Mail flow routing with BigIP 2000 load balancers

Question

Hi,&nbsp;
I am in the process of setting up 2 F5 BigIP 2000 load balancers for our exchange environment.&nbsp;
These will be sitting in our LAN only and have no external connectivity.&nbsp;
We are aiming to just LB the exchange servers we have internally for our users.  We do not use external OWA or any other type of external access to the Exchange environment.&nbsp;
What I am trying to work out is the mail flow for emails coming in and out of the organisation.&nbsp;
We have 2 CAS servers and 2 MBX servers.  In testing I have no problems with setting up the F5's to load balance these servers for SMTP and MAPI for Relay and Outlook respectively.&nbsp;
However what I can't test is the mail flow from coming outside and sending to external addresses as I do not have this connectivity in my LAB.&nbsp;
On our live environment we have 2 third party spam appliances that currently the CAS server relay to as smarthosts.&nbsp;
So current mail flow to an external address is Outlook to CAS server - CAS server to SPAM appliance - SPAM appliance to Internet.&nbsp;
Incoming email is Internet to SPAM appliance - SPAM appliance to CAS Server - CAS Server to Outlook.&nbsp;
Where will the F5's fit into this scenario?&nbsp;
Do I point the SPAM appliances to the F5's or leave them as is to the CAS servers direct?  What about outgoing? Do I point the F5's somehow to the SPAM Appliances for outgoing email?&nbsp;
Sorry for the long post but am new to load balancing and want to make sure I don't cause any mail flow issues when I implement the F5's.&nbsp;
Rob&nbsp;

mikeshimkus_111 · Accepted Answer

Hi Rob, we have an SMTP iApp template that's currently a release candidate, but is scheduled to become officially supported in an upcoming release: https://devcentral.f5.com/codeshare/smtp-iapp-template-early-release.  The deployment guide is here:  https://www.f5.com/pdf/deployment-guides/f5-smtp-dg.pdf&nbsp;
Although I haven't tested it with the outbound scenario, I think you should be able to use it to load balance SMTP traffic both directions, as long as both your CAS and SPAM appliance are configured to send mail to the respective virtual server addresses and accept mail from the self IP addresses of your BIG-IPs.&nbsp;

robl216_235020 · Answer

Many thanks for the reply Mike.&nbsp;
I am actually testing the SMTP iApp template in my LAB and this seems to be working fine.&nbsp;
Unfortunately I don't have access to a SPAM filter in the LAB hence my question.&nbsp;
What you state above seems perfectly logical so I will give this a try once I have the F5's in the live environment.&nbsp;
I can always just point the CAS servers back to the SPAM filters direct if needed.&nbsp;
Cheers,&nbsp;
Rob&nbsp;

Forum Discussion

Mail flow routing with BigIP 2000 load balancers

2 Replies

Recent Discussions

Viprion files on blades.

redirect not working

active/active Support Declarative Onboarding

Reliable resources for identifying IP addresses

minimum tmos software version for connect CIS (openshift)

Related Content

Re: BigIP Report

Active/Active load balancing examples with F5 BIG-IP and Azure load balancer

Load Balancing versus Application Routing

BigIP Report Old

NGINXaaS for Azure: Load Balancing