[prev in list] [next in list] [prev in thread] [next in thread] 

List:       info-cyrus
Subject:    Re: [POLL] virtual domains and Murder
From:       Michael Fair <michael () daclubhouse ! net>
Date:       2002-07-24 20:57:44
[Download RAW message or body]


Well we certainly don't want an explosion of IP
addresses wher each machine participating needs
to have one IP per domain.

The first step is clarify what it would mean to
someone to have IP based virtdomains in a Murder.

If someone is using multiple IP based virtdomains
then they are expecting the end users to contact
that IP and no other to connect to the mailstore.

This implies that only one frontend will be capable
of handling mail for that domain.  (This setup is 
exactly like you said perdition+cyrus.)

...

After spending about 5 minutes trying to think of 
scenario (auto fail over, ip sharing clustre, etc)
that perdition+cyrus wouldn't suffice and couldn't
come up with one.

The only two meaningful straightforward manners to
handle this that I can think of are:
A) require user@dom.ain
B) Dedicate front end(s) to serve specific domains

I think B would be useful in that SSL certs could
be done properly (at the expense of each front end
having 1 IP per domain it served).

Perdition would only be sufficient if it could
1) offer the client a cert not retrieved from cyrus
and
2) append a domain based on the IP according to the
   algorithm Cyrus uses.


I'm far from a Murder expert, having only read the
docs and some of the protocol, but I can see no
way to make it so an end user can contact any front
end and not supply the domain info, or so that any
front end could honor the IP based domain.

Either the end user supplies the domain,
or domain logins are restricted to the set
of front ends for which reverse lookups have
been specified.


While it is a bit wasteful, if there is a 
significantly large client that could benefit
from multiple front end servers I see no 
reason why a domain must be restricted to
only 1 IP.  If there were three front end
servers, then each server could have its
own IP dedicated to that domain and reverse
lookups be set appropriately.  DNS could
even be setup in a round-robin to feed any
of the three IPs as long as people from that
domain only accessed the Murder through those
three specific front ends.

The front ends would take care of qualifying
the domain for the backend servers or accessing
the default domain.

It is expected there be only one default domain
per murder.

The advantage to this setup over setting up
multiple smaller murders is that the mail
store can be treated as a single unit in terms
of resource planning and moving mailboxes around
should the need for that arise.


In my scenario it is not expected that users
be redirected to another server but are always
proxied (unless the redirect can redirect them
not only to another machine, but also to another
account as well (the domain qulified account)
in which case the front end is just a pit stop
to get qualified before moving on).

-- Michael --

----- Original Message ----- 
From: "Ken Murchison" <ken@oceana.com>
To: "Cyrus Mailing List" <info-cyrus@andrew.cmu.edu>
Sent: Wednesday, July 24, 2002 12:38 PM
Subject: [POLL] virtual domains and Murder


> I started thinking about Murder and virtual domains.  Since Murder was
> designed to support a single unified mailbox namespace, does it make
> sense to use Murder for virtdomains?
> 
> If an admin needs more than one box to support the his/her domains, why
> not just use one server (or Murder) per domain?  Or are people intending
> to have separate backends for each domain, and the frontend(s) simply
> proxy/redirect the user to the correct backend?
> 
> The reason that I ask is that it will get quite messy if both the
> frontends and backends try to get the domain from the IP.  I can
> envision two different configs for virtdomains and Murder:
> 
> user@domain userids:  traditional Murder, where both frontends and
> backends know how to handle the virtdomains
> 
> ip-from-domain: each backend/Murder handles only one domain.  the
> frontends simply proxy/redirect the clients to the correct backend by IP
> 
> I can do the former, and I think the latter already exists (Perdition +
> Cyrus)
> 
> I'm interested in hearing what the virtdomain people are thinking.
> 
> Ken
> -- 
> Kenneth Murchison     Oceana Matrix Ltd.
> Software Engineer     21 Princeton Place
> 716-662-8973 x26      Orchard Park, NY 14127
> --PGP Public Key--    http://www.oceana.com/~ken/ksm.pgp
> 

[prev in list] [next in list] [prev in thread] [next in thread]