SlideShare una empresa de Scribd logo
1 de 16
Descargar para leer sin conexión
Self-Created Load Balancer
on AWS
Shinya Matsuura
Dep of Service Engeneering
What SEG is Doing?
Mail Filtering
(Mo)
Mail Archiving
(Nobita)
Anti-Spam
Anti-Virus(Mi)
Online Storage
(kumamsushi)
Access Conrroll
(shobosso)
Mail System Framework
Mail Filtering
Mail Archiving
Anti-Spam
Anti-Virus
Gateway
Server
Gateway
Server
Inbound Zone Outbound ZoneArchive Zone
Why We Need Load Balancer?
Gateway
Server
Limitation of
Instance Type
numerous
ammounts of mails
beyond expectation
Problem of
I/O
Extended Gateway Server
Gateway
Server
Gateway
Server
Gateway
Server
Gateway
Server
Load Balancer
・・・
Technology in Use
1) Linux Vritual Server (LVS)
+ keepalived
2) SNAT in iptables
1) LVS + keepalived
- Install ipvsadm
- Enable packet forwarding between interfaces
# /etc/sysctl.conf
===
net.ipv4.ip_forward = 1
===
# /sbin/sysctl -p
1) LVS + keepalived
- Install keepalived and configure keepalive.conf
# /etc/keepalived/keepalived.conf
===
! Configuration File for keepalived
global_defs {
router_id lbx.oz.hdemail.jp
}
virtual_server 10.x.x.x 25 {
delay_loop 30
lb_algo lc
lb_kind NAT
protocol TCP
real_server 10.x.x.x 25 {
weight 1
inhibit_on_failure
SMTP_CHECK {
connect_port 25
connect_timeout 10
retry 2
delay_before_retry 5
helo_name lbx.oz.hdemail.jp
}
}
Global Deifinition
Child Server
Virtual Server(LB)
1) LVS + keepalived
- Command
・Join a child server
$ ipvsadm -a -t [LB IP]:25 -r [Child Server IP]:25 -m
・Drop a child server
$ ipvsadm -d -t [LB IP]:25 -r [LB IP]:25 -m
・Confirm child servers
$ ipvsadm -Ln
===
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn
InActConn
TCP 10.x.x.x:25 lc
-> 10.x.x.x:25 Masq 1 59 17
-> 10.x.x.x:25 Masq 1 55 3
2) SNAT in iptables
- Problem
When we use EC2 instance for Load Balancer
we cannot create a SMTP connection,
since SMTP trafic returns towerd
EC2 default gateway not toword Load Balancer.
2) SNAT in iptables
# iptables -t nat -A POSTROUTING -m ipvs --vaddr 10.X.X.X --
vport 25 -j SNAT --to-source 10.X.X.X
- Solution
We use an SNAT function in iptables to overwrite a sender IP
address. For example, a sender IP address of packet which is sent
to Port 25 in Load Balancer can be overritten by the local IP
address of LB.
Tools
・Fabric task to join/drop child server and update keepalived
 $ fab join_ozmax_gw:10.x.x.x
 $ fab drop_ozmax_gw:10.x.x.x
 $ fab update_ozmax_lb_healthcheck
・Scrpt to automatically generate keepalived.conf in accordance
with MX records
・Script to update iptables when LB instance starts
・Script to observe number of connections, network bandwidth
etc.
What we needed
Results
・We can increase a child server as much as
and whenever we want !
・We can observe how Google Apps
changes their way to send mails !
・We can also use a Self-Created LB as an
internl LB in EC2!
A Note of Causion
There is a limitation of network bandwidth
dependent on instance type.
m1.small -> m1.medium -> c3.xlarge
Extended Gateway Server Now
Gateway
Server
Gateway
Server
Gateway
Server
Gateway
Server
Load Balancer
× n
FIN

Más contenido relacionado

La actualidad más candente

Introducing Exactly Once Semantics To Apache Kafka
Introducing Exactly Once Semantics To Apache KafkaIntroducing Exactly Once Semantics To Apache Kafka
Introducing Exactly Once Semantics To Apache KafkaApurva Mehta
 
Journey to Microservice architecture via Amazon Lambda
Journey to Microservice architecture via Amazon LambdaJourney to Microservice architecture via Amazon Lambda
Journey to Microservice architecture via Amazon LambdaAxilis
 
