Ironport C380 LDAP to A.D. lookup for valid recipient / D.C. load

sandy.wilson1 · ‎02-07-2018

Does anyone have any rough metric indication of load against GC/DC's while ldap lookups are taking place from Ironport appliances. We see around 100k attempted messages in a 24 hr period, ldap valid recipient checks will obviously have benefits for Exchange HT's however from a D.C./G.C. load perspective are there any concerns ?

Mathew Huynh · ‎02-07-2018

Hey Sandy,

This may not be a direct resolution response - however from the ESA load point of view and AD usage; 100k messages can be a board value - if they are of very large size and so on vs a lot of smaller emails - would contribute to different DC load values, while I do not have any rough figures. I would definitely recommend to monitor the size of emails the ESA is seeing/accepting to gauge how much load, memory and bandwidth your DC is seeing and would need to consult with your networking team to ensure that it's within safe/acceptable means.

LDAP side of things, LDAP is as the name states lightweight - if you're only running accept queries (or even group queries) as a lot of results get cached - more often than not, your AD side should be sufficient.

Regards,

Matthew

sandy.wilson1 · ‎02-13-2018

Thanks for the input Matthew, we do see a fair amount of attachments as well however it's relaly more the load in initial lookup for an 'accept'. It's likely we'll spin up another DC to deal with the more significant ldap load.

Mathew Huynh · ‎02-13-2018

Hey Sandy,

If the load is looking somewhat high - a good way to attempt to mitigate it is to increase the LDAP cache as well on the ESA, might slow down the amount of load going to your LDAP concerns.

But do let me know if there's anything that i can help you with.

Thanks,
Matthew