Hello All,
I would definitly just use keepalied to have 1 VIP in service in 1 SMTP server and redirect all outside SMTP traffic to the VIP. You do that twice for your two public IP and you can use both of your SMTP server.
To configure keepealived it will take 15 minutes and the solution is almost done ;-)
In keepalived you only need to put server SMTP1 master for the first VIP and server SMTP2 master for the VIP # 2
Very simple solution and keealiped is runnig fine for us ( you need to enable multicast between both smtp server)
My 2 ˘
2008/6/27 Willy Tarreau <w#1wt.eu>:
> Hi Alberto,
>
> On Fri, Jun 27, 2008 at 08:43:55PM +0200, Alberto Giménez wrote:
> > >> My current arrangement is simple. Two mail servers behind one
> > >> firewall. Each mail server is mapped to a public ip address. What I
> > >> want to achieve is a single ip address mapped to a load balance
> > >> server, which distributes connections to X mail servers with HA and LB
> > >> functionality.
> > >>
> > >
> > > You can make it work in transparent mode if you patch your kernel for
> that.
> > > Thus, it will present the client's IP address to the server. However,
> for
> > > what you're trying to achieve, why don't you simply set up LVS on your
> > > firewalls, using source-hash as the LB algorithm ? It would do exactly
> > > what you're looking for : a given IP always to the same server, and no
> > > undesired IP translation.
> >
> > Hi Willy, I think you misunderstood Grant. I think he doesn't want one
> > IP per server, but one only VIP mapped to haproxy and let it balance
> > connections to the backends.
>
> Ah, you're right. I understood that he wanted that one source IP address
> would always be balanced to the same server, hence the source hash.
>
> > Why would you recommend another software for a job that haproxy makes
> > quite well? ;)
>
> Without transparent mode, using haproxy in front of an incoming SMTP relay
> or server is not always the best thing to do, because it will not add any
> "Received:" header, and the server will only see haproxy's IP address.
> It is often very useful to be able to filter from and to log source IP
> addresses for incoming mails. It's even more true with anti-spam relays.
>
> With transparent mode, haproxy will use the client's IP address to connect
> to the server. But this requires kernel patching.
>
> However, LVS is enabled by default in most standard linux distros, and will
> do the job well too. Then, he can achieve the same result without patching
> his kernel, hence my suggestion.
>
> Don't forget that haproxy is :
> 1) a proxy
> 2) a layer 7 HTTP load balancer
>
> It is not a router. Since it has no added value in the points above for
> SMTP, I think that using the right tool for the job is important. Someday
> it could be improved to understand SMTP and provide a benefit there,
> though.
>
> Regards,
> Willy
>
>
>
-- Guillaume Bourque, B.Sc., consultant, infrastructures technologiques Logisoft Technologies inc. 514 576-7638 http://www.logisoftech.comReceived on 2008/06/28 02:57
This archive was generated by hypermail 2.2.0 : 2008/06/28 03:00 CEST