Active / Active = 2 x C150 How?

Unanswered Question
Apr 28th, 2009
User Badges:

Has anyone already done this kind of setup?

Once the ESA1 is down, it will automatically shift to ESA2.

How do we address this kind of setup..


DNS MX load balancing? How?

thanks

kira

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
kluu_ironport Tue, 04/28/2009 - 16:27
User Badges:

Unless you have a load balancer, the easiest way to have incoming mail mailover to the second ESA2 is to have two MX records with either different weights or the same weight. Ex.

example.com MX 10 mail1.example.com
example.com MX 20 mail2.example.com

If the two MX records have the same weight, then inbound mail has a 50% chance of hitting either machines. If they are different weight, inbound mail first tries the lowest number and then if it can't make a connection, will try the second higher MX record.

Currently, the ESA doesn't have a built-in way of failing over to another appliance.

Has anyone already done this kind of setup?

Once the ESA1 is down, it will automatically shift to ESA2.

How do we address this kind of setup..


DNS MX load balancing? How?

thanks

kira
steven_geerts Tue, 04/28/2009 - 22:34
User Badges:

For outbound traffic you can also use MX records. Unfortunately this feature is not that well known, I’ll try to explain how it works:.
You can assign a "hostname" to a so called "Named MX record" and use this in your smarthost configuration on (for example) Exchange and Domino. The trick works like this:
Get in contact with your DNS admin and ask him/her to add a named MX record to the DNS. A standard MX record is assigned to the domain. (example.local), a named MX record is similar to that but has a unique "hostname" within the domain "smarthost1.example.local".
The noted IP's are of course your Ironports. If you want to have one host primary responsible for your outbound mail, you assign this host a lower MX preference value than your other hosts. (Just like you do on your public MX records)
If you add this "hostname" in your "deliver all mail to this host" field in your Exchange of Domino outbound gateways they will use this like they would have used a normal A record. The big advantage is that your systems automatically switch to the other Ironport(s) if your primary outbound system(s) fail.

You can even add multiple of these named MX records to your domain. We have more that one Exchange (and Domino) environment and each system has its own MX records that are used for routing mail to that environment (al within the same domain).
The really good news is that you can use this very cheap solution (everyone has a DNS infrastructure) for load balancing and High Availability configuration of your mail systems, without having to invest in load balancers. (And without all disadvantages that come with those devices).

One remark: you can not “ping” a (named) MX record. If you want to query it, you have to use nslookup (or dig) and specific use the MX query mode. This can be a little confusing sometimes for your fellow admins who are not used to this.

Since this is a rather unknown feature/usage of MX record, I can imagine it's worth a topic on it's own. Please let me know and I will start it.

Best regards Steven


PS: not all systems support using MX records as configurable item for mail delivery. The most important one for us is the (java based) mailer daemon that is delivered with the IBM websphere suite.

angfeglandagan Wed, 04/29/2009 - 02:18
User Badges:

Thank you Steven for your inputs, that'll help enlighten some queries in my head.

Ill let you know once these things will be started soon.

-winters

Actions

This Discussion