Running dcc server cluster

Hi there,

We're a small ISP looking at implementing DCC, and since our volume of
mail that would be checked is probably around ~200k we're having to
setup our own dcc server.  (That in itself isn't an issue.)

For redundancy's sake, we're looking at doing 2 servers, but within
the documentation, it talks about either using a single serverid for a
"close cluster", or running each server with it's own id.

Is there a BCP (best common practice) for running a dual server
configuration?

Thanks,
  Ross.

--


_______________________________________________
DCC mailing list      DCC@...
http://www.rhyolite.com/mailman/listinfo/dcc

On 29.05.09 10:04, Ross West wrote:
I'd say they both should peer and you should get 1-2 other peers for each
one...

I think that if you'd run only one server, in case of outages you could
temporarily use public servers

--
Matus UHLAR - fantomas, uhlar@... ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Microsoft dick is soft to do no harm
_______________________________________________
DCC mailing list      DCC@...
http://www.rhyolite.com/mailman/listinfo/dcc

> From: Ross West <westr@...>

> We're a small ISP looking at implementing DCC, and since our volume of
> mail that would be checked is probably around ~200k we're having to
> setup our own dcc server.  (That in itself isn't an issue.)
>
> For redundancy's sake, we're looking at doing 2 servers, but within
> the documentation, it talks about either using a single serverid for a
> "close cluster", or running each server with it's own id.

I hope none of the DCC documentation talks about using a single server-ID
for more than one computer.  Both DCC servers and DCC clients depend
on which DCC server is which by ID.  Things break and alarms go off
when two computers share an ID.

The instructions I send to new DCC server installations talk about
multiple servers when the site is to have more than one.  Basically:

  - Ensure that all of the servers have enough RAM.  You need more than
     3 GByte just for DCC server process and should have more than 4 GByte.
     (That's real memory for a single process and not the kludge that
     lets a 32-bit Intel CPU share more than 4 GBytes among a bunch of
     smaller than 4 GByte processes.)

  - Don't even consider using the 4+ year old version of the DCC source
      distributed by some outfits including Linux repackagers.

  - Open TCP and UDP port 6277 for all DCC servers to their flooding peers
      and the server status monitor.  The external flooding peers of
      a site should be distributed among its servers.

  - Ensure that all servers have the same password for at least one
      client-ID such as 32768

  - Define DNS CNAMES for each server, such as dcc1.example.com and
      dcc2.example.com

  - Define DNS A RRs containing IP addresses for all servers, such
      as dcc.example.com.

  - Teach each DCC client about all servers by running
        cdcc "add dcc.example.com RTT-1000 ms  32768 SECRET"
      where SECRET is the password for client-ID 32768 in /var/dcc/ids on
      all servers.  That will let the clients balance their loads among
      the servers named by dcc.example.com.

  - Ensure that the nightly cron jobs run at different times.


Vernon Schryver    vjs@...
_______________________________________________
DCC mailing list      DCC@...
http://www.rhyolite.com/mailman/listinfo/dcc

VS> I hope none of the DCC documentation talks about using a single server-ID
VS> for more than one computer.  Both DCC servers and DCC clients depend
VS> on which DCC server is which by ID.  Things break and alarms go off
VS> when two computers share an ID.

That's what I thought after going through everything.  But the man page
for dccd does talk about a "close cluster of DCC servers" being
identified by a single serverID.  Hence my confusion - thought I was
missing something.

VS>   - Ensure that all of the servers have enough RAM.  You need more than
VS>      3 GByte just for DCC server process and should have more than 4 GByte.
VS>      (That's real memory for a single process and not the kludge that
VS>      lets a 32-bit Intel CPU share more than 4 GBytes among a bunch of
VS>      smaller than 4 GByte processes.)

Gotcha - 64bit OS (not 32bit + PAE).  The memory requirements for a
public server are higher than I was expecting though.  (Was guessing
around 2gig)

As an FYI, in our test environment is using ~150mb per server for a
load of around 200k msgs/day total.

I will say I'm impressed by how much mail DCC sees as mass mail, and
generally how accurate it is.

VS>   - Don't even consider using the 4+ year old version of the DCC source
VS>       distributed by some outfits including Linux repackagers.

Saw that warning - we're running v1.3.103 (Freebsd ports).

VS>   - Define DNS CNAMES for each server, such as dcc1.example.com and
VS>       dcc2.example.com
VS>   - Define DNS A RRs containing IP addresses for all servers, such
VS>       as dcc.example.com.
VS>   - Teach each DCC client about all servers by running
VS>         cdcc "add dcc.example.com RTT-1000 ms  32768 SECRET"
VS>       where SECRET is the password for client-ID 32768 in /var/dcc/ids on
VS>       all servers.  That will let the clients balance their loads among
VS>       the servers named by dcc.example.com.

Already done, although I'm curious if there's a better 'way' of the
two types:

Does defining 2 servers for the dcc client (ie: add dcc1, add dcc2) or
defining 1 server with multiple IP addresses make any difference?

In my testing, I've got 2 servers defined, with 1 having a RTT+500ms
to make a rough 'primary/secondary' kind of setup.

Cheers,
  Ross.

--


_______________________________________________
DCC mailing list      DCC@...
http://www.rhyolite.com/mailman/listinfo/dcc

> From: Ross West <westr@...>

> That's what I thought after going through everything.  But the man page
> for dccd does talk about a "close cluster of DCC servers" being
> identified by a single serverID.  Hence my confusion - thought I was
> missing something.

I've fixed the man page for the next release.   thanks.

Unless I'm confused about who connection.ca is, that sounds like a
violation of the license on the free version of the DCC software.
These words:

 * security solution sold to other entities, or to a private network
 * which employs the DCC or uses data provided by operation of the DCC
 * but does not provide corresponding data to other users.

are intended to require that all DCC servers participate in the
global network of DCC servers to share checksums of bulk mail.  That
involves contact me server-IDs and flooding peers.

Peering with the DCC network costs radically improves the effectiveness
of DCC filtering, at least for sites without extensive spam traps or
fewer than millions of mail messages per dai.  Connecting to the DCC
network costs only bandwidth and system administration hassles for
organizations that qualify to use the free DCC client software.

If I am not confused, please either stop using the DCC server software
or contact me privately for server-IDs and peers.

Note that only about two dozen of the hundreds of DCC servers in the
global network of DCC servers are "public."  The rest are quite private
except for TCP connections to 3 or 4 peers and answering UDP status
requests for the server status monitor.

Note also that I'm assuming that connection.ca meets the other restrictions
in the free license included in the tarball or at
http://www.rhyolite.com/dcc/LICENSE
If I am wrong about that, please stop using the free client DCC software.
Feel free to contact me about terms for a license for the commercial
version.



> Already done, although I'm curious if there's a better 'way' of the
> two types:
>
> Does defining 2 servers for the dcc client (ie: add dcc1, add dcc2) or
> defining 1 server with multiple IP addresses make any difference?
>
> In my testing, I've got 2 servers defined, with 1 having a RTT+500ms
> to make a rough 'primary/secondary' kind of setup.

One name with multiple IP addresses is best.  Without compelling special
needs, fine tuning the RTT adjustments is a bad idea.  In this case,
500 ms is more than the 400 ms that a DCC server adjusts its announced
queue delays when it is too busy, has no peers or is otherwise not
entirely healthy.  As a result, DCC clients will not automatically switch
servers as quickly or at all.


Vernon Schryver    vjs@...
_______________________________________________
DCC mailing list      DCC@...
http://www.rhyolite.com/mailman/listinfo/dcc