Forum Discussion
NimbostratusMail flow routing with BigIP 2000 load balancers
Hi,
I am in the process of setting up 2 F5 BigIP 2000 load balancers for our exchange environment.
These will be sitting in our LAN only and have no external connectivity.
We are aiming to just LB the exchange servers we have internally for our users. We do not use external OWA or any other type of external access to the Exchange environment.
What I am trying to work out is the mail flow for emails coming in and out of the organisation.
We have 2 CAS servers and 2 MBX servers. In testing I have no problems with setting up the F5's to load balance these servers for SMTP and MAPI for Relay and Outlook respectively.
However what I can't test is the mail flow from coming outside and sending to external addresses as I do not have this connectivity in my LAB.
On our live environment we have 2 third party spam appliances that currently the CAS server relay to as smarthosts.
So current mail flow to an external address is Outlook to CAS server - CAS server to SPAM appliance - SPAM appliance to Internet.
Incoming email is Internet to SPAM appliance - SPAM appliance to CAS Server - CAS Server to Outlook.
Where will the F5's fit into this scenario?
Do I point the SPAM appliances to the F5's or leave them as is to the CAS servers direct? What about outgoing? Do I point the F5's somehow to the SPAM Appliances for outgoing email?
Sorry for the long post but am new to load balancing and want to make sure I don't cause any mail flow issues when I implement the F5's.
Rob
Hi Rob, we have an SMTP iApp template that's currently a release candidate, but is scheduled to become officially supported in an upcoming release: https://devcentral.f5.com/codeshare/smtp-iapp-template-early-release. The deployment guide is here: https://www.f5.com/pdf/deployment-guides/f5-smtp-dg.pdf
Although I haven't tested it with the outbound scenario, I think you should be able to use it to load balance SMTP traffic both directions, as long as both your CAS and SPAM appliance are configured to send mail to the respective virtual server addresses and accept mail from the self IP addresses of your BIG-IPs.
2 Replies
Hi Rob, we have an SMTP iApp template that's currently a release candidate, but is scheduled to become officially supported in an upcoming release: https://devcentral.f5.com/codeshare/smtp-iapp-template-early-release. The deployment guide is here: https://www.f5.com/pdf/deployment-guides/f5-smtp-dg.pdf
Although I haven't tested it with the outbound scenario, I think you should be able to use it to load balance SMTP traffic both directions, as long as both your CAS and SPAM appliance are configured to send mail to the respective virtual server addresses and accept mail from the self IP addresses of your BIG-IPs.
RobL216_235020Many thanks for the reply Mike.
I am actually testing the SMTP iApp template in my LAB and this seems to be working fine.
Unfortunately I don't have access to a SPAM filter in the LAB hence my question.
What you state above seems perfectly logical so I will give this a try once I have the F5's in the live environment.
I can always just point the CAS servers back to the SPAM filters direct if needed.
Cheers,
Rob
