Mail-SeCure Load Balancing



Similar documents
A SURVEY OF POPULAR CLUSTERING TECHNOLOGIES

Astaro Deployment Guide High Availability Options Clustering and Hot Standby

Layer 3 Redundancy with HSRP By Sunset Learning Instructor Andrew Stibbards

High Availability and Clustering

How To Configure The Fortigate Cluster Protocol In A Cluster Of Three (Fcfc) On A Microsoft Ipo (For A Powerpoint) On An Ipo 2.5 (For An Ipos 2.2.5)

Architectures Haute-Dispo Joffrey MICHAÏE Consultant MySQL

DOWNTIME CAN SPELL DISASTER

Lab 5 Explicit Proxy Performance, Load Balancing & Redundancy

HA OVERVIEW. FortiGate FortiOS v3.0 MR5.

Configuring High Availability for Embedded NGX Gateways in SmartCenter

How to Configure BGP Tech Note

FortiGate High Availability Overview Technical Note

FortiMail Filtering Course 221-v2.2 Course Overview

Link-State Routing Protocols

PolyServe Understudy QuickStart Guide

M2M Series Routers. Virtual Router Redundancy Protocol (VRRP) Configuration Whitepaper

Top-Down Network Design

High Availability Solutions & Technology for NetScreen s Security Systems

Availability Digest. Redundant Load Balancing for High Availability July 2013

Balancing and Gateway Failover

Monitoring the Switch

Installing GFI MailSecurity

High Availability. FortiOS Handbook v3 for FortiOS 4.0 MR3

Stateful Network Address Translators (NAT) Xiaohu Xu Dean Cheng IETF75, Stockholm

TIBCO Rendezvous Network Server Glossary

Configuring Symantec AntiVirus for Hitachi High-performance NAS Platform, powered by BlueArc

Digi Certified Transport Technician Training Course (DCTT)

Networking and High Availability

Redundancy and load balancing at L3 in Local Area Networks. Fulvio Risso Politecnico di Torino

HP network adapter teaming: load balancing in ProLiant servers running Microsoft Windows operating systems

Volume GAJSHIELD INFOTECH PVT LTD. Wan Failover & Load Balancing. Administrative Guide

Monitoring Routing. Monitoring OSPF LSAs. Type 1 CHAPTER

Configuring Symantec AntiVirus for NetApp Storage system

Snapt Redundancy Manual

Redundancy and load balancing at L3 in Local Area Networks. Fulvio Risso Politecnico di Torino

High Availability Failover Optimization Tuning HA Timers PAN-OS 6.0.0

Networking and High Availability

Monitoring Microsoft Exchange to Improve Performance and Availability

ExamPDF. Higher Quality,Better service!

Cisco Networking Academy CCNP Multilayer Switching

Redundancy and load balancing at L3 in Local. Fulvio Risso Politecnico di Torino

Virtual PortChannels: Building Networks without Spanning Tree Protocol

HIGH AVAILABILITY FOR BUSINESS- CRITICAL PROCESSES WITH VIPRINET

GLBP - Gateway Load Balancing Protocol

FortiMail Filtering Course 221-v2.0. Course Overview. Course Objectives

Detecting rogue systems

High Availability. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

How To Understand and Configure Your Network for IntraVUE

ELIXIR LOAD BALANCER 2

Networking Topology For Your System

Please enter the Network WAN page and click the Edit icon of WAN1. Figure The WAN setting of Network

Chapter 4. Distance Vector Routing Protocols

Administering and Managing Failover Clustering

High Availability Solutions for the MariaDB and MySQL Database

Remote Desktop Services Overview. Prerequisites. Additional References

Release Notes. SonicOS is the initial release for the Dell SonicWALL NSA 2600 network security appliance.

CCNP Switch Questions/Answers Implementing High Availability and Redundancy

Redundancy and Load-Balancing Framework for Stateful NAT

Clustering. Configuration Guide IPSO 6.2

Load Balancing and Sessions. C. Kopparapu, Load Balancing Servers, Firewalls and Caches. Wiley, 2002.

Disaster Recovery Hosting Provider Selection Criteria

Implementing Storage Concentrator FailOver Clusters

FortiMail Filtering. Course for FortiMail v4.0. Course Overview

Maximum Availability Architecture

Network Agent Quick Start

Configuring RIP. Overview. Routing Update Process CHAPTER

PineApp Daily Traffic Report

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

Networking Systems (10102)

Installing GFI MailSecurity

Active-Active ImageNow Server

I N S T A L L A T I O N M A N U A L

Cisco Wide Area Application Services (WAAS) Software Version 4.0

SCALABILITY AND AVAILABILITY

High Availability Configuration Guide

CCNP SWITCH: Implementing High Availability and Redundancy in a Campus Network

INTEGRATING FIREWALL SERVICES IN THE DATA CENTER NETWORK ARCHITECTURE USING SRX SERIES SERVICES GATEWAY

Module 14: Scalability and High Availability

Configuring Failover

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

- Redundancy and Load Balancing -

Astaro Security Gateway V7 Active/Active-Cluster Licensing Partner FAQ

NOS for Network Support (903)

Mail-SeCure for virtualized environment

FAQ: BroadLink Multi-homing Load Balancers

6.0. Getting Started Guide

vrealize Automation Load Balancing

FortiMail Filtering. Course 221 (for FortiMail v5.0) Course Overview

Availability Digest. MySQL Clusters Go Active/Active. December 2006

AdvOSS Session Border Controller

Quick Start for Network Agent. 5-Step Quick Start. What is Network Agent?

