Jump to content
Welcome to our new Citrix community!

LB vServer with client-ip for smtp Exchange


Joachim Pfeiffer

Recommended Posts

Hello,

 

i need help for Loadbalancing smtp to Exchange.

We need to see the client ip at the Exchage System and not the LB vServer IP.

I test this with the command -usip=yes

Now, a new connection to the LB vServer hangs

 

Then i read about a SNIP for the Rote to the Exchange-Servers and set this SNIP

add ns ip 10.203.162.228 255.255.255.0 -vServer DISABLED

After that, all Exchange Loadbalancers are down...

please help

 

 

Link to comment
Share on other sites

id you use the option -useip than the Netscaler will send all tha packets with the client ip and not the SNIP ip on the NEtscaler.

that means that the  Exchange serrver needs to have a route back to the client and this traffic will not pass through the NEtscaler.

 

Client ip can be inserted in http traffic as a header only. 

It can also be inserted in TCP traffic but than the application needs to be able to extract this client ip from an additiona tcp packet after the 3 way handshake.

 

Link to comment
Share on other sites

I need this Loadbalancer for smtp on Port 25, therefore i can not use client ip header.

 

with the option -usip yes e.g. "Use Client IP" in service,

a telnet on Loadbalancer Port 25 goes open, but does not provide any information of the smtp Server as when i connect directly ....

 

on different sources i read about a snip to the Network where the Exchange-Servers are .... but this does not working too

 

Link to comment
Share on other sites

  • 2 weeks later...

We get this request a lot, usually because clients want to manage SMTP allowed relaying per connector on exchange level. (e.g. allowed ip's internal relay, allowed ip's external relay, different types of authentication etc)

I believe there are 4 options:

- Use default subnet ip mode ( netscaler nats traffic from subnet ip) and do the source IP filtering on Netscaler instead of exchange 

- Use DSR mode as indicated above (return traffic completely bypass the netscaler, requires some config on exchange (loopback adapter,.. ))

- Use L3 Mode with USIP, and change default gateway on Exchange servers to Netscaler. I would try to avoid this as it can cause a lot of traffic routed through netscaler.

- Use GSLB where netscaler returns the IP for one of the SMTP servers based on a health check and from that moment the client connects directly to that SMTP server.  I personally prefer this option as it is generally easier to create a dns delegation to a NS HA pair  instead of doing fancy routing stuff.. 

 

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...