Solved

Loadbalancing for SMTP mail relay

Posted on 2010-08-28
17
2,101 Views
Last Modified: 2012-05-10
I have two trendmicro IMSVA Antispam/Antivirus mail relay. I want to use it as load balancing and HA/failover. Which is the suitable method.
1. MX record Roud robin will work? If with same priority? Any chance to fail. If ok plese explain
2. Network level load balancing? Which device and how.

Please help
0
Comment
Question by:anishpeter
  • 7
  • 7
  • 3
17 Comments
 
LVL 3

Expert Comment

by:Ardiseis
ID: 33549442
Well to go with the KISS method (Keep It Simple Stupid) the real world timing of MX10 to MX20 to MX30 etc is miliseconds.
That being said if you can assign multiple Public IPs one for each device the ip on device 1 your MX10 record and the IP of device 2 MX20 on slow mail days MX10 will get 99% of your mail but it is even slightly slow to answer it will go to MX20 and then back to MX10 if needed just as mail MX records are intended to do.

I must say though unless you have a HUGE amount of Bandwidth to have 2 of these units on the same internet connection is a bit overkill for the above solution. The above solution works best if you have 2 internet connections thus with true failover.

If using both units on the same wan/lan segment I would have a easier time shelving one for a fully configured spare incase the main unit failed.

Any description of your enviroment and volume would help shape a solution.
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33549644
>1. MX record Roud robin will work? If with same priority? Any chance to fail. If ok plese explain
Sure it will work, but in my opionon, use MX records what they were designed to for (They sure were not designed for load balancing; you can however, use DNS to provide load balancing/failover use multiple MX records, but this is called a poor mans load balancing solution. There are no healthchecks or any other load balancing algorithms that you can choose from; the idea is to have a scalable and reliable SMTP mail system. I would recommend in going with a network device that is designed to load balancing traffic.
2. Network level load balancing? Which device and how.
Barracuda and Coyotepoint are fairly cheap devices ($2000) and are still supported.
I believe the Brocade (formerly Foundry)  ServerIronXL will be end of life soon, but are great devices and you can get them fairly cheap.


Billy
0
 
LVL 1

Author Comment

by:anishpeter
ID: 33550295
Thanks Ardiseis and rfc.
Both of you prefer Network level load balancing. Right?
Anyone have exprerience with Citrix Netscaler load balancer of Cisco Layer 4 switch to load balancing and HA.
0
 
LVL 1

Author Comment

by:anishpeter
ID: 33550299
Thanks Ardiseis and rfc.
One more thing. if MX records with same priority works fine, and no shortfalls( any one have bad experience?) Then why should we spend on hardware
But I think, Both of you prefer Network level load balancing. Right?
Anyone have exprerience with Citrix Netscaler load balancer of Cisco Layer 4 switch to load balancing and HA.
0
 
LVL 3

Expert Comment

by:Ardiseis
ID: 33551167
I have not personally had any bad experience with like priority MX records. I have not seen the citrix netscaler outside of tech articles I have used a limited amount of Cisco and Barracuda content layer equipment with great success in my enviroment.
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33551209
I have never used MX records to load balance any traffic; I have always use a lower and higher preference and used a load balancer on the lower preference and used the higher in case the load balanced environment failed. I have never used the Netscaler, but have used Cisco CSS and ACE and both performed beyond what I had expected.

>Then why should we spend on hardware
using hardware is much more scalable and reliable solution. Relying on DNS to load balance is bad practice and gives you no real benefits or options, as a matter of fact you can have email delayed in some circumstances. However, the real question is, how effective can DNS be in providing load balancing? It is all about the TTLs, which is the effects of caching, which can distort the effectiveness of any IP address DNS load balancing algorithm unless a 0 TTL is used (Not very advisable if you are a very business mail hosting provider. The effect could have a  significant increase of the load DNS and is not always implemented consistently.

Billy
0
 
LVL 1

Author Comment

by:anishpeter
ID: 33551856
Thanks, Billy,
Now i am in mind of no need of loadbalancing, Since I cannot reduce TTL for some of my domains ( 1 have mail domains). My Mail relay is capable of taking full load.
If  I am using my primary relay with priority 10 and secondary relay with priority 20, will the solution will be  Faoult tolerent/HA.  If my primary relay fails, all my mails need to flow to secondary? Will it work upto 85%? How much your confidence level.

Anish

0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33552948
failover.... very confident (100 percent)
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 3

Expert Comment

by:Ardiseis
ID: 33553065
Same failover is 100% if you are not getting mail at that point all your equipment is in the dark!
0
 
LVL 1

Author Comment

by:anishpeter
ID: 33553183
You say I can go ahead with same priority for both mail relays or one below another for High avilability/Failover solution.
This is my last comment for this post.


Thanks
Peter
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33553233
The preference is not used for load balancing, get that out of your head; if you want load balancing then get a hardware device

If you read RFC 5321 (http://tools.ietf.org/html/rfc5321), the lowest-numbered records are the most preferred. Yes. the phrasing (Priority/Preference) can be a bit confusing, think of the preference number as the distance: smaller distances are more preferable. An older RFC, RFC 974 (http://tools.ietf.org/html/rfc974), indicates that when the preference numbers are the same for two servers, they have the same priority, hence those two terms are used interchangeably.

Use best of both worlds, but you can use the 2 with the same preference; I personally prefer a "failover HA" type, if you want to call it that of a lower and higher preference.

domain.com.            21147      IN      MX      20 incoming02.domain.com
domain.com.            21147      IN      MX      10 incoming01.domain.com.
domain.com.            21147      IN      MX      10 incoming00.domain.com.

Billy
0
 
LVL 1

Author Comment

by:anishpeter
ID: 33553250
Billy,
I am not clear. you say yo more prefer lower and higher priority or same priority for failover
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33553270
I prefer both
0
 
LVL 24

Expert Comment

by:rfc1180
ID: 33553272
however, if I was to choose, it would be different priorities.
0
 
LVL 1

Author Comment

by:anishpeter
ID: 33553296
I head some old mail servers not adhere to RFC standards wont try to contact my second mail relay if first not reachable. Any idea about this?
0
 
LVL 24

Accepted Solution

by:
rfc1180 earned 500 total points
ID: 33553356
>I head some old mail servers not adhere to RFC standards wont try to contact my second mail relay if first not reachable. Any idea about this?

yeah, their loss! You can not control who does not follow the RFC standards.

Eventually, if they need to get email to you, they will adhere. Of course this is not always feasible as this could mean a loss of revenue. Then your solution would be best to use MX records with the same priority.

Billy
0
 
LVL 1

Author Closing Comment

by:anishpeter
ID: 33553375
Thanks Billy for your expert comments
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

I wrote this article to help simplify the process of combining multiple subnets. This can be used for route summarization also but there are other better ways to summarize routes, This article is a result of questions I participate in here at Ex…
This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now