cancel
Showing results for 
Search instead for 
Did you mean: 

AUTO IMAGE REPLICATION (AIR) over alternative (secondary) network??

ESM_Admin
Level 4
Partner

Hi.

Have 2 x 5220 appliances setup as 2 master servers in DR and Primary site connected via LAN/WAN over our production network.

1. Need to know how can be configure the AIR to take place not over the pimrary LAN/WAN but over a secondary network.

I have IPs and Gateway on the secondary LAN that I can use to configure NICS on the appliances (2 master on DR and Primry site) but need to know how to ensure that AIR traffic goes only over the secondary nic.

 

2. I would still like the ability to be able to do restore over the primary lan/wan from the master server on DR site.... so the restore traffic goes over the primary lan as it is now.

Any help would be much appreciated!

 

Thanks,

 

ESM

 

7 REPLIES 7

D_Flood
Level 6

I've got a similar situation except that my 5220's are just Media Servers to other Masters.  My NetOps Admin just configured the site firewall/routers at each site to say "any traffic from IP a.a.a.a sent to IP b.b.b.b needs to be routed this way rather than that way (and of course, in reverse also).

Doing is that way means that regular communications and DNS happens as needed but any specific AIR traffic is routed through the alternate route.

 

ESM_Admin
Level 4
Partner

Hi D.Flood.

would you be able to elaborate on the solution?

So if i understand it correct you setup a routing table between the media and master server?

D_Flood
Level 6

I'll do my best but I'm not the Network Operations expert.

 

Each of our physical sites has their own firewall and router (don't know if they are same box or different boxes) as well as different subnets assigned for the different sites.

When I asked for a direct connection between the 5220's and the high speed network router, I was told that wasn't necessary.  They could (and did) set up either a firewall rule or a router rule that says any traffic from specific address a that is going to address b send that over the high speed link.  Anything else to/from a or b is considered "local" and handed off to the local LAN.

So things like Master/Media Server communications works fine since that's LAN but anything specifically sent from one 5220's address to the other 5220's address gets routed over the high speed rather than over the regular WAN.

 

If I had a Linux box running a firewall I suppose it could be done something like this:

 

route add -host (b or a depending on which side you are on) gw (local high speed router IP)

You might also be able to do it via the routing table interface in the shell or web page....

 

 

Mark_Solutions
Level 6
Partner Accredited Certified

If the networks involved are on different subnets then there is little to do ..

Configure the networks as your require for live and AIR leaving just the live network with the gateway address.

In the hosts file on the appliances provide the replication IP address of the appliance on the other site

As AIR between appliances goes directly from appliance to appliance so if they resolve each other via that network they will transfer the data via that network.

Hope this helps

ESM_Admin
Level 4
Partner

The problem is that we are using DNS for our host name resolution.

AND the DNS is resolving the address of the "target 5220" to the production IP...so the traffic is flowing over the production NICs and not over the NICs selected for replication.

So the above is not an option.

I can turn off the DNS but then that means using host files everywhere which I dont want.

What other solution if any is possible??

ddm2
Level 5
Partner Accredited Certified

I think you can solve your problem just adding a route using the CLISH. 

The route sounds like:

"to reach the target 5220, pass through the gateway of the secondary interface"

You have to put the same route on both sides.

If you have 2.0.3 FW:

Gateway Add (gateway of the secondary network) (ip of the other side 5220) 255.255.255.255

The mask 255.255.255.255 identifies a single host.

Mark_Solutions
Level 6
Partner Accredited Certified

Hosts file really is your best bet to be certain - they are always checked before DNS and it also speeds everything up as you dont get the constant DNS check delays during operations