[181076] in North American Network Operators' Group
Re: Anycast provider for SMTP?
daemon@ATHENA.MIT.EDU (Bill Woodcock)
Mon Jun 15 14:14:57 2015
X-Original-To: nanog@nanog.org
From: Bill Woodcock <woody@pch.net>
In-Reply-To: <CAO0-hXZKU2gSt3vqj_p0B85xH=yt6RwXJfh_EY9HTzhygnj0Rg@mail.gmail.com>
Date: Mon, 15 Jun 2015 11:13:02 -0700
To: Joe Hamelin <joe@nethead.com>
Cc: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_F213535F-2951-443F-ADB7-3EF31C2D4060
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
charset=utf-8
> On Jun 15, 2015, at 10:50 AM, Joe Hamelin <joe@nethead.com> wrote:
>=20
> I have a mail system where there are two MX hosts, one in the US and =
one in
> Europe. Both have a DNS MX record metric of 10 so a bastardized
> round-robin takes place. This does not work so well when one site =
goes
> down. My solution will be to place a load balancer in a hosting site
> (virtual, of course) and have it provide HA. But what about HA for =
the
> LB?
It seems like you may be over-thinking this.
You could, in fact, use anycast, in one of two ways:
You could anycast the DNS, with servers in the US and Europe, and =
different MX metrics between the two, so anyone who=E2=80=99s nearby the =
European DNS server will see the European MX host as the first-choice, =
and anyone nearer the US DNS server will see the US MX host as =
first-choice.
Or you could skip the MX records, and just put both US and European SMTP =
servers on the same IP address, which would save a lot of steps and =
simplify the system, but leave you with the _very_ occasional =
corner-case of someone equal-path-length load-balancing traffic to you =
such that half of one TCP session goes to Europe, and half the the US. =
That=E2=80=99s a bogeyman that scares a lot of people into not using =
anycast for TCP services, particularly long-lived ones, but it=E2=80=99s =
a theoretical problem rather than an actually-observed-in-the-wild =
problem. But since it scares people, it=E2=80=99s probably safer just =
doing the DNS anycast, rather than SMTP anycast, to avoid startling the =
easily-upset out there. :-)
Either of these is vastly simpler and more reliable than trying to throw =
a load balancer into the mix. As you note, load balancers aren=E2=80=99t =
particularly HA. Always replace load balancers with crossconnects. =
Much more HA.
-Bill
--Apple-Mail=_F213535F-2951-443F-ADB7-3EF31C2D4060
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=signature.asc
Content-Type: application/pgp-signature;
name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJVfxWuAAoJEG+kcEsoi3+H1VIP/0jUug8e3XAGXEltyELu8p7H
M2IZLZ34U+D0b0hdWT3R+2bAIlX3BJ8L8eMK4RynIfwWN0y/LYAn0L95kafkoTuW
2/nZSdtHgc3hRaEkA0021LlEMyWJnGg0kAZ2p9G5ZXirdqrqFHN/hkENwVQgAMUT
FJ9pf2Eghs2H4Uq5IC6l9nhFJOpA+2eSgRRRPCQGtQ51QgGM04HYlZJBAZ262wHQ
CNV+FmvanjIFpcqsCctsQhJH4TbxBpyU4r3BAUQvOLvH5AwavS5qCQi13rXjJ4J3
MHev5NCQHDDwmFV+PdUdJYyOfIaDKycS6VFNAYWZsEmCIfHD2JidKTCMOfkWI3Oo
F+0k8JU/duIJR8AQQXWJsc6dttDL4vEIBoBgzpFuer35kAo9s7H5K3je5ziH+V0K
6Iz4x2sItzVsod0bUnAhtTgQ5aCTeQoX7FGqVVoJ5e6oayM73ayYvtxvcNNDL1i9
Yoq1RpqXpIOdQmh0tQq4baunCJyJ3eeTtBxSbvEmY1Wv+WrJfWqRBBzfhxPCJWug
pHShlgo74/m0QAvaB1Qs/sqixVqDAZnUSKBBFOX+3WR7IOsxHDTdhaAwwjHtPSrS
Nh2LfDC42kNi1SGLmFKkKqXqFPcoIhWmTCGR0LHBM8Ckpm6gRLUuS83CCwFDm1D+
tWMb5oSTvGuEOx66IHii
=t3ck
-----END PGP SIGNATURE-----
--Apple-Mail=_F213535F-2951-443F-ADB7-3EF31C2D4060--
