In the configuration of the internal and external email server, a virtual cluster IP address is no longer indicated for sending emails but a host name, e.g. "securemail.mycompany.tld" which is addressed for incoming and outgoing emails. In the DNS, it is possible to specify several IP addresses for each hostname. This allows a simple distribution of the workload.
For example, if the internal email server now queries the host name (securemail.mycompany.tld) of theSEPPmail Secure E-Mail Gateway cluster for sending emails at the DNS server, all IP addresses allocated to this host name, i.e. 10.10.0.1 and 10.10.0.2, will be returned, but in a different order in each individual case. The internal email server will normally use the first IP address provided by the DNS server to send the email.
Using virtual IP addresses in this structure ensures failure safety, since, in this case, the remaining machine will operate both (virtual) IP addresses if one machine fails. "Figure 3" is a logic representation of the scenario.
In detail
Each SEPPmail Secure E-Mail Gateway has its own physical IP address, through which only this system can be accessed. This address is typically used to configure the appliance individually and to synchronise appliances (blue arrows "Figure 4"). In "Figure 4", these are the IP addresses 10.10.0.9 and 10.10.0.10.
Additionally, two virtual IP addresses are set up in order to logically group the two SEPPmail Secure E-Mail Gateways in one group. In "Figure 4" these virtual IP addresses (groups) are displayed in different colours.
Instead of virtual IP addresses, the internal and external email servers address a hostname for sending incoming and outgoing emails to the SEPPmail Secure E-Mail Gateway cluster system (SEPPmail.mycompany.tld). If a request for this hostname is made to the DNS server, the hostname is resolved for all established IP addresses.
In the example, the resolved IP addresses correspond to the virtual cluster IP addresses as shown in "Figure 4".
The Primary and Secondary roles are configured for the processing of these virtual IP addresses on the two systems in the opposite direction (keyword: failure safety).
The virtual IP address 10.10.0.1 (green) and the virtual IP address 10.10.0.2 (orange) are assigned to the hostname (SEPPmail.mycompany.tld).
If this host name is queried at the DNS server, every initial query will return
securemail.mycompany.tld 1800 IN A 10.10.0.1
securemail.mycompany.tld 1800 IN A 10.10.0.2
. With every second request, the DNS server will return the assigned IP addresses in reverse order
securemail.mycompany.tld 1800 IN A 10.10.0.2
securemail.mycompany.tld 1800 IN A 10.10.0.1
. Since the inquiring system usually uses the IP address which was delivered first, there is thus a numerical distribution of the queries (distribution of the load).
Summary
When sending incoming and outgoing emails through the SEPPmail Secure E-Mail Gateway cluster, a hostname is indicated in the corresponding email server instead of a virtual cluster IP address. This hostname is then resolved into the corresponding IP addresses at runtime. This allows the internal and external email server to selectively send incoming and outgoing emails to one of these resolved IP addresses. By using virtual cluster IP addresses, the cluster member systems react according to priority, which ensures failure safety.
The round robin DNS function allows load distribution to be implemented for incoming and outgoing email data flow.
Source: Wikipedia, http://de.wikipedia.org/wiki/Lastverteilung_per_DNS
The setup of the virtual IP addresses and the assignment of priorities of the respective cluster member system is to be realised in System Advanced view IP ALIAS addresses.
Figure 4 - Schematic representation of the load distribution using the round robin DNS method for incoming and outgoing emails
