[Dovecot] [ Re: best practises for mail systems]
Hello,
If disk space and bandwidth are affordable (and from your setup it seems that they are affordable as you have everything locally) I would split the mail storage completely and use replication in between n-master servers (n=2 for your case).
The replication is not yet fully tested, but Timo is actively working on this feature.
The fear of lossing the imap session does not make sense (at least to me) as the client will reconnect automatically in the background.
Like this you have no SPOF and no split-brain and you get the flexibility (if needed) to geographically distribute your servers in the the future.
Keep each server with its own ip, connect to them via DNS (round robin etc etc).
We are currently experimenting with a setup similar to this one, but with geographically distributed servers (trans-continental) (bandwidth limited and high cost).
Best regards, Andrei
On 2012-06-05 17:33, Michescu Andrei wrote:
The fear of lossing the imap session does not make sense (at least to me) as the client will reconnect automatically in the background.
I agree, in practice this is not an issue compared to the unavailability of the service, but on longer IMAP sessions (e.g. transferring a big file) the connection loss is noticeable.
This depends on the resolver, operating systems and clients you want to support, because I read that not all networks generate proper ICMP/ICMPv6 Destination Unreachable messages and instead simple drop the packets, so that the clients first try to connect to the failed server until timeout and then connects to the second server. Since IMAP is a stateful protocol the latency of the initial connect to the failed server can be ignored, but if you want to eliminate this, you can use dynamic DNS to automatically remove the corresponding RRs (depending on your situation you need an external monitoring server for this to avoid problems in case of net splits).
I also have some plans for a similar setup in the near future. Can you share your results on the mailing list? I'm especially interested if failover via DNS works in practice (I did some searches, but I'm not fully convinced of it, but it seems quite simple compared to other solutions).
Regards, Matthias-Christian
Hello,
It is noticeable for somebody that really waits for a large email. For the standard user there is nothing visible because the synchronization starts / fails and starts again...
In corporate environment the servers are "close" and the network is generally configured to have proper Destination Unreachable.
For road-warriors, the main concern is the uplink/downlink and generally not the couple of seconds lost due to time-out.
For the DNS... use "fast-flux"-like configuration and any proper resolver will behave correctly (at least in my experience).
For the road-warrior setup: DNS with geoip, and all locations with split-dns (internally HA setup with failover on external locations).
Unfortunately the classical HA setup (with heart-beat monitor, update DNS etc etc) it is not designed to be "internet-proof" (internet like in WAN). The initial design of the internet was to be able to operate even when significant segments are unavailable.
Picture the following scenario: master servers on each continent. Catastrophic failure of the trans-continental network => 5 big disconnected chunks of network fully functional. Any HA setup that I saw will fail miserably. The simplest design with fully replicated masters will continue to work.
Obviously planning for the scenario above is an overkill for most of the companies out there. Once you trow in the advantage of have the emails close to you anywhere where you go, then it starts making sense.
And you can top it up by segmenting you user base to replicate only the users that are on the go, or are important enough.
As for the current status of the ideal implementation: waiting for Timo to finalize the refactoring of dsync.
As a temporary solution: rsync replication with master-slave model (not master-master).
This design makes sense to us, but I'm sure that it is under-optimal for most other uses.
Andrei
On 5.6.2012, at 23.33, Michescu Andrei wrote:
And there is actually some (any!) way this could be avoided?... One server dies, another continues sending the mail?
I have had some thoughts about transferring idling Dovecot connections between processes / servers so that clients wouldn't notice it, but I haven't even thought about moving active (long-running) connections.
Hello Timo,
Here it is to be researched if this is specified in the IMAP standard (if there any RFC that mentions this?), or if we propose a new RFC with such an extension.
Until there is an RFC, even if you implement such a feature, there will be no clients out there that will support it.
A good start, if there is no RFC, is the http protocol, that has implemented the resume option. Like this you could even support parallel download from couple of imap servers that are synchronized, getting from each a small chunk (BitTorrent like with the seeds list being set to only the servers).
Best regards, Andrei
On 2012-06-05 23:43, Timo Sirainen wrote:
Yes, there is. You have to replicate the entire state of the IMAP session (protocol states, buffers, TLS state etc.) and the TCP state of the connection. The state of the IMAP session is (in theory) easily replicable (although you probably have to rely on internals of the TLS implementation; OpenSSL can serialise TLS sessions from/into ASN.1 via i2d_SSL_SESSION, though this is meant to resume session via TLS) and for TCP there is RTCP [1]. RTCP intercepts the TCP session is able to recover the TCP state. It works without any modification of the operating system (at the moment limited to Linux).
If this would be implemented in Dovecot it would really set it apart from other IMAP servers and software that I've seen so far. Being able to transparently handle failover of a TCP connection is unique.
I have had some thoughts about transferring idling Dovecot connections between processes / servers so that clients wouldn't notice it, but I haven't even thought about moving active (long-running) connections.
Load rebalancing would probably be another feature that separates Dovecot from other IMAP servers.
Regards, Matthias-Christian
On 9.6.2012, at 4.55, Matthias-Christian Ott wrote:
Interesting! I thought OpenSSL didn't have a way to [de]serialize the session state. The first time I wanted to do that was 13 years ago. I see there are some google hits for i2d_SSL_SESSION, but do you already know a good web page / example code I could look at?
Thanks for this too.
Yes.
05.06.2012 23:33, Michescu Andrei написал:
Dispute the original topic, I'd say this looks like a good service idea, as many company may pay for such a service if it can be set up specifically for their needs (routing, logs, backups, redirections).
Gmail (and other big guys like them) won't be that fine-tunable (having point to service many customers with the same type of control), and companies sometime just won't deal with such a Big Brother to store their corporate mail due to internal regulations (read - 'corporate paranoia').
But the replication between "points of presence" (5 big datacenters, one per continent, won't be good topology) will be painful and we easily face split-brain situation, whichever replicaton scheme I can imagine.
Yours, Alexander
Hello Alexander,
The split-brain is indeed the biggest problem of common replication schema. But IMAP was designed to work in disconnected mode most of the time and have only quick synchronizations.
So by design IMAP standard works in master-master models.
Getting back to the above picture (catastrophic failure of all the transcontinental links): one synchronizes his laptop in Europe (EU), crosses the ocean to North America (NA) and synchronizes again his laptop. In this moment all the changes on the EU hub up to the point of last synchronization are merged into the NA hub. This is the beauty of IMAP.
The biggest challenge on the the above scenario is the post-catastrophic synchronization which would move huge amounts of data across the links.
Best wishes, Andrei
participants (4)
-
Alexander Chekalin
-
Matthias-Christian Ott
-
Michescu Andrei
-
Timo Sirainen