LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   backup postfix server on same LAN? (https://www.linuxquestions.org/questions/linux-networking-3/backup-postfix-server-on-same-lan-189198/)

SolidSnake 06-03-2004 07:59 AM

backup postfix server on same LAN?
 
Hello
I ave got postfix up and running but i want to make a backup server which automatically takes its place if the main one goes down.
I have found that with diffrent priorities on the MX recordes i can it but for that i need 2 diffrent IP address.
Is there any way i can set it so both servers can use the same Ip address and be on the same LAN?

LuggerHouse 06-03-2004 08:45 AM

You mean like a redondant server ??

set up looks like this:

MX record is 66.66.66.66

virtual adress id 66.66.66.66

PC1 adress is
eth0: 66.66.66.67
eth0:1: 66.66.66.66

PC2 adree is
eth0: 66.66.66.68

There is a monitoring sogtware on PC2 that makes eth0:1 66.66.66.66 if eth0:1 of PC1 does not answer anymore...

That imply no changes to MX record and is NOT a backup solution.

Otherwhyse, I dont see any other way you could have 2 PCs on the same LAN having the same IP getting different things :scratch:

Keep me posted on that one!

SolidSnake 06-03-2004 09:32 AM

i want it so that if server 1 goes down, server 2 accepts the mail insted.

Server 1 has ip 192.168.1.2 and server 2 has ip 192.168.1.2.
in my MX records i have setup so that all mail goes to my internet ip and my firewall/router is setup so everything on port 25 goes to server 1 (192.168.1.2).

I want to make it so that if server 1 goes down, all my mail goes to server 2 until server 1 is backup.

is this possible?

carlmarshall 06-03-2004 11:02 AM

Short answer, no!

You need more than one IP address for this to work otherwise you're trying to have 2 systems with the same IP on the same network. With several IP addresses we perform the same thing here, but use MX records with the same priority for load balancing. If one server is down, all the mail gets delivered to the other one. It does need 2 IPs though.

Carl.

LuggerHouse 06-03-2004 11:10 AM

Quote:

Originally posted by SolidSnake
i want it so that if server 1 goes down, server 2 accepts the mail insted.

Server 1 has ip 192.168.1.2 and server 2 has ip 192.168.1.2.
in my MX records i have setup so that all mail goes to my internet ip and my firewall/router is setup so everything on port 25 goes to server 1 (192.168.1.2).

I want to make it so that if server 1 goes down, all my mail goes to server 2 until server 1 is backup.

is this possible?

Ok, that is feasable. It is exactely the scenario I descibribed. So in order to make it reflect you network set up here's the scenario updated:


Server 1 has ip 192.168.1.1 and server 2 has ip 192.168.1.3
MX record is set to 192.168.1.2

You will need to change your server's ips to deflect the scenario I just mentionned.

Create an interface eth0:1 on Server 1 and give it the ip 192.168.1.2

develop a script that will validate connection acceptance from 192.168.1.2:25. if the script fails create an interface eth0:1 with ip 192.168.1.2

Now the problem with this strategy is to get back after Server one has come back on it's feet... I would suggest not to create the interface eth0:1 at startup and create it manualy after it comes back..

LuggerHouse 06-03-2004 11:17 AM

Quote:

Originally posted by carlmarshall
Short answer, no!

You need more than one IP address for this to work otherwise you're trying to have 2 systems with the same IP on the same network. With several IP addresses we perform the same thing here, but use MX records with the same priority for load balancing. If one server is down, all the mail gets delivered to the other one. It does need 2 IPs though.

Carl.

This is possible only with more than one public ip and I think SolidSnake doesn't have this...

But you where right about ip confict though...

carlmarshall 06-03-2004 11:33 AM

Luggerhouse,

Yes I did assume that Solidsnake only has one public IP and hence the solution I use would not be of any use.

If I've got this right, the solution you have come up with is for each server to start with an IP address (192.168.1.1 and 192.168.1.3) neither of which is the forwarded IP for mail, then the 1st server establishes the mail address (192.168.1.2) via a script so that mail is now delivered to it.

Meanwhile, server 2 monitors server 1 to check acceptance on port 25. If this fails, then it runs a script which establishes its own interface as the mail address (192.168.1.2).

That's quite a clever idea, well done!

The only issue I can see is if it's only the mail port (25) which is down, then there would be a problem with conflicting addresses. It would really be neccessary to test for a complete absence of the mail IP.

In addition, the 1st server would need to check that 192.168.1.2 is not already present before enabling this address. I'm thinking of a situation where the fallover has taken place and server 2 is now handling the mail. I suppose that both servers could be configured to check for each other in this manner, but then if both were started at the same time each would find no mail IP and both would initiate the network with the mail IP. I'm thinking of such an event as a power failure and recovery. Perhaps a delay on one system may solve it?

Carl.

p.s. Only one MX record would be required!

LuggerHouse 06-03-2004 11:52 AM

You are all right about the whole solution... It is not a terrible one but it was intended to give an idea of the manner it could be executed...

From my Point of view, the idea of having both server to check for each other is great. You are also right about the Server 1 not accepting connection but ip being up anyway. We would then need some extra checks and a mechanism to make Server 1 to down it's virtual interface in that case (maybe some CGI request on a http server on server1 or something like this...).

Also, in the case where server1 goes down and server 2 gets the IP, and than server1 is getting up again, I would not re-enable the virtual interface (this could be done in a script witch would detect the ip:25 validation) and I would make server1 to send a mail to say it's back and fallback should be done manualy.

Any other suggestions from anyone are still welcome... If there is other approaches I would be interested to hear them :) We made that kind on set-up in a e-payement environement requiring redonancy and almost 0$ to make it :D

Thanks!

SolidSnake 06-03-2004 01:10 PM

Koool thanks every 1.
hmmmm i dont really know much about making scripts but i'll look for in on google.
wouldent it be easier to take that idea but make the script on the firewall that checks if the email on server 1 is working and if it isn't, forward the port to server 2 insted?

carlmarshall 06-04-2004 04:31 AM

Solidsnake,

I think you're right. The advantage of doing this on the firewall / router is that there's no danger of conflicting IPs on the internal network, for example if the mail server alone stops responding but the interface is up.

I don't know what type of firewall / router you're using, but there must be some out there which allow for this kind of programming. Most of the cheaper ones I've come across have a very minimal menu driven programming interface and wouldn't allow for checking port availability.

Good luck with it, and if you come across a router (& script) which lets you do this, let us know. I'm sure that many of us would be interested.

Carl.

SolidSnake 06-04-2004 12:39 PM

kool im using shorewall as my firewall.


All times are GMT -5. The time now is 02:46 AM.