Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Ha mailserver, is possible active/active with "constant" connection?
Top Forums UNIX for Advanced & Expert Users Ha mailserver, is possible active/active with "constant" connection? Post 303045634 by Peasant on Sunday 5th of April 2020 03:52:15 AM
Old 04-05-2020
A small addon for active active - so traffic flows thru both haproxys.

You need 2 VIP address for keepalived, on one node first VIP is master, on another second VIP is master.
Both will be on one node in case of node failure.

Then, you add third entry on your DNS system (mymail.example.com) -> pointing to those two VIP addresses.
This is the record you 'attack' from outside with your clients.

Since both VIP IP addresses are always active, clients will be always be able to connect to both when DNS is queried.
Client attempts to make a connection to mymail.example.com ( one VIP is returned in RR fashion from the pool of two ) --> HAPROXY --> your mail server.

Setup sticky session in haproxy and make it listen on 0.0.0.0
Be sure to allow VRRP traffic between those two LB.

In case of failure, everything hicks wrote stands, clients connected to failed VIP will notice a short failover and reconnect to second node.
But only roughly 50% of those, since half of those went to another VIP using same DNS record.

Hope that helps
Regards
Peasant.
 

6 More Discussions You Might Find Interesting

1. Windows & DOS: Issues & Discussions

Windows Active Network Connection Override

Hi All, I use two Network Connections at work: Wireless and LAN. Wireless network has no limitations, but LAN internet has a web filter. I start a download using my Wireless conn. (At this point, LAN is disabled) But when I activate my LAN connection my download stops immediately. LAN... (4 Replies)
Discussion started by: kalavkalav
4 Replies

2. AIX

Question about HACMP for active-active mode

Hi all, I am new to HACMP. So sorry for the newie question. But I did search the forum and it seems that no one asks this before. So if a 2-node cluster runs in active-active mode (and the same application), what is the benefit of using HACMP ? If it runs in active-stanby, it is easy to... (9 Replies)
Discussion started by: qiulang
9 Replies

3. Solaris

Link based Active Active IPMP

Hi, I need to configure 4 ip address (same subnet and mask) in one ipmp group (two interfaces) in an active active formation (link based). Can some one provide the steps or a tutorial link. Thanks (2 Replies)
Discussion started by: Mack1982
2 Replies

4. Shell Programming and Scripting

Extract text between two specified "constant" texts using awk

Hi All, From the title you may know that this question has been asked several times and I have done lot of Googling on this. I have a Wikipedia dump file in XML format. All the contents are in one XML file i.e. all different topics have been put in one XML file. Now I need to separate them and... (1 Reply)
Discussion started by: shoaibjameel123
1 Replies

5. Linux

active mode ftp connection from linux

Hi, We have one java client which connects to a windows server through ftp in active mode and gets files. When we run this client on hp-ux, it is able to transfer 100k files. But when we run the same client on Linux server it is able to transfer only 200 files at max and it is hanging there... (1 Reply)
Discussion started by: urspradeep330
1 Replies

6. Shell Programming and Scripting

How do I calculate total number of active and non active hosts?

#!/bin/bash for digit in $(seq 1 10) do if ping -c1 -w2 192.168.1.$digit &> /dev/null then echo "192.168.1.$digit is UP" else echo "192.168.1.$digit is DOWN" fi done (3 Replies)
Discussion started by: fusetrips
3 Replies

LEARN ABOUT CENTOS

nsdb-parameters

NSDB-PARAMETERS(7)					 Miscellaneous Information Manual					NSDB-PARAMETERS(7)

NAME

       nsdb-parameters - NSDB connection parameters

INTRODUCTION

       RFC  5716  introduces the Federated File System (FedFS, for short).  FedFS is an extensible standardized mechanism by which system adminis-
       trators construct a coherent namespace across multiple file servers using file system referrals.  For further details, see fedfs(7).

       The bulk of FedFS metadata is stored on one or more LDAP servers.  These servers are known as namespace databases, or NSDBs, for short.	An
       NSDB client is any system that communicates with an NSDB.  This can be either a fileserver or an NSDB administrative client.