How to tune Kafka® for production
How to tune Kafka® for productionHow to tune Kafka® for production
How to tune Kafka® for productionconfluent
 
(WEB401) Optimizing Your Web Server on AWS | AWS re:Invent 2014
(WEB401) Optimizing Your Web Server on AWS | AWS re:Invent 2014(WEB401) Optimizing Your Web Server on AWS | AWS re:Invent 2014
(WEB401) Optimizing Your Web Server on AWS | AWS re:Invent 2014Amazon Web Services
 
Rust with-kafka-07-02-2019
Rust with-kafka-07-02-2019Rust with-kafka-07-02-2019
Rust with-kafka-07-02-2019Gerard Klijs
 
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013Puppet
 
Ceph QoS: How to support QoS in distributed storage system - Taewoong Kim
Ceph QoS: How to support QoS in distributed storage system - Taewoong KimCeph QoS: How to support QoS in distributed storage system - Taewoong Kim
Ceph QoS: How to support QoS in distributed storage system - Taewoong KimCeph Community
 
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Docker Container automatisiert nach AWS deployen  - Continuous Lifecycle 2016Docker Container automatisiert nach AWS deployen  - Continuous Lifecycle 2016
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016Philipp Garbe
 
Rust kafka-5-2019-unskip
Rust kafka-5-2019-unskipRust kafka-5-2019-unskip
Rust kafka-5-2019-unskipGerard Klijs
 
How the OOM Killer Deleted My Namespace
How the OOM Killer Deleted My NamespaceHow the OOM Killer Deleted My Namespace
How the OOM Killer Deleted My NamespaceLaurent Bernaille
 
Peter Zaitsev "18 ways to fix MySQL bottlenecks"
Peter Zaitsev "18 ways to fix MySQL bottlenecks"Peter Zaitsev "18 ways to fix MySQL bottlenecks"
Peter Zaitsev "18 ways to fix MySQL bottlenecks"Fwdays
 
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeAcademy
 
Solving some of the scalability problems at booking.com
Solving some of the scalability problems at booking.comSolving some of the scalability problems at booking.com
Solving some of the scalability problems at booking.comIvan Kruglov
 
Cloud Foundry on OpenStack - An Experience Report | anynines
Cloud Foundry on OpenStack - An Experience Report | anynines Cloud Foundry on OpenStack - An Experience Report | anynines
Cloud Foundry on OpenStack - An Experience Report | anynines anynines GmbH
 
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex Lau
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex LauDoing QoS Before Ceph Cluster QoS is available - David Byte, Alex Lau
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex LauCeph Community
 
Monitoring on Kubernetes using prometheus
Monitoring on Kubernetes using prometheusMonitoring on Kubernetes using prometheus
Monitoring on Kubernetes using prometheusChandresh Pancholi
 
Monitoring of OpenNebula installations
Monitoring of OpenNebula installationsMonitoring of OpenNebula installations
Monitoring of OpenNebula installationsNETWAYS
 
Pulsarctl & Pulsar Manager
Pulsarctl & Pulsar ManagerPulsarctl & Pulsar Manager
Pulsarctl & Pulsar ManagerStreamNative
 
Deploying Kubernetes on GCP with Kubespray
Deploying Kubernetes on GCP with KubesprayDeploying Kubernetes on GCP with Kubespray
Deploying Kubernetes on GCP with KubesprayAltoros
 
Comparing processing frameworks v7
Comparing processing frameworks v7Comparing processing frameworks v7
Comparing processing frameworks v7Gabriela Choy
 

La actualidad más candente (20)

Introducing Exactly Once Semantics To Apache Kafka
Introducing Exactly Once Semantics To Apache KafkaIntroducing Exactly Once Semantics To Apache Kafka
Introducing Exactly Once Semantics To Apache Kafka
 
Journey to Microservice architecture via Amazon Lambda
Journey to Microservice architecture via Amazon LambdaJourney to Microservice architecture via Amazon Lambda
Journey to Microservice architecture via Amazon Lambda
 
How to tune Kafka® for production
How to tune Kafka® for productionHow to tune Kafka® for production
How to tune Kafka® for production
 
(WEB401) Optimizing Your Web Server on AWS | AWS re:Invent 2014
(WEB401) Optimizing Your Web Server on AWS | AWS re:Invent 2014(WEB401) Optimizing Your Web Server on AWS | AWS re:Invent 2014
(WEB401) Optimizing Your Web Server on AWS | AWS re:Invent 2014
 
