Hi Andy, Please always CC the mailing list so that others can help you too and can learn from the discussion.
Franks Andy (IT Technical Architecture Manager) wrote: > Hi Holger, > Sorry, I will elaborate a bit more! > We are going to implement Microsoft exchange server 2010 (sp3) over two > AD sites. At the moment we have two servers, one at each site. > With a two site AD implementation with out-of-the-box settings, even if > the two sites are connected via a decent link, clients from site A are > not permitted to use the interface to the database (the CAS) at site B > to get to the database at site A, unless the whole site is down. > I would like to have 2 load balancing solutions - one at each site with > a primary connection to the server at same site, but then a failover if > that server goes down. > That's all fine, but it would be ideal if we had a load balancing > solution that could take connections from site A and route them to the > server at site B in normal situations too with some logic that said "If > client is from IP x.x.x.x, then always use server B" rather than A/B > depending on the hard coded weight. > It would open up lots more DR recovery potential for a multiple site > like this. Thinking about it, I can't really understand why it's not > done more - redirecting based on where something is coming from.. You > could redirect DMZ traffic one way and ordinary another without > complicated routing. > Am I missing a trick? > Thanks > Andy If I understood you right, you have two sites, each with an Exchange server and some clients. You normally want the clients on Site A to only connect to EXCH-A (exchange server at Site A). However, if the server is down, you want toe clients on Site A to connect to the exchange server on Site B instead. SITE A | SITE B --------------------------+-------------------------------- | Client-1A ---, | ,--- Client-2A \ | / Client-1B -- HAPROXY -----+---- HAPROXY -- Client-2B / \\ | // \ Client-1C ---' EXCH-A | EXCH-B `--- Client-2C | This is easily possible with a backend section where one server is designated as a backup server which will thus only used if all non-backup-servers are down: backend SMTP-A server exch-a 10.1.0.1:25 check server exch-b 10.2.0.1:25 check backup With this config, the primary server (exch-a) is used for all connections. If it is down, the backup server exch-b is used until exch-a is up again. Now, in order to route clients from Site B to their own exchange, even if they arrive on the HAproxy from Site A, you can define an additional backend with flipped roles: backend SMTP-B server exch-a 10.1.0.1:25 check backup server exch-b 10.2.0.1:25 check you can then route requests in the frontend to the appropriate backend based on the source IP: frontend smtp bind :25 acl from-site-a src 10.1.0.0/16 acl from-site-b src 10.2.0.0/16 use_backend SMTP-A if from-site-a use_backend SMTP-B if from-site-b default_backend SMTP-A I hope, this is clear. Please read the configuration manual regarding additional server options which can affect stickiness and handling of existing sessions on failover: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#5.2 Regards, Holger