       On  NSDB  clients,  a small local database stores information about how to connect to each NSDB node.  These NSDB connection parameters are
       used when a fileserver contacts an NSDB node to resolve junctions, or when executing NSDB administrative commands.

       The settings in this database effect only the behavior of NSDB clients on the local system.  They have no effect on the operation  of  NSDB
       nodes or other NSDB clients.

DESCRIPTION

       Before  an  NSDB client may communicate with an NSDB node, that client must know how to contact the NSDB.  The client's local NSDB connnec-
       tion parameter database contains the DNS hostname, IP port number, and connection security type of each NSDB node that  can  be	contacted.
       Administrators must provide this information in advance.

   NSDB name equality
       The  local  NSDB  connection  parameter	database  is indexed by each NSDB node's DNS hostname and IP port number.  Two NSDB node names are
       equivalent if their respective DNS hostnames and port numbers are an exact match.

       Before matching, the special port value "0" is always mapped to the standard LDAP port "389."  Likewise, if no port is specified, "389"	is
       assumed.

       Upper and lower case are considered equivalent.	The IP addresses to which hostnames are bound are not considered when matching.

       For  example,  the  NSDB "nsdb.example.net:389 would share a database entry with "nsdb.EXAMPLE.NET:0", but not with "nsdb.example.net:636".
       If "nsdb.example.com:389" maps to 10.0.0.1 and "nsdb.example.net:389" also maps to that address, the database  maintains  separate  entries
       for each, although the same connection parameters may be set for both entries.

   Connection security
       One of two connection security types may be specified in an NSDB connection parameter entry:

       NONE   The local system communicates with the NSDB node in plain-text.  The local system performs no authentication of the NSDB node.

       TLS    The  local  system  always  uses Transport Layer Security when communicating with the NSDB node.	The local system authenticates the
	      NSDB node before making requests.  Integrity or encryption is used during communication.	Requests to the NSDB node fail	if  a  TLS
	      session cannot be established.

       NONE  is  a  low-overhead  mode for use when the network and the NSDB are trusted by all NSDB clients.  TLS is a high-security mode for use
       when NSDBs operate on untrusted public networks, but it requires the additional burden of creating and distributing x.509 certificates  for
       each NSDB.

       An NSDB node can operate in one of three security modes:

       Basic  NSDB clients connect to this NSDB node using only FEDFS_SEC_NONE security.

       Transitional
	      NSDB clients connect to this NSDB node using either FEDFS_SEC_NONE or FEDFS_SEC_TLS security.

       Secure NSDB clients connect to this NSDB node using only FEDFS_SEC_TLS security.

       An  NSDB  client  always uses the security type specified in its local NSDB connection parameter database for that NSDB node.  For greatest
       security, it is recommended that NSDB nodes be configured as secure NSDBs (see table above).

   x.509 certificates
       Administrators provide the certificate material used to authenticate an NSDB node in a PEM format file that contains an x.509v3 certificate
       chain.

       This file may contain just the public certificate of the Certificate Authority (CA) which signed the NSDB's certificate.  Or it may contain
       a chain of certificates that represents the full chain of trust for the NSDB node.  A self-signed CA certificate may be used to reduce  the
       burden of setting up NSDBs for your FedFS domain.

       Either  the fedfs-set-nsdb-params(8) command is used to transfer this material to a remote fileserver running a FedFS ADMIN service, or the
       nsdbparams(8) command is used to install this material in the NSDB connection parameter database on the local system.  For  both  commands,
       the file containing certificates for one NSDB is specified on the command line with the --certfile option.

       The certificate material provisioned via these commands is used for no other purpose on the local system than NSDB authentication.

SEE ALSO

       fedfs(7), nsdbparams(8), rpc.fedfsd(8), fedfs-set-nsdb-params(8)

       RFC 5661 for a description of NFS version 4 referrals

       RFC 5716 for FedFS requirements and overview

COLOPHON

       This  page  is  part  of  the  fedfs-utils  package.   A  description  of  the project and information about reporting bugs can be found at
       http://wiki.linux-nfs.org/wiki/index.php/FedFsUtilsProject.

AUTHOR

       Chuck Lever <chuck.lever@oracle.com>

								  3 February 2014						NSDB-PARAMETERS(7)
All times are GMT -4. The time now is 06:58 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy