[Dovecot] Load Balancing and HA
Hello,
I've been thinking about the best way to achieve load balancing and making my mail servers highly available. So far I believe I have 2 scenarios:
Scenario1: This should allow any to lose any of the servers and clients still have access to their emails (although I am not sure how the indexes would react to this and sudden disconnection)
2 Dovecot Proxy servers, using a virtual IP to where the clientswill connect to from the WAN and LAN
2 Dovecot+Postfix servers with local cache2 NFS servers and synced with dsync (mirror, 1 server writes toits own NFS and changes synced to the other via dsync)
Scenario2: Pretty much as above on the back end. However, with this there is no way to load balance users.
2 Dovecot+Postfix server with local cache2 NFS servers synced with dsyncMake use of DNS MX record priority to provide access to secondaryemail server
Anyone care to comment?
Thanks.
<BR CLEAR="ALL"> <hr style="border: 1px solid #CCC;"> <p style="font-style:italic; font-size:8pt; font-family:verdana; color:gray;">This document and attachments may contain technical data controlled under the U.S. International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR) and may not be exported to a Foreign Person, either in the U.S. or abroad, without the proper authorization by the U.S. Department of State or Department of Commerce, whichever is applicable. CONFIDENTIALITY NOTE: This electronic transmission, including all attachments, is directed in confidence solely to the person(s) to whom it is addressed, or an authorized recipient, and may not otherwise be distributed, copied or disclosed. The contents of the transmission may also be subject to intellectual property rights and such rights are expressly claimed and are not waived. If you have received this transmission in error, please notify the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. The recipient should check this e-mail and any attachments for the presence of viruses. Houston Sigma Technologies L.P. accepts no liability for any damage caused by any virus transmitted by this e-mail.</p>
I am actually going through the first stages of implementing your Scenario1. There is small difference: there will also be 2*Postfix relays also on the Dovecot Proxies. This allows placing them in a DMZ such that the "real" Dovecot/Postfix servers are placed away from the WAN.
After much arguing and thinking I decided to go with this option as the most basic and possibly the simplest way to achieve MY goals: the same setup to ease configuration (mostly done by users these days)
- fault tolerance of the entire system such that a failure will not impact mail delivery/access.
- distribute users on at least two Dovecot servers to help when peak times arrive.
- Ability to expand easily if demand rises
- No use of custom hardware
- Both internal (LAN) users and "away from office" (WAN) users will "see"
I should say that other more complicated setups like full blown clusters and distributed file systems have been rejected due to their complexity (and the fact we do not have experience with them). Our user base is around 3-4K of heavy users.
Andreas
On 29-05-2013 00:23, Romer Ventura wrote:
Hello,
I've been thinking about the best way to achieve load balancing and making my mail servers highly available. So far I believe I have 2 scenarios:
Scenario1: This should allow any to lose any of the servers and clients still have access to their emails (although I am not sure how the indexes would react to this and sudden disconnection)
2 Dovecot Proxy servers, using a virtual IP to where theclients will connect to from the WAN and LAN
2 Dovecot+Postfix servers with local cache2 NFS servers and synced with dsync (mirror, 1 serverwrites to its own NFS and changes synced to the other via dsync)
Scenario2: Pretty much as above on the back end. However, with this there is no way to load balance users.
2 Dovecot+Postfix server with local cache2 NFS servers synced with dsyncMake use of DNS MX record priority to provide access tosecondary email server
Anyone care to comment?
Thanks.
Am 29.05.2013 22:46, schrieb Andreas Kasenides:
I should say that other more complicated setups like full blown clusters and distributed file systems have been rejected due to their complexity (and the fact we do not have experience with them). Our user base is around 3-4K of heavy users.
i have no problems with storage ocfs2 on drbd maildir 4000 heavy users behind loadbalancers, its not that much complicated, also setups with nfs have their problems, you have to find a solution which fits best to your needs, tec skills and finance possibilities
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Romer Ventura schrieb:
Scenario1: This should allow any to lose any of the servers and clients still have access to their emails (although I am not sure how the indexes would react to this and sudden disconnection)
2 Dovecot Proxy servers, using a virtual IP to where the clientswill connect to from the WAN and LAN
2 Dovecot+Postfix servers with local cache
Your proxy won't reconnect a user to backend B if the backend A fails.
On 31-05-2013 12:57, Patrick Westenberg wrote:
Romer Ventura schrieb:
Scenario1: This should allow any to lose any of the servers and clients still have access to their emails (although I am not sure how the indexes would react to this and sudden disconnection)
2 Dovecot Proxy servers, using a virtual IP to where theclients will connect to from the WAN and LAN
2 Dovecot+Postfix servers with local cacheYour proxy won't reconnect a user to backend B if the backend A fails.
But doesn't that depend on how the vitual IP is managed ie what kind of system is behind it? For example a simple heartbeat setup would correct this at the cost of one machine sitting idle. Other setups using load balancers can correct this.
