I have some questions about clustering in Ironport:
Actually I have one IronPort C150 in "Standalone mode" with an ip adress who takes the mail flow (192.168.1.34)
We received a second Ironport for setup a cluster configuration between them.
My question are :
1) What happen for the mail flow if the first IronPort ( 192.168.1.34) move to a cluster configuration ? I have to configure a virtual address to be same of the original ip adress mail flow (192.168.1.34) or the cluster takes the original configuration of the first IronPort ?
2) If one Ironport Fail, the second IronPort automatically takes the mail? or i have to reconfigure manually the ip address ?
I have serious doubts about using a load balancer for SMTP.
Let’s assume that you have 4 machines behind one load balancer, thus sharing one IP address. If one of our four machines gets overloaded for some reason and starts backing off the traffic, all hosts that receive the "try again later" status notification receive that from your single IP address. This means that they do not switch over to another host like they would do if all four machines had their own IP and just share the MX record. For mail from the internet this situation might be acceptable, but imagine what happens if your internal mail servers start queuing mail for 15 minutes because they received "try again later".
Maybe I'm overlooking something that makes a load balancer a better (and not only more expensive) solution that MX records... please convince me! :wink:
I agree with your thoughts on MX records. The biggest benefit to using a load balancer is with the management. Once you start getting a large number of hosts in an MX record you start running into problems with senders correctly resolving your MX records due to inproper DNS configuration on the internet (UDP vs TCP). Standing up a large number of hosts behind some load balancers is one potential solution. This of course comes with its own set of challenges. I'm still using MX records, but at some point will need to look at having multiple machines behind each host in my MX records to cut down on the size of the returned record. I just wish I could get all of my application developers to write their apps to understand MX records. Load balancers have worked well for my outbound environment where most applications are pointing at a host name instead of an MX record.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :