SMTP Load Balancing and Routing

Hi Don,

 

 

Here are some suggestions for your scenario:

 

 

I have two SMTP mail servers. I need to load balance them for an internal network, so that they may both send SMTP outbound. ... Mail coming from either of the mail servers would be NATted to an address on the external vlan.

 

 

 

For connections originating from the SMTP servers themselves, you could configure a 0.0.0.0:25 or :0 VIP enabled only on their VLAN with SNAT enabled. The SNAT could be a SNAT pool if you want to specify which IP(s) to use for the source address, or automap if you want to use the floating self IP(s) on the external VLAN. If you want to use the routing table for the outbound SMTP connections you could use a forwarding VIP. Else, if you have a pool of gateways you want to send the traffic to, you could add them to a pool and configure that pool as a gateway pool on the VIP.

 

 

I want to configure my F5 with two SMTP mail servers and a virtual server to be used for load-balancing from the internal network

 

 

 

You could configure a VIP enabled only on the internal VLAN pointing to a pool of the two SMTP servers.

 

 

From the external vlan (public internet) incoming SMTP connections would be sent to only one of the mail servers.

 

 

 

You could configure a second VIP enabled only on the external VLAN pointing to a pool of just one SMTP server.

 

 

Aaron

Aaron,

 

 

Thanks for your tips; I have created a similar configuration and it is working well.

 

 

One question did come up. What are the pros/cons of using a "one arm" configuration for the virtual mail server?

 

 

I have it like so:

 

10.1.101.10smtp virtual server

 

with a pool consisting of:

 

10.1.101.11smtp node 1

 

10.1.101.12smtp node 2

 

 

Compare this to:

 

10.1.101.20smtp virtual server

 

with a pool consisting of two members:

 

10.1.202.21smtp node 1

 

10.1.202.22smtp node 2

 

 

If there is a preferred setup, why?

 

 

Thanks,

 

Don

 

 

Hi Don,

 

 

I don't see a major advantage either way from an LTM perspective. If the servers need to see the original client IP address it's nice if you can set their default gateway to LTM. If you have clients on the 10.1.101.0/24 subnet using the VIP, then it would be better to have the servers on a separate VLAN. The removes the requirement to use SNAT and therefore allows you to preserve the original client IP address as the source of the connections from LTM to the servers.

 

 

Aaron

Hi Don,

 

 

SNATs, by definition only allow outbound connections. So a client cannot connect to a SNAT address. Only a host "behind" the SNAT can use the SNAT to initiate traffic. If the SNAT is assigned to the VIP, then only the connections through the VIP use the SNAT.

 

 

I would avoid NATs as they're liable to cause conflicts if they're configured on the same address as other objects (not that you've done this). You can generally get more specific control by using VIPs as VIPs can be port and protocol specific.

 

 

Here are a couple of solutions which describe SNATs and NATs:

 

 

SOL108: NAT and SNAT

 

https://support.f5.com/kb/en-us/solutions/public/0000/100/sol108.html

 

 

SOL7820: Overview of SNAT features

 

https://support.f5.com/kb/en-us/solutions/public/7000/800/sol7820.html

 

 

Aaron

Great!

 

 

Thanks,

 

dj

Great!

 

 

Thanks,

 

dj

Hello,

 

We want to configure F5 to load balance SMTP traffic. We want internet emails to arrive on F5 and then it should load balance the traffic to the Hub Transport servers on the backend.

 

We have more than 200 SMTP domains.

 

(Note:

 

1: This is to load balance SMTP and provide SMTP redundancy. No Edge transport servers are being used

 

2: F5 version is 11.0.0 & Exchange 2010)

 

 

Please suggest, How will we operate this many SMTP domains?

 

 

Many Thanks..!

 

-Mayur

Please suggest, How will we operate this many SMTP domains? what is the problem??