Simple method to load balance TCP traffic (SMTP in this case)
Open-source solution (CentOS VM running haproxy) – stats can easily be viewed through the load balancer web portal.
Needed a simple solution to load balance inbound SMTP across my evaluation Spam Titan nodes (looking for a more efficient and secure email filtering system than currently in use).
- Two cluster nodes running as VMs
- Outbound Port 25 load balanced by the mail servers through the cluster
- Inbound only going through one node (firewall limitation on Port 25 forwarding)
haproxy on Linux (CentOS) – some incarnations of Linux include it already.
Simplified mail flow diagram
Already had a host I could run it on as a VM and as all open-source, essentially completely free.
- Built new Centos 6.6 VM on Hyper-V (built a few 6.6 and 7 recently, took 15 minutes)
- Logged in as root, installed epel-release and haproxy (yum install epel-release haproxy -y)
- Modified haproxy.cfg as below, modified iptables to permit TCP ports 25 and 8080
- Pointed inbound smtp to the IP of the load balancer
Works an absolute treat..! Not going to be a permanent solution as once confirmed it performs as required we’ll be going for the private cloud solution, not on-site.
Open a few Telnet sessions to the Load Balancer IP on Port 25 – each attempt should actually connect to the cluster nodes alternately
You can monitor the load balancer though its web interface as configured in haproxy.cfg
haproxy.cfg – /etc/haproxy/haproxy.cfg
Copy and paste the below over your haproxy.cfg – changing the IP addresses to your own.
I believe you can have up to 4 servers as back-end (only two here – my spamtitan nodes).
# Example configuration for a SMTP Load Balancing
# Global settings
# to have messages logged in /var/log/haproxy.log :
# 1) configure syslog to accept network events by adding ‘-r’ to SYSLOGD_OPTIONS:
# 2) configure local2 events to go to the /var/log/haproxy.log:
# local2.* /var/log/haproxy.log
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
# turn on stats unix socket
stats socket /var/lib/haproxy/stats
# common defaults for ‘listen’ and ‘backend’ sections if not designated in their block
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
# Bind to IP for stats browsing
listen stats load_balancer_IP:8080
stats realm HAProxy\ Statistics
stats auth admin:yourpasswordhere
stats uri /haproxy_stats
# Bind port to IP for listening
listen smtp load_balancer_IP:25
server smtp smtp_server_1_IP check
server smtp1 smtp_server_2_IP check