|
"Matthew S. Crocker" wrote:
> > SMTP servers need access to DNS for reverse name lookup. If they
> > are LVS'ed in a VS-DR setup, won't this be a problem?
>
> You only need to make sure you have the proper forward and reverse lookup
> set. We have all our worker real IP's setup as cw1 - cw5 and the lvs
> setup as lvsd1 & lvsd2. The VIP is setup as cluster1, cluster2,
> cluster3...
>
> inbound mail to an SMTP server gets load balanced by the LVS but it still
> sees the orginal from IP of the sender and can do reverse lookups as
> normal.
>
> ourbound mail from an SMTP server makes connections from its real IP
> address which can be NAT'd by a firewall or not. That IP address can also
> be reverse looked up
"normally" (which I guess hasn't been defined yet), the real-servers in a VS-DR
setup have private IPs for the RIPs and hence they can't receive replies
from calls made to external name servers.
I would also assume that people would write filter rules to only
allow packets in and out of the real-servers that belong to the services
listed in the director's ipvsadm tables.
I take it that your LVS'ed SMTP servers can access external DNS servers,
either by NAT through the director, or in the case of VS-DR by having
public IPs and making calls from those IPs to external nameservers
via the default gw of the real-servers?
Joe
--
Joseph Mack PhD, Senior Systems Engineer, Lockheed Martin
contractor to the National Environmental Supercomputer Center,
mailto:mack.joseph@xxxxxxx ph# 919-541-0007, RTP, NC, USA
|