Rust with-kafka-07-02-2019
Rust with-kafka-07-02-2019Rust with-kafka-07-02-2019
Rust with-kafka-07-02-2019
 
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
Running at Scale: Practical Performance Tuning with Puppet - PuppetConf 2013
 
Ceph QoS: How to support QoS in distributed storage system - Taewoong Kim
Ceph QoS: How to support QoS in distributed storage system - Taewoong KimCeph QoS: How to support QoS in distributed storage system - Taewoong Kim
Ceph QoS: How to support QoS in distributed storage system - Taewoong Kim
 
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
Docker Container automatisiert nach AWS deployen  - Continuous Lifecycle 2016Docker Container automatisiert nach AWS deployen  - Continuous Lifecycle 2016
Docker Container automatisiert nach AWS deployen - Continuous Lifecycle 2016
 
Rust kafka-5-2019-unskip
Rust kafka-5-2019-unskipRust kafka-5-2019-unskip
Rust kafka-5-2019-unskip
 
How the OOM Killer Deleted My Namespace
How the OOM Killer Deleted My NamespaceHow the OOM Killer Deleted My Namespace
How the OOM Killer Deleted My Namespace
 
Peter Zaitsev "18 ways to fix MySQL bottlenecks"
Peter Zaitsev "18 ways to fix MySQL bottlenecks"Peter Zaitsev "18 ways to fix MySQL bottlenecks"
Peter Zaitsev "18 ways to fix MySQL bottlenecks"
 
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipelineKubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
KubeCon EU 2016: Leveraging ephemeral namespaces in a CI/CD pipeline
 
Solving some of the scalability problems at booking.com
Solving some of the scalability problems at booking.comSolving some of the scalability problems at booking.com
Solving some of the scalability problems at booking.com
 
Cloud Foundry on OpenStack - An Experience Report | anynines
Cloud Foundry on OpenStack - An Experience Report | anynines Cloud Foundry on OpenStack - An Experience Report | anynines
Cloud Foundry on OpenStack - An Experience Report | anynines
 
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex Lau
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex LauDoing QoS Before Ceph Cluster QoS is available - David Byte, Alex Lau
Doing QoS Before Ceph Cluster QoS is available - David Byte, Alex Lau
 
Monitoring on Kubernetes using prometheus
Monitoring on Kubernetes using prometheusMonitoring on Kubernetes using prometheus
Monitoring on Kubernetes using prometheus
 
Monitoring of OpenNebula installations
Monitoring of OpenNebula installationsMonitoring of OpenNebula installations
Monitoring of OpenNebula installations
 
Pulsarctl & Pulsar Manager
Pulsarctl & Pulsar ManagerPulsarctl & Pulsar Manager
Pulsarctl & Pulsar Manager
 
Deploying Kubernetes on GCP with Kubespray
Deploying Kubernetes on GCP with KubesprayDeploying Kubernetes on GCP with Kubespray
Deploying Kubernetes on GCP with Kubespray
 
Comparing processing frameworks v7
Comparing processing frameworks v7Comparing processing frameworks v7
Comparing processing frameworks v7
 

Destacado

First impressions of Go
First impressions of GoFirst impressions of Go
First impressions of GoYusaku OGAWA
 
Studying Abroad in Cebu
Studying Abroad in CebuStudying Abroad in Cebu
Studying Abroad in Cebuetgjsv
 
Implementation of gui framework part1
Implementation of gui framework part1Implementation of gui framework part1
Implementation of gui framework part1masahiroookubo
 
Implementation of gui framework part2
Implementation of gui framework part2Implementation of gui framework part2
Implementation of gui framework part2masahiroookubo
 
Jun.27 fukutomi
Jun.27 fukutomiJun.27 fukutomi
Jun.27 fukutomiiyo16
 
Ui testing with splinter - Fri, 30 May 2014
Ui testing with splinter - Fri, 30 May 2014Ui testing with splinter - Fri, 30 May 2014
Ui testing with splinter - Fri, 30 May 2014Taizo Ito
 
A brief introduction to CentOS 7
A brief introduction to CentOS 7A brief introduction to CentOS 7
A brief introduction to CentOS 7Taizo Ito
 
Implementation of GUI Framework part3
Implementation of GUI Framework part3Implementation of GUI Framework part3
Implementation of GUI Framework part3masahiroookubo
 
