• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2164
  • Last Modified:

Loadbalancing for SMTP mail relay

I have two trendmicro IMSVA Antispam/Antivirus mail relay. I want to use it as load balancing and HA/failover. Which is the suitable method.
1. MX record Roud robin will work? If with same priority? Any chance to fail. If ok plese explain
2. Network level load balancing? Which device and how.

Please help
0
anishpeter
Asked:
anishpeter
  • 7
  • 7
  • 3
1 Solution
 
ArdiseisCommented:
Well to go with the KISS method (Keep It Simple Stupid) the real world timing of MX10 to MX20 to MX30 etc is miliseconds.
That being said if you can assign multiple Public IPs one for each device the ip on device 1 your MX10 record and the IP of device 2 MX20 on slow mail days MX10 will get 99% of your mail but it is even slightly slow to answer it will go to MX20 and then back to MX10 if needed just as mail MX records are intended to do.

I must say though unless you have a HUGE amount of Bandwidth to have 2 of these units on the same internet connection is a bit overkill for the above solution. The above solution works best if you have 2 internet connections thus with true failover.

If using both units on the same wan/lan segment I would have a easier time shelving one for a fully configured spare incase the main unit failed.

Any description of your enviroment and volume would help shape a solution.
0
 
rfc1180Commented:
>1. MX record Roud robin will work? If with same priority? Any chance to fail. If ok plese explain
Sure it will work, but in my opionon, use MX records what they were designed to for (They sure were not designed for load balancing; you can however, use DNS to provide load balancing/failover use multiple MX records, but this is called a poor mans load balancing solution. There are no healthchecks or any other load balancing algorithms that you can choose from; the idea is to have a scalable and reliable SMTP mail system. I would recommend in going with a network device that is designed to load balancing traffic.
2. Network level load balancing? Which device and how.
Barracuda and Coyotepoint are fairly cheap devices ($2000) and are still supported.
I believe the Brocade (formerly Foundry)  ServerIronXL will be end of life soon, but are great devices and you can get them fairly cheap.


Billy
0
 
anishpeterAuthor Commented:
Thanks Ardiseis and rfc.
Both of you prefer Network level load balancing. Right?
Anyone have exprerience with Citrix Netscaler load balancer of Cisco Layer 4 switch to load balancing and HA.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
anishpeterAuthor Commented:
Thanks Ardiseis and rfc.
One more thing. if MX records with same priority works fine, and no shortfalls( any one have bad experience?) Then why should we spend on hardware
But I think, Both of you prefer Network level load balancing. Right?
Anyone have exprerience with Citrix Netscaler load balancer of Cisco Layer 4 switch to load balancing and HA.
0
 
ArdiseisCommented:
I have not personally had any bad experience with like priority MX records. I have not seen the citrix netscaler outside of tech articles I have used a limited amount of Cisco and Barracuda content layer equipment with great success in my enviroment.
0
 
rfc1180Commented:
I have never used MX records to load balance any traffic; I have always use a lower and higher preference and used a load balancer on the lower preference and used the higher in case the load balanced environment failed. I have never used the Netscaler, but have used Cisco CSS and ACE and both performed beyond what I had expected.

>Then why should we spend on hardware
using hardware is much more scalable and reliable solution. Relying on DNS to load balance is bad practice and gives you no real benefits or options, as a matter of fact you can have email delayed in some circumstances. However, the real question is, how effective can DNS be in providing load balancing? It is all about the TTLs, which is the effects of caching, which can distort the effectiveness of any IP address DNS load balancing algorithm unless a 0 TTL is used (Not very advisable if you are a very business mail hosting provider. The effect could have a  significant increase of the load DNS and is not always implemented consistently.

Billy
0
 
anishpeterAuthor Commented:
Thanks, Billy,
Now i am in mind of no need of loadbalancing, Since I cannot reduce TTL for some of my domains ( 1 have mail domains). My Mail relay is capable of taking full load.
If  I am using my primary relay with priority 10 and secondary relay with priority 20, will the solution will be  Faoult tolerent/HA.  If my primary relay fails, all my mails need to flow to secondary? Will it work upto 85%? How much your confidence level.

Anish

0
 
rfc1180Commented:
failover.... very confident (100 percent)
0
 
ArdiseisCommented:
Same failover is 100% if you are not getting mail at that point all your equipment is in the dark!
0
 
anishpeterAuthor Commented:
You say I can go ahead with same priority for both mail relays or one below another for High avilability/Failover solution.
This is my last comment for this post.


Thanks
Peter
0
 
rfc1180Commented:
The preference is not used for load balancing, get that out of your head; if you want load balancing then get a hardware device

If you read RFC 5321 (http://tools.ietf.org/html/rfc5321), the lowest-numbered records are the most preferred. Yes. the phrasing (Priority/Preference) can be a bit confusing, think of the preference number as the distance: smaller distances are more preferable. An older RFC, RFC 974 (http://tools.ietf.org/html/rfc974), indicates that when the preference numbers are the same for two servers, they have the same priority, hence those two terms are used interchangeably.

Use best of both worlds, but you can use the 2 with the same preference; I personally prefer a "failover HA" type, if you want to call it that of a lower and higher preference.

domain.com.            21147      IN      MX      20 incoming02.domain.com
domain.com.            21147      IN      MX      10 incoming01.domain.com.
domain.com.            21147      IN      MX      10 incoming00.domain.com.

Billy
0
 
anishpeterAuthor Commented:
Billy,
I am not clear. you say yo more prefer lower and higher priority or same priority for failover
0
 
rfc1180Commented:
I prefer both
0
 
rfc1180Commented:
however, if I was to choose, it would be different priorities.
0
 
anishpeterAuthor Commented:
I head some old mail servers not adhere to RFC standards wont try to contact my second mail relay if first not reachable. Any idea about this?
0
 
rfc1180Commented:
>I head some old mail servers not adhere to RFC standards wont try to contact my second mail relay if first not reachable. Any idea about this?

yeah, their loss! You can not control who does not follow the RFC standards.

Eventually, if they need to get email to you, they will adhere. Of course this is not always feasible as this could mean a loss of revenue. Then your solution would be best to use MX records with the same priority.

Billy
0
 
anishpeterAuthor Commented:
Thanks Billy for your expert comments
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 7
  • 7
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now