Re: mail servers + ldap load balancing

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Tuesday, August 10, 2004 2:10 PM -0400 James Courtney 
<Jcourtney@inphonic.com> wrote:

> We have an environment with several mail servers (currently 3) each
> running various SMTP, POP, and IMAP.  The software utilized is Postfix
> (with Courier maildrop) and Courier pop3d and imapd.  All of these
> authenticate against our OpenLDAP server(s).  We are entertaining a
> couple of replication/loadbalancing scenareos:
>
> For both scenareos place the master LDAP server on a dedicated machine.
>
> - Scenareo I -
>
> Each mail server has it's own replicated instance of OpenLDAP running and
> references it using localhost for minumum network latency/utilization.
>
>
> - Scenareo II -
>
> We maintain a cluster or repliated OpenLDAP instances (possibly running
> on each mail server) and these are IP load balanced and referenced
> through a single domain name.
>
>
>
> Which of these if preferable?  Should we consider something different?

I'd say II is preferable, because then load generated by the mail delivery 
system does not effect the response time of the directory service. 
Scenario II is essentially what Stanford does (we have 3 email routing 
systems that query 3 load-balanced OpenLDAP servers).

With today's high level of spam and virus related traffic, the sudden 
floods of email against a shared set of servers could have a particularly 
adverse affect.

You might find:

<http://tools.stanford.edu/cricket?target=/ldap>

interesting.  I suggest looking at the "binds-mail" and "searches-mail" 
categories.  These two sections document the connections from our email 
routers to our email dedicated directory servers.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html