Hello pivotal tracker
Hello pivotal trackerHello pivotal tracker
Hello pivotal trackersharu1204
 
Introducing chrome apps (ogura)
Introducing chrome apps (ogura)Introducing chrome apps (ogura)
Introducing chrome apps (ogura)Kazuhiro Ogura
 
Introduction to bioinformatics
Introduction to bioinformaticsIntroduction to bioinformatics
Introduction to bioinformaticsphilmaweb
 
Do not rm_log_files
Do not rm_log_filesDo not rm_log_files
Do not rm_log_filesMasato Bito
 
Implement server push in flask framework
Implement server push in flask frameworkImplement server push in flask framework
Implement server push in flask frameworkChi-Chia Huang
 
Introduction to systemd
Introduction to systemdIntroduction to systemd
Introduction to systemdYusaku OGAWA
 

Destacado (20)

I18n of java script
I18n of java scriptI18n of java script
I18n of java script
 
Authentication
AuthenticationAuthentication
Authentication
 
First impressions of Go
First impressions of GoFirst impressions of Go
First impressions of Go
 
DockerCon 14
DockerCon 14DockerCon 14
DockerCon 14
 
Studying Abroad in Cebu
Studying Abroad in CebuStudying Abroad in Cebu
Studying Abroad in Cebu
 
The language barrier.
The language barrier.The language barrier.
The language barrier.
 
Implementation of gui framework part1
Implementation of gui framework part1Implementation of gui framework part1
Implementation of gui framework part1
 
Implementation of gui framework part2
Implementation of gui framework part2Implementation of gui framework part2
Implementation of gui framework part2
 
Jun.27 fukutomi
Jun.27 fukutomiJun.27 fukutomi
Jun.27 fukutomi
 
Ui testing with splinter - Fri, 30 May 2014
Ui testing with splinter - Fri, 30 May 2014Ui testing with splinter - Fri, 30 May 2014
Ui testing with splinter - Fri, 30 May 2014
 
A brief introduction to CentOS 7
A brief introduction to CentOS 7A brief introduction to CentOS 7
A brief introduction to CentOS 7
 
How to study english
How to study englishHow to study english
How to study english
 
Overview pcidss
Overview pcidssOverview pcidss
Overview pcidss
 
Implementation of GUI Framework part3
Implementation of GUI Framework part3Implementation of GUI Framework part3
Implementation of GUI Framework part3
 
Hello pivotal tracker
Hello pivotal trackerHello pivotal tracker
Hello pivotal tracker
 
Introducing chrome apps (ogura)
Introducing chrome apps (ogura)Introducing chrome apps (ogura)
Introducing chrome apps (ogura)
 
Introduction to bioinformatics
Introduction to bioinformaticsIntroduction to bioinformatics
Introduction to bioinformatics
 
Do not rm_log_files
Do not rm_log_filesDo not rm_log_files
Do not rm_log_files
 
Implement server push in flask framework
Implement server push in flask frameworkImplement server push in flask framework
Implement server push in flask framework
 
Introduction to systemd
Introduction to systemdIntroduction to systemd
Introduction to systemd
 

Similar a Self Created Load Balancer for MTA on AWS

Fighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 SasagFighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 Sasaggarrett honeycutt
 
ByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedredhat9
 
IPVS for Docker Containers
IPVS for Docker ContainersIPVS for Docker Containers
IPVS for Docker ContainersBob Sokol
 
[En] IPVS for Docker Containers
[En] IPVS for Docker Containers[En] IPVS for Docker Containers
[En] IPVS for Docker ContainersAndrey Sibirev
 
Anton Moldovan "Building an efficient replication system for thousands of ter...
Anton Moldovan "Building an efficient replication system for thousands of ter...Anton Moldovan "Building an efficient replication system for thousands of ter...
Anton Moldovan "Building an efficient replication system for thousands of ter...Fwdays
 
NoSQL afternoon in Japan Kumofs & MessagePack
NoSQL afternoon in Japan Kumofs & MessagePackNoSQL afternoon in Japan Kumofs & MessagePack
NoSQL afternoon in Japan Kumofs & MessagePackSadayuki Furuhashi
 
NoSQL afternoon in Japan kumofs & MessagePack
NoSQL afternoon in Japan kumofs & MessagePackNoSQL afternoon in Japan kumofs & MessagePack
NoSQL afternoon in Japan kumofs & MessagePackSadayuki Furuhashi
 
