Hi Andy,
Please always CC the mailing list so that others can help you too and
can learn from the discussion.
Franks Andy (IT Technical Architecture Manager) wrote:
> Hi Holger,
> Sorry, I will elaborate a bit more!
> We are going to implement Microsoft exchange server 2010 (sp3) over two
> AD sites. At the moment we have two servers, one at each site.
> With a two site AD implementation with out-of-the-box settings, even if
> the two sites are connected via a decent link, clients from site A are
> not permitted to use the interface to the database (the CAS) at site B
> to get to the database at site A, unless the whole site is down.
> I would like to have 2 load balancing solutions - one at each site with
> a primary connection to the server at same site, but then a failover if
> that server goes down.
> That's all fine, but it would be ideal if we had a load balancing
> solution that could take connections from site A and route them to the
> server at site B in normal situations too with some logic that said "If
> client is from IP x.x.x.x, then always use server B" rather than A/B
> depending on the hard coded weight.
> It would open up lots more DR recovery potential for a multiple site
> like this. Thinking about it, I can't really understand why it's not
> done more - redirecting based on where something is coming from.. You
> could redirect DMZ traffic one way and ordinary another without
> complicated routing.
> Am I missing a trick?
> Thanks
> Andy
If I understood you right, you have two sites, each with an Exchange
server and some clients. You normally want the clients on Site A to only
connect to EXCH-A (exchange server at Site A). However, if the server is
down, you want toe clients on Site A to connect to the exchange server
on Site B instead.
SITE A | SITE B
--------------------------+--------------------------------
|
Client-1A ---, | ,--- Client-2A
\ | /
Client-1B -- HAPROXY -----+---- HAPROXY -- Client-2B
/ \\ | // \
Client-1C ---' EXCH-A | EXCH-B `--- Client-2C
|
This is easily possible with a backend section where one server is
designated as a backup server which will thus only used if all
non-backup-servers are down:
backend SMTP-A
server exch-a 10.1.0.1:25 check
server exch-b 10.2.0.1:25 check backup
With this config, the primary server (exch-a) is used for all
connections. If it is down, the backup server exch-b is used until
exch-a is up again.
Now, in order to route clients from Site B to their own exchange, even
if they arrive on the HAproxy from Site A, you can define an additional
backend with flipped roles:
backend SMTP-B
server exch-a 10.1.0.1:25 check backup
server exch-b 10.2.0.1:25 check
you can then route requests in the frontend to the appropriate backend
based on the source IP:
frontend smtp
bind :25
acl from-site-a src 10.1.0.0/16
acl from-site-b src 10.2.0.0/16
use_backend SMTP-A if from-site-a
use_backend SMTP-B if from-site-b
default_backend SMTP-A
I hope, this is clear. Please read the configuration manual regarding
additional server options which can affect stickiness and handling of
existing sessions on failover:
http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2
Regards,
Holger
