Re: 2xC350 in High Availability Mode (Cluster Mode)

kaiserm_ironport · ‎07-30-2008

Hello all,

first of all, i`m a newbie in ironport. So Sorry for my basic questions, but i can`t find anything in the manuals.

I want to configure the two boxes in High Availability Mode (Cluster Mode) but i don`t understand the ironport cluster architecture.

1) in machine mode i can configure IP-Adresses -> OK
2) in Clustermode i can configure listeners and bind them to a IP-Address -> OK

But how works the HA?
A) Should i configure on both boxes the same IP to use one MX Record? And if one box is down the other takes over?

B) Or should i configure different IPs and configure two MX Records?
And if one box is down the second MX will be used.

Thanks in advance
Michael

verylongbloke_ironport · ‎07-30-2008

The ironport clustering is for policy distribution only - not for smtp load mgmt.

A) Should i configure on both boxes the same IP to use one MX Record? And if one box is down the other takes over?

Could do - using NAT'ing on the f/w but few large business take this approach today.

B) Or should i configure different IPs and configure two MX Records?
And if one box is down the second MX will be used.

This is preffered and may save money if you have bought them as a active/passive deployment. The passive unit will be 50% list price and have no support charge..so best to check with your sales team how you bough as well to snure you don't fall foul of licencing terms. The T's & C's effectively mean a passive unit is not live for more than 25% of the year.

Having 2 units that can send & receive spreads risk - if for any reason your primary mail server gets blacklisted for doing something bad..you can still deliver from the 2nd IP.

kaiserm_ironport · ‎07-30-2008

Thank you very much.
With the preffered configuration all my tests did run OK

Kind regards Michael

bfayne_ironport · ‎08-08-2008

The ironport clustering is for policy distribution only - not for smtp load mgmt.

A) Should i configure on both boxes the same IP to use one MX Record? And if one box is down the other takes over?

Could do - using NAT'ing on the f/w but few large business take this approach today.

Many/most large businesses use a HW loadbalancer like an F5, Foundry ServerIron, etc. The appliances themselves would be set up on seperate IP addresses. Depending on the implementation requirements, the internal IP address could be a public IP or a private IP.

B) Or should i configure different IPs and configure two MX Records?
And if one box is down the second MX will be used.

If you set up two boxes, even with a different MX preference, mail will be delivered to both MX records. There are broken SMTP implementations that get the priority backwards, and many spammers will intentionally attempt to exploit less-restrictive accept rules on secondary MX recievers and will send to them first.

jakub.jez · ‎08-27-2009

Hi, I have a question regarding centralized management.

I had standalone applliance (IronPort 1) with complete configuration and then created a cluster and joined another appliance (IronPort 2). IP2 is used for failover in case of IP1 failure. Now I have two listeners (Incoming and Outgoing) and 4 interfaces. Incoming listener is bind to Public interface of IP1 and Outgoing is bind to Private interface of IP1.

Should I create another listeners (In and Out) for IP2? So IP2 can receive and send emails in case of IP1 failure?

pirato1428 · ‎08-31-2009

Hi jakub.jez

It depends mainly on how your failover works. The whole idea of centralized management (clustering) would be to manage your configuration and since the standalone IP was doing the work joining IP2 to this cluster would have been sufficient to have both IP's perform both functions (incoming and outgoing).

If IP1 still has this config then just run an config update (clusterconfig) on the 2nd IP. It's best I think to manage this config from one central place so you do not end up with different configurations on the IP's.