Let me throw this one out on the table and see what others
think about it.
I put a mirrored set behind a linux box running
masquerade(nat) and
iptables. I have two nics in those servers. One nic on the
nat side of
the network and the other connected to the public side of
our network.
The nic on the mail servers attached to the public side does
not have an
ip address on it.
I setup iptables to forward external smtp traffic on port 25
to hit the
B server and let mirroring push mail over to the A server.
All customer
traffic hits the A server with users sending using SMTP Auth
on port 587.
If one of the mail servers go down, you just make a minor
change to the
init script for iptables and restart iptables on the NAT box
and all
traffic is pointed to the working mail server. No change
to DNS or
client machines.
The NAT box goes down? Just put the public ip address on
one of the
nics attached to the public switch. Again no change to DNS
or client
machines.
For our situation, we have a Barracuda box in front taking
in the
Internet email and doing the initial scrub on all email from
other
public email servers. On the both servers, we run ClamAV
using the Sane
Security sigs for an additional layer of spam and virus
scanning, plus
that catches anything coming in from our clients.
The Barracuda does down? Just add that public ip address to
the nat box
and traffic is flowing. No change to DNS or client
machines.
Have we had problems with mirroring? Yes, but working with
ChrisP(primarily) and the others at NetWin gets us a quick
resolution
and I can get things straightened out quickly.
Lyle
Jody McAlister wrote:
> If you mirror the servers and one goes down,you'll need
to either
> renumber the slave server or change the dns. Then
you'll not work for
> some clients as the dns will need to propagate. ISP's
like AT&T can
> cache your data longer than the ttl you have
specified.
>
> If you use two servers as live for some domains on one
and some
> domains on the other. Then the mess occurs as you try
to make the
> domains on the bad server point to the good server.
either by
> updating the dns. Or if they are in the same subnet,
add the failed
> ip to the network interface and you will be right up
and running again.
>
> On Mar 25, 2008, at 2:57 PM, Robert Hercz wrote:
>
>> ChrisP,
>>
>> We're also in the process of setting up mirrored
servers and this
>> confuses
>> me somewhat:
>>
>> I thought we could achieve maximum uptime by having
two servers on two
>> different public IP address (from two different
network providers),
>> and have
>> the MX record in our DNSs use one as a primary
(higher number) and
>> the other
>> as a secondary server.
>>
>> This would mean that both will receive e-mail, and
whenever we need
>> to take
>> a server down for whatever reason, the other would
send/receive as if
>> nothing happened.
>>
>> Can you please elaborate on what messy situations
we could run into if
>> mirroring should fail, and in which circumstances
mirroring actually
>> could
>> fail?
>>
>> Rgds,
>> Robert H.
>>
>> -----Opprinnelig melding-----
>> Fra: SurgeMail Support
[mailto:surgemail-support netwinsite.com]
>> Sendt: 25. mars 2008 22:37
>> Til: surgemail-listnetwinsite.com
>> Emne: Re: [SurgeMail List] Mirrored servers
>>
>> Mark Jones wrote:
>>> We are in the process of setting up 2 servers
that will be mirrored.
>>>
>>> I want to get clarafication on how we should be
using them. Should we
>>> limit traffic to only one of the servers and
use the other as a hot
>>> standby or can we direct traffic to both. When
I say traffic I mean
>>> ingoing and outgoing smtp as well as webmail.
>>>
>>> Thanx
>>>
>>
>> Hi,
>>
>> We recommend you direct traffic to only one, that
way the other is
>> simply a hot standby and if the mirroring fails,
then nothing bad
>> happens. If you run the traffic to both, and the
mirroring fails then
>> you have a 'mess' to untangle that
>> may be very ugly.
>>
>> But you 'can' send or receive email on both if you
wish, it just adds a
>> slight 'risk' which I personally don't like.
>>
>> ChrisP
>>
>>
>
>
|
