Mailscanner filter server to my Mail store " I just canna do it c aptain! "

Thu Aug 28 07:58:45 IST 2003

On Wed, 27 Aug 2003 14:25:00 -0500, you wrote:

>Disadvantages of DNS based load balancing:
>In many cases spammers target a particular ip address.

But not every spammer uses the same IP-address.

>Spammer A may connect and send 10,000 spam messages to mx1, while Spammer B
>connects to mx2 and sends only 500, then Spammer C connects to mx1 and sends
>10,000 messages, while Spammer D connects to mx2 and sends only 500, etc.

But it could also be:
A:      10.000 MX1
B:      100.000 MX2
C:      200.000 MX1

>Spammer A uses caching DNS, Spammer B does not

Exchange servers have the same problem. Whereas an exchange server will
keep on trying one IP-address even it that one is down.

>I tried it using 3 different servers. One server would always get hammered
>and the other two only received a minimal load.

I have 2 servers and they are equally loaded (not identical machine so
one has a higher CPU load). Both are having the same queue size (within
some percentage). When Sobig started we could see the queue grow on both
machine in the same manner. Only when one machine is loading off a high
volume of e-mail, we see one growing faster then the other.

>Advantages of hardware based load balancing:
>Hardware load balancing devices can keep track of how much traffic is going
>to each server and dynamically balance the traffic, DNS load balancing
>cannot.

In this case the traffic is not important. It is the load on the
machine. We have two different machines and at this moment even the
smaller one copes with the flow.

>Hardware load balancing can detect server outages and dynamically balance
>the traffic across the remaining servers, DNS load balancing typically
>cannot.

This is an advantage.

>Hardware load balancing can allow you to increase or decrease the number of
>servers in the "server farm" on the fly and adjust the traffic dynamically.

OK, DNS load balancing takes $TTL seconds to change.

>Harware load balancing can allow you to use weighting systems so that you
>can have some really fast servers that handle more of the load and some
>slower servers that only handle a smaller portion of the load.

This is (in a crude way) also possible with DNS load balancing.

>The only drawback I can see from hardware load balancing would be if your
>mail servers are in different locations - ie a spooling server on a
>redundant network segment. I know that some load balancing systems require
>the devices to be on the same network segment. In that case, if your mail is
>so critical that it requires off-site spooling servers, I would configure
>load balanced servers at each location.

There are load balancing servers that can cope with off-site locations
of servers. If not traffic is the problem but the load of the server
this could be a solution.

There is another drawback. You install two mailservers for redundancy.
And then you put a single point of failure in front of those.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente,  Postbus 217,  7500 AE  Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/civ