We've got 4 Ironports C600 and we use DNS Round Robin on MX. It works fine when all of the Ironport are working but I'm not sure about how it will work if one of them fails or if I put one of them in maintenance mode (suspendlistener). How this will be seen by external mail servers? Will they still send message to the faulty Ironport and get it bounced or will they know that this one is not rachable and send messages to one of the other?
Just one more question: Is there a risk that I loose emails?
Never, you will only get delay's based on the retry backoff interval which in the case of a single system failure might result in an extra minute in delivery time (for systems attempting to send to down IronPort appliance...not all mail servers).
My question was more, what happens if one of the Ironport is out of order during a week end? Are Mail Servers going to try sending emails towards one of the 3 left or are they going to keep trying on the one that is faulty until they stop trying? I'm asking this because we had a disk failure and one of the 4 was unavailable during 3 days but it was still declared on the DNS so I'm wondering if I lost any emails during that time.
I don't know if I'm clear enough on what I'm saying
Granted all your MX records have equal priority there is no risk as any MTA attempting delivery can only deliver to a host listening on port 25 for inbound SMTP connections, if unsuccessful it will attempt delivery to the next available record e.g. In this case if servers a,b, and c fail it will deliver to the next available servers, you will just simply have more inbound load on the other servers. I would recommend looking at something from Foundry Networks to load balance this more accurately and fail over as opposed to DNS RR.
Ordered IP addresses: (expiring at Tue Oct 20 09:37:10 2009 SAST) Preference IPs 1 18.104.22.168 22.214.171.124 126.96.36.199
I just was not sure whether the mail servers would try another address or not. Regarding the use of a load balancer, it would be difficult to implement given our architecture.
The fundamental answer is the more MX records provided the more high availability it creates but there is the opportunity for there to be more delay in mail delivery (in a case where multiple units die or are unavailable).
While having a load balancer might not work in your environment (typically geographical diversity) reducing MX records does reduce load, typically spammers/botnets will roll to all the listed MX records in an effort to dump their payload so reducing the number of MX records to one or two prevents excessive connection attempts by blocked sender. (this comment is more for general readership as opposed to the original poster).
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :