Professional Documents
Culture Documents
Pg. 1
Designing a Routing Group Topology
BACKGROUND
Large Exchange 5.5 environments use X.400 connectors to route both mail and replication traffic. Most
implementations have selected a Hub and Spoke design for their X.400 topology. Most servers have an
X.400 connector directly to the hub, but some sites will go through a Bridgehead X.400 connector to the
Exchange routing hub.
OBJECTIVE
As migrations into Exchange 2000/2003 environments increase, we need to design an efficient way to route
mail messages while managing overall governance. The SMTP mail routing is required for the following:
Microsoft Exchange 2000 enables great performance improvements with its message routing when
compared to Exchange 5.5. One of the improvements is the ability to split Exchange 5.5 sites into Routing
Groups and Administrative Groups. Routing Groups are based upon network topology and are designed to
enhance the efficiency of message delivery. Exchange 2000 also utilizes SMTP to deliver messages as its
preferred protocol instead of X.400.
It is anticipated that each Exchange site or group of sites will develop a mail routing topology and strategy
in concert with the rest of the Exchange sites in an organization as an integral part of the overall mail
routing design. In cases where an organization has distributed management and administration of their
Exchange Infrastructure, a team should be established to agree to a set of standards and a common design
approach. This team should include members that are familiar with the current LAN/WAN topology,
current Active Directory implementation and Design, and current Exchange 5.5 background for the
organization.
Page. 1
Designing a Routing Group Topology
Terminology
Routing Topology
The routing topology denotes the overall interconnections that multiple sites in an Exchange organization
route mail between themselves and with the Internet and other foreign mail systems.
So, Administrative Groups are created for managing objects. The Routing Groups are created for managing
the Routing Toplogy. Routing Groups must be created within an Administrative Group – they are
subordinate to an Administrative Group. A single Administrative Group could contain all of the Routing
Groups with other Administrative Groups managing other server and service components. Servers can be
Drag & dropped between Routing Groups.
All of the Bridgehead servers in a Routing Group communicate their connectivity information to the
Routing Group Master, but only for changes. The Master then maintains/rebuilds the link state information
and communicates it to all of the servers in the Routing Group. If the Master goes offline, then the servers
continue as normal based on the last report of the Link State information received from the Master. The
normal flow of mail within a Routing Group will also pass Link State Information.
The Connectivity between all servers within a Routing Group is SMTP. For link state updates, Microsoft
uses a proprietary binary data protocol that does not use the SMTP virtual Server. The Microsoft Exchange
Routing Service handles all routing updates within the Routing Group. This service executes within the
INETINFO.EXE and each Bridgehead server binds to the Master on TCP port 691 and vice versa to all
servers in the Routing Group for link state updates. Connectivity between Routing Groups is via a
Bridgehead server.
Page. 3
Designing a Routing Group Topology
Page. 4
Designing a Routing Group Topology
The following three routing methodologies should be considered when designing a routing topology:
Page. 5
Designing a Routing Group Topology
• In native mode, Exchange 2000 can be extremely dynamic because you can change the memberships
of the routing groups and administrative groups. This is useful when administration models or network
topologies change.
• Exchange 2000 provides load balancing in the form of a round-robin DNS between servers, both
sources and targets. A round-robin DNS is a mechanism that directs incoming requests to servers on a
rotating basis. This is done by looping through a list of IP addresses belonging to the servers in the
configuration. When an e-mail client attempts to access a mailbox on an Exchange server, the client is
given the first IP address on the list. The second client request is given the second IP address in the
list, and so on. If there are four servers on the round-robin list, all four IP addresses are used before the
first IP address is used again, and the loop starts over. In addition, Exchange 2000 offers
improvements over the Exchange 5.5 Site Connector if one of the source bridgehead servers is
down—Exchange connectors automatically try not to use that server until it comes back up. If there
are multiple connectors with the same cost, each server picks a random connector and uses it for a
period of time. Over multiple servers, this functionality simulates round-robin behaviour.
• When a client must use an alternate server to access public folder content, Exchange 2000 uses routing
groups to calculate the closest available server, which it determines by using a cost property set on the
Routing Group connector. The cost for each Routing Group connector is stored in a single cost
database that is shared with e-mail routing calculations. Redundant cost tables maintained in previous
versions of Exchange are eliminated. In Exchange 5.5, site affinities were not transitive. For example,
if you establish an affinity between site 1 and site 2, and between site 2 and site 3, you do not
automatically get affinity between site 1 and site 3. In Exchange 2000, affinities are transitive. If all
routing groups in an organization are connected to allow e-mail to flow, all servers receive public
folder referrals. If a server does not contain replicas of public folders, you can mark specific Routing
Group connectors to deny public folder referrals; the client contacts the next server in the referral list.
• Because SMTP is used in a routing group and SMTP is more resilient over slow links, routing groups
can span slow networks more effectively than RPC, which is the native transfer mechanism for
Exchange 5.5. Thus, your organization may be able to deploy fewer routing groups by using Exchange
2000 than by using sites with Exchange 5.5.
• SMTP mail is not compressed; though you reduce network bandwidth requirements with SMTP, the
increased load on the Exchange server CPU would reduce server performance.
• Unlike Exchange 5.5, where intra-site and inter-site RPC communications are encrypted, SMTP
communications in Exchange 2000 are not encrypted. However, each server uses SMTP
authentication with Kerberos. There are two options for encryption, although neither is done by
default: Internet Protocol security (IPSec), which is built into Microsoft Windows 2000, and Transport
Layer Security (TLS) encryption, which is built into the SMTP service.
• Upgrading an Exchange 5.5 hub, in a hub-and-spoke design, can significantly increase hub
performance and stability because performance is enhanced by Exchange 2000 and the use of SMTP.
• Link state routing is most effective in an organization with multiple routing groups using multiple
paths. In a traditional hub-and-spoke design, you do not see as much improvement as you do in a mesh
network or a network with multiple connections.
Page. 6
Designing a Routing Group Topology
• Adding routing groups increases the size of the link state table and increases potential link state status
messages. This can increase the amount of link state message traffic.
Exchange no longer includes a Dynamic RAS connector. Instead, Exchange 2000/2003 uses the on-demand
capabilities in Windows 2000/2003, specifically, the combination of the Routing Group connector and the
Routing and Remote Access demand-dial interface.
In current X.400 connection topologies, sites have either a single or a redundant connection with the Hub, if
this connection goes down, outbound messages from the site are queued locally until the connection is back
up. As well inbound messages to the site are queued at the hub until the connection again becomes
available. This configuration has a single point of failure to each site as well as a single point of failure at
the hub. Full Mesh topology removes the need for running a hub as a single point of failure and allows for
mail to find an operation route through a myriad of avenues. Remember that e-mail is a communications
tool and that all parties within all Exchange sites should want mail to get to its destination. Even if that
means that a few microseconds of CPU time has to be spent forwarding mail between two sites that have
lost a direct connection.
Page. 7
Designing a Routing Group Topology
Page. 8
Designing a Routing Group Topology
A permanent connection must exist between all servers participating in the same Routing Group. Servers
that are on intermittent or on-demand connections must be isolated in their own Routing Group. All servers
within the routing group must be able to contact the Routing Master.
When you use multiple Routing Groups, you need to have connectors (i.e. bridgeheads) between two
servers in those routing groups. All mail traffic being routed will go in and out through the bridgehead.
You can have multiple servers in a Routing Group acting as bridgeheads to other Routing Groups.
Exchange 2000/2003 will load balance the connections after a period of time and if one connection goes
down, Exchange will re-select an operational route.
In most cases the Routing Groups should be connected and configured as a Routing Group Connector. In
cases where you are routing mail to through the Internet, then you connectors should be configured as
SMTP. Only when routing to a legacy X.400 Administrative Management Domain (ADMD) or meta-
directory should you use the X.400 Routing Group Connector configuration.
Configuring the Routing Group Connector in RGC mode is protocol independent with SMTP native mode
and RPC available for 5.5 co-existence. The connector is Directory aware for the Remote Bridgehead
server.
Security for routing mail can be a big issue for many organizations. Legacy X.400 connections were
obfuscated, but not encrypted. SMTP connections are not encrypted, but also obfuscated using Transport
Neutral Encapsulated Format.
There are two ways to secure mail routing: SMTP encryption/authentication; or using IPSec. It is highly
recommended to look at using IPSec for transport security between Exchange Servers. Not only with this
secure and encrypt your mail being routed between sites, but it will secure all IP-based communications
between your Exchange servers.
IPSec can also perform all three of these functions on a server at the same time.
Page. 9