How To Set Up SQL Load Balancing with HAProxy - Slides
How To Set Up SQL Load Balancing with HAProxy - SlidesHow To Set Up SQL Load Balancing with HAProxy - Slides
How To Set Up SQL Load Balancing with HAProxy - SlidesSeveralnines
 
Kamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesKamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesPaolo Visintin
 
Load Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesLoad Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesSeveralnines
 
Deploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkDeploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkJulien SIMON
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practiceDocker, Inc.
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantShixiong Shang
 
Apache Kafka
Apache KafkaApache Kafka
Apache KafkaJoe Stein
 
Blue host openstacksummit_2013
Blue host openstacksummit_2013Blue host openstacksummit_2013
Blue host openstacksummit_2013Jun Park
 
Blue host using openstack in a traditional hosting environment
Blue host using openstack in a traditional hosting environmentBlue host using openstack in a traditional hosting environment
Blue host using openstack in a traditional hosting environmentOpenStack Foundation
 
Infrastructural challenges of a fast-pace startup
Infrastructural challenges of a fast-pace startupInfrastructural challenges of a fast-pace startup
Infrastructural challenges of a fast-pace startupDevOps Braga
 
Advanced Container Management and Scheduling
Advanced Container Management and SchedulingAdvanced Container Management and Scheduling
Advanced Container Management and SchedulingAmazon Web Services
 
AWS Lambda from the trenches
AWS Lambda from the trenchesAWS Lambda from the trenches
AWS Lambda from the trenchesYan Cui
 

Similar a Self Created Load Balancer for MTA on AWS (20)

Fighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 SasagFighting Spam With A Perimeter Mail System 20071108 Sasag
Fighting Spam With A Perimeter Mail System 20071108 Sasag
 
ByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalivedByPat博客出品Lvs+keepalived
ByPat博客出品Lvs+keepalived
 
IPVS for Docker Containers
IPVS for Docker ContainersIPVS for Docker Containers
IPVS for Docker Containers
 
[En] IPVS for Docker Containers
[En] IPVS for Docker Containers[En] IPVS for Docker Containers
[En] IPVS for Docker Containers
 
Anton Moldovan "Building an efficient replication system for thousands of ter...
Anton Moldovan "Building an efficient replication system for thousands of ter...Anton Moldovan "Building an efficient replication system for thousands of ter...
Anton Moldovan "Building an efficient replication system for thousands of ter...
 
NoSQL afternoon in Japan Kumofs & MessagePack
NoSQL afternoon in Japan Kumofs & MessagePackNoSQL afternoon in Japan Kumofs & MessagePack
NoSQL afternoon in Japan Kumofs & MessagePack
 
NoSQL afternoon in Japan kumofs & MessagePack
NoSQL afternoon in Japan kumofs & MessagePackNoSQL afternoon in Japan kumofs & MessagePack
NoSQL afternoon in Japan kumofs & MessagePack
 
How To Set Up SQL Load Balancing with HAProxy - Slides
How To Set Up SQL Load Balancing with HAProxy - SlidesHow To Set Up SQL Load Balancing with HAProxy - Slides
How To Set Up SQL Load Balancing with HAProxy - Slides
 
Kamailio with Docker and Kubernetes
Kamailio with Docker and KubernetesKamailio with Docker and Kubernetes
Kamailio with Docker and Kubernetes
 
Load Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - SlidesLoad Balancing MySQL with HAProxy - Slides
Load Balancing MySQL with HAProxy - Slides
 
Deploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalkDeploying your web application with AWS ElasticBeanstalk
Deploying your web application with AWS ElasticBeanstalk
 
Container orchestration from theory to practice
Container orchestration from theory to practiceContainer orchestration from theory to practice
Container orchestration from theory to practice
 
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud TenantImplementing an IPv6 Enabled Environment for a Public Cloud Tenant
Implementing an IPv6 Enabled Environment for a Public Cloud Tenant
 
Apache Kafka
Apache KafkaApache Kafka
Apache Kafka
 
Blue host openstacksummit_2013
Blue host openstacksummit_2013Blue host openstacksummit_2013
Blue host openstacksummit_2013
 
Blue host using openstack in a traditional hosting environment
Blue host using openstack in a traditional hosting environmentBlue host using openstack in a traditional hosting environment
Blue host using openstack in a traditional hosting environment
 