EE627 Lecture 22. Multihoming Route Control Devices

How To Load Balance On A Cisco Cisco Cs3.X With A Csono Css 3.X And Csonos 3.5.X (Cisco Css) On A Powerline With A Powerpack (C

Optimizing Enterprise Network Bandwidth For Security Applications. Improving Performance Using Antaira s Management Features

High Availability. PAN-OS Administrator s Guide. Version 7.0

Apache Tomcat Clustering

Configuring High Availability for VMware vcenter in RMS Distributed Setup

Transcription:

Mail-SeCure Load Balancing White Paper August, 2009

Load balancing essentials OUR INNOVATION YOUR SECURITY When building Mail-SeCure solutions, one of the ways to increase overall availability and performance is to provide redundancy for the SMTP sessions. Most email security solutions cannot provide such redundancy themselves and are dependent on third party solutions in order to achieve load balancing (image 1). Image 1 Load balancing achieved by external device Unlike these solutions, Mail-SeCure features an embedded load balancer. This enables customers to achieve true load balancing capabilities without the need of the external device (image 2). Image 2 Load balancing achieved by internal engine

Mail-SeCure Load Balancing terminology Master - The Mail-SeCure appliance that performs the routing function for the virtual IP at a given time. Only one master is active at a time. Slave Mail-SeCure appliances that are active but not in the Master state. Any number of slaves can exist. Slaves are ready to take on the role of Master if the current Master fails. Virtual IP - An IP address that is not connected to a specific device or network interface card (NIC) on a device. SMTP packets are sent to the VIP address, but all packets travel through real network interfaces. Active Active A status where all participant devices share some of the SMTP traffic load. It is possible to define weight for each device and control the amount of traffic that is distributed to each device. Active - Passive A status where only the Master device handles the traffic while the Slave waits in stand-by to automatically take over the Master role in case of failure. Load Balancing in action In the following example, the load balancing is demonstrated. Figure 3 illustrates a typical load balance configuration (active active): Image 3 Typical load balancing configuration When a Mail-SeCure is configured as a Master, it sends multicast packets advising the rest of the participants in the load balancing that it is the Master for that cluster. This serves two purposes: 1. If a device with a higher priority is started (for example the VIP owner), the new owner can force an election and take on the Master role. 2. The slaves expect this multicast. If an interval elapses without a packet being received, the appliances in the Slave state take action to elect a new Master (since in all likelihood the Master has failed). In our example, we have configured Mail-SeCure Master priority to be 200 and Mail-SeCure s Slave priority to be 50. The Master will manage the Virtual IP and the multicasts.

Mail-SeCure failure When the Master suffers a failure, after a short interval the Slave notices that no multicast packet has been received. It then transitions to the Master state, taking over the handling of the VIP and sends its own multicast packets. The length of time that the Slave waits before making its state transition is called the Master down interval. It is based on the length of time between Master updates (called the advertisement interval ) and a value called skew time which is calculated from the priority value. Router restart When the problem with the Master is resolved, and depending on its configuration, either of two situations occurs: 1. If the Master is configured to start as Master, it forces an election immediately by sending its first advertisement as Master. The Slave receives this advertisement and transitions to backup state. 2. If the Master is configured to start as backup it transitions from initialization to Backup state. Nothing happens until it receives an advertisement from the Slave. The Slave has a lower priority than the Master, so the Master starts an election by commencing its transition to Master state and sending an advertisement. When it receives this advertisement, The Slave transitions to backup state because the Master has higher priority. Topologies Active-Passive A status where only the Master device handles the traffic while the Slave waits in stand-by to automatically take over the Master s role in case of failure. All logs and quarantine are stored on the active Master device at the given time. Advantages: 1. Redundancy if one Mail-SeCure faults, the passive system automatically takes over with no down time. 2. Management is done on the Active unit. If it faults, the management automatically transfers to the passive unit (which turns to active), Including daily reports and Black & White lists. The disadvantage of this topology is that if a system faults, all the quarantine, logs and databases are not available. Also, it is not possible to add scanning abilities by adding additional devices.

Active-Active A status in which all participant devices share some of the SMTP traffic load. It is possible to define weight for each device and control the amount of traffic that is distributed to each device. It is possible to configure more than two devices in such topology. Advantages: 1. Traffic is balanced between two devices, thus the capability to handle more traffic is doubled. 2. Ability to add more devices as the need of the organization grows The disadvantage of this topology is that quarantine database and logs are distributed between all devices. However, this can be solved by the Scanner-Director topology (see Scanner-Director white paper).

Distributing configurations OUR INNOVATION YOUR SECURITY PineApp s solution also offers to manage these clusters from the Master unit. Once changes, such as Black & White lists, rules or general configuration, are made on the Master the changes are distributed to the Slaves. The distribution is done manually.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information