There is a better solution using the Director service of Dovecot where users are assigned to one of several bacend machines and disconnected when idle. Even, there is a script that monitors the health of the Director backends and adjusts accordingly (which I haven't personally tried yet). See http://wiki2.dovecot.org/Director http://www.dovecot.org/list/dovecot/2010-August/051946.html
On 31-05-2013 12:57, Patrick Westenberg wrote:
Romer Ventura schrieb:
Scenario1: This should allow any to lose any of the servers and clients still have access to their emails (although I am not sure how the indexes would react to this and sudden disconnection)
2 Dovecot Proxy servers, using a virtual IP to where theclients will connect to from the WAN and LAN
2 Dovecot+Postfix servers with local cacheYour proxy won't reconnect a user to backend B if the backend A fails.
But doesn't that depend on how the vitual IP is managed ie what kind of system is behind it? For example a simple heartbeat setup would correct this at the cost of one machine sitting idle. Other setups using load balancers can correct this.
There is a better solution using the Director service of Dovecot where users are assigned to one of several bacend machines and disconnected when idle. Even, there is a script that monitors the health of the Director backends and adjusts accordingly (which I haven't personally tried yet). See http://wiki2.dovecot.org/Director http://www.dovecot.org/list/dovecot/2010-August/051946.html
Well, I am successfully using Ucarp with apache and Mysql to handle the IP handover if a host is down. I also seem to remember reading that using dovecot proxy and deliver, it can send the user to a different backend if any of them are unreachable. If this is not possible, using keepalive/ucarp (since they are simpler than heartbeat) would solve this.
I try to stay away from clustering specially since XenServer cant do direct LUN to VM like VMWare can and to minimize the painful split-brain issues we would have to add a 3rd server for quorum...
We don’t have a large user base, but being able to shutdown do maintenance on a server during business hours is a plus. We do have a lot of traffic for oure user base, we see around 200K emails per week.
<BR CLEAR="ALL"> <hr style="border: 1px solid #CCC;"> <p style="font-style:italic; font-size:8pt; font-family:verdana; color:gray;">This document and attachments may contain technical data controlled under the U.S. International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR) and may not be exported to a Foreign Person, either in the U.S. or abroad, without the proper authorization by the U.S. Department of State or Department of Commerce, whichever is applicable. CONFIDENTIALITY NOTE: This electronic transmission, including all attachments, is directed in confidence solely to the person(s) to whom it is addressed, or an authorized recipient, and may not otherwise be distributed, copied or disclosed. The contents of the transmission may also be subject to intellectual property rights and such rights are expressly claimed and are not waived. If you have received this transmission in error, please notify the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. The recipient should check this e-mail and any attachments for the presence of viruses. Houston Sigma Technologies L.P. accepts no liability for any damage caused by any virus transmitted by this e-mail.</p>
We tried one time software solution, not very reliable under load, we move to coyotepoint equalizer hardware load balancer, very good cost and excellent reliable
On Wed, May 29, 2013 at 7:23 AM, Romer Ventura rventura@h-st.com wrote:
Hello,
I've been thinking about the best way to achieve load balancing and making my mail servers highly available. So far I believe I have 2 scenarios:
Scenario1: This should allow any to lose any of the servers and clients still have access to their emails (although I am not sure how the indexes would react to this and sudden disconnection)
2 Dovecot Proxy servers, using a virtual IP to where the clientswill connect to from the WAN and LAN
2 Dovecot+Postfix servers with local cache2 NFS servers and synced with dsync (mirror, 1 server writes toits own NFS and changes synced to the other via dsync)
Scenario2: Pretty much as above on the back end. However, with this there is no way to load balance users.
2 Dovecot+Postfix server with local cache2 NFS servers synced with dsyncMake use of DNS MX record priority to provide access tosecondary email server
Anyone care to comment?
Thanks.
<BR CLEAR="ALL"> <hr style="border: 1px solid #CCC;"> <p style="font-style:italic; font-size:8pt; font-family:verdana; color:gray;">This document and attachments may contain technical data controlled under the U.S. International Traffic in Arms Regulations (ITAR) or the Export Administration Regulations (EAR) and may not be exported to a Foreign Person, either in the U.S. or abroad, without the proper authorization by the U.S. Department of State or Department of Commerce, whichever is applicable. CONFIDENTIALITY NOTE: This electronic transmission, including all attachments, is directed in confidence solely to the person(s) to whom it is addressed, or an authorized recipient, and may not otherwise be distributed, copied or disclosed. The contents of the transmission may also be subject to intellectual property rights and such rights are expressly claimed and are not waived. If you have received this transmission in error, please notify the sender immediately by return electronic transmission and then immediately delete this transmission, including all attachments, without copying, distributing or disclosing same. The recipient should check this e-mail and any attachments for the presence of viruses. Houston Sigma Technologies L.P. accepts no liability for any damage caused by any virus transmitted by this e-mail.</p>
Am 06.06.2013 09:28, schrieb Nikolaos Milas:
On 6/6/2013 9:34 πμ, Edwardo Garcia wrote:
We tried one time software solution, not very reliable under load
Could you please provide some details of that software solution setup?
Thanks, Nick
for loadbalancing keepalived is easy to setup, and working nice here for imap/pop3/smtp/http including ssl versions
study i.e
http://www.hbyconsultancy.com/blog/two-nodes-load-balance-and-failover-with-...
http://www.keepalived.org/LVS-NAT-Keepalived-HOWTO.html
couldnt get better links fast, search more youreself , you dont need to use it with nat
Best Regards MfG Robert Schetterer
-- [*] sys4 AG
http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München
Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
participants (6)
-
Andreas Kasenides
-
Edwardo Garcia
-
Nikolaos Milas
-
Patrick Westenberg
-
Robert Schetterer
-
Romer Ventura