter from and to log source IP addresses for incoming mails. It's even more true with anti-spam relays.
With transparent mode, haproxy will use the client's IP address to connect to the server. But this requires kernel patching.
However, LVS is enabled by default in most standard linux distros, and will do the job well too. Then, he can achieve the same result without patching his kernel, hence my suggestion.
Don't forget that haproxy is :
It is not a router. Since it has no added value in the points above for SMTP, I think that using the right tool for the job is important. Someday it could be improved to understand SMTP and provide a benefit there, though.
Regards,
Willy
Received on 2008/06/27 21:46
This archive was generated by hypermail 2.2.0 : 2008/06/27 22:00 CEST