Infrastructural challenges of a fast-pace startup
Infrastructural challenges of a fast-pace startupInfrastructural challenges of a fast-pace startup
Infrastructural challenges of a fast-pace startup
 
Advanced Container Management and Scheduling
Advanced Container Management and SchedulingAdvanced Container Management and Scheduling
Advanced Container Management and Scheduling
 
Load testing with Blitz
Load testing with BlitzLoad testing with Blitz
Load testing with Blitz
 
AWS Lambda from the trenches
AWS Lambda from the trenchesAWS Lambda from the trenches
AWS Lambda from the trenches
 

Último

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024SkyPlanner
 

Último (20)

Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024Salesforce Miami User Group Event - 1st Quarter 2024
Salesforce Miami User Group Event - 1st Quarter 2024
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 

Self Created Load Balancer for MTA on AWS

  • 1. Self-Created Load Balancer on AWS Shinya Matsuura Dep of Service Engeneering
  • 2. What SEG is Doing? Mail Filtering (Mo) Mail Archiving (Nobita) Anti-Spam Anti-Virus(Mi) Online Storage (kumamsushi) Access Conrroll (shobosso)
  • 3. Mail System Framework Mail Filtering Mail Archiving Anti-Spam Anti-Virus Gateway Server Gateway Server Inbound Zone Outbound ZoneArchive Zone
  • 4. Why We Need Load Balancer? Gateway Server Limitation of Instance Type numerous ammounts of mails beyond expectation Problem of I/O
  • 6. Technology in Use 1) Linux Vritual Server (LVS) + keepalived 2) SNAT in iptables
  • 7. 1) LVS + keepalived - Install ipvsadm - Enable packet forwarding between interfaces # /etc/sysctl.conf === net.ipv4.ip_forward = 1 === # /sbin/sysctl -p
  • 8. 1) LVS + keepalived - Install keepalived and configure keepalive.conf # /etc/keepalived/keepalived.conf === ! Configuration File for keepalived global_defs { router_id lbx.oz.hdemail.jp } virtual_server 10.x.x.x 25 { delay_loop 30 lb_algo lc lb_kind NAT protocol TCP real_server 10.x.x.x 25 { weight 1 inhibit_on_failure SMTP_CHECK { connect_port 25 connect_timeout 10 retry 2 delay_before_retry 5 helo_name lbx.oz.hdemail.jp } } Global Deifinition Child Server Virtual Server(LB)
  • 9. 1) LVS + keepalived - Command ・Join a child server $ ipvsadm -a -t [LB IP]:25 -r [Child Server IP]:25 -m ・Drop a child server $ ipvsadm -d -t [LB IP]:25 -r [LB IP]:25 -m ・Confirm child servers $ ipvsadm -Ln === IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 10.x.x.x:25 lc -> 10.x.x.x:25 Masq 1 59 17 -> 10.x.x.x:25 Masq 1 55 3
  • 10. 2) SNAT in iptables - Problem When we use EC2 instance for Load Balancer we cannot create a SMTP connection, since SMTP trafic returns towerd EC2 default gateway not toword Load Balancer.
  • 11. 2) SNAT in iptables # iptables -t nat -A POSTROUTING -m ipvs --vaddr 10.X.X.X -- vport 25 -j SNAT --to-source 10.X.X.X - Solution We use an SNAT function in iptables to overwrite a sender IP address. For example, a sender IP address of packet which is sent to Port 25 in Load Balancer can be overritten by the local IP address of LB.
  • 12. Tools ・Fabric task to join/drop child server and update keepalived  $ fab join_ozmax_gw:10.x.x.x  $ fab drop_ozmax_gw:10.x.x.x  $ fab update_ozmax_lb_healthcheck ・Scrpt to automatically generate keepalived.conf in accordance with MX records ・Script to update iptables when LB instance starts ・Script to observe number of connections, network bandwidth etc. What we needed
  • 13. Results ・We can increase a child server as much as and whenever we want ! ・We can observe how Google Apps changes their way to send mails ! ・We can also use a Self-Created LB as an internl LB in EC2!
  • 14. A Note of Causion There is a limitation of network bandwidth dependent on instance type. m1.small -> m1.medium -> c3.xlarge
  • 15. Extended Gateway Server Now Gateway Server Gateway Server Gateway Server Gateway Server Load Balancer × n
  • 16. FIN