08-24-2015 07:52 PM
Hi,
Here i am coming with some sort of confusion in NBU ports betwen backup server and client. it would be great thankful if i get answer for the following questions.
1. Whats are the ports required to be enabled between media server and client?
2. Do we require all the ports like bpcd,vnetd & PBx between each other shoudl be open?
3. we have managed to see PBx is not connecting from client to media server but backups are working fine. if that is the case may i know the reason?
4. client is under firewall but none of te required ports are enabled but backups are working fine. may i know the reason behind this confused methods under firewall?
still lots of questions running in my mind and i will get back to you depneding on the ansers. thanks in advance.
Solved! Go to Solution.
08-25-2015 02:30 AM
In NBU 6.x - 7.0, PBX was only used for comms between master and media server(s).
Servers used vnetd to connect to clients. If vnetd failed, it would fail back to bpcd.
From NBU 7.0.1 onwards, comms to 7.x and 6.x clients will be tried as per the section under this topic in above TN:
NetBackup 7.0.1 Considerations
This means that 7.1 server connecting to 6.x client will be exactly the same - 1st try pbx (which will fail), then fail back to vnetd. If still not successful, it will try bpcd.
Exact same ports will be used for clients behind firewall.
In a production environment, it is very easy to see port connection attempts with bptestbpcd command on master and/or media server:
Connection test to a client:
bptestbpcd -client <client-name> -verbose -debug
Connection test to a media server:
bptestbpcd -host <server-name> -verbose -debug
08-24-2015 08:08 PM
08-24-2015 08:36 PM
Review the and then ask again (https://support.symantec.com/en_US/article.TECH136090.html).
The TCP port requirements for the default configuration; without overriding connect options in the Client Attributes (bpclient), or Firewall (CONNECT_OPTIONS) settings, or separate master and EMM servers, or legacy security considerations are as follows:
NetBackup 7.0.1 Considerations
The bpcd and vnetd processes now run standalone. They and the other legacy processes now register with PBX at startup. Connections to legacy processes that previously contacted the vnetd port will now prefer to use PBX port 1556. If the PBX port is unreachable, then the vnetd port will be used. If the vnetd port is unreachable, then the daemon port will be used. Opening TCP port 1556 outbound from NetBackup servers to NetBackup clients will prevent delays that occur while attempting to use PBX. Similarly, opening TCP port 1556 inbound will prevent delays for client-initiated requests to the master server.
Note that the Java console to master server uses the vnetd port for connection to bpjobd and the PBX port for all other connections.
For efficiency the upgrade/install also adds Connect Options of '1 0 2' for localhost. Internal sockets on the loopback interface to processes on the same host will use the daemon ports instead of passing through vnetd or PBX.
NetBackup 7.1 Considerations
NetBackup Access Control (NBAC) has been integrated with NetBackup and the processes nbatd and nbazd will be used in place of vxatd and vxazd. These processes are registered with PBX for inbound connections via the PBX port 1556, removing the need to have ports open to the VxSS server.
The processes are also listening on TCP ports 13783 and 13722 respectively. These port numbers are registered with IANA using the original service names of 'vopied' and 'bpjava-msvc', and resolved by NetBackup using those original names. Back level hosts are unaware of the new processes available via port 1556 and will continue to contact vxatd and vxazd via vrts-at-port/2821 and vrts-at-auth/4032.
Snapshot backups may experience a small delay during snapshot deletion if port 1556 is not open from the client to the master server.
NetBackup 7.5 Considerations
The Resilient Client feature requires vnetd/13724 to be open bi-directional between the media server and client hosts. If utilizing client-directed operations, then vnetd/13724 must be open bi-directional between the client and the master server. This feature cannot use PBX/1556.
Snapshot backups may experience delays before and after the data transfer if port 1556 is not open from the client to the master server.
NetBackup 7.6 Considerations
The Client Direct restore feature requires the TCP ports for PBX/1556 and vnetd/13724 to be open from the client to the master server for the file list port connection; regardless of whether the restore is server or client initiated.
Network Address Translation (NAT) and Port Address Translation (PAT) Considerations
The use of NAT and PAT is not supported with NetBackup. See TECH15006 in the Related Articles section for details.
08-24-2015 09:15 PM
Hi Marianne,
thanks for the reply.
1.NBU version - 6.0 to 7.0 - if it uses vnetd then what is the purspose of bpcd and PBx services for taking backup?
i can clearly understand since NBU 7.0.1, it uses PBx then vnetd and bpcd.
2. What is going on with the backups of client under firewall?
Master server - 7.1
Client - what is the case if it is 6.5 and 7.1 please?
08-24-2015 09:19 PM
Hi Riaan,
Thanks for sharing this arcticle and it helps me to direct in a right way.
i am under confusion after reading so many post, article & tech notes about the port requirements while going for a hands on experience.
so i have many specific questions to be cleared in order to understand the reason behind opening those ports depending on the NetBackup verisons.
Regards
Elango
08-25-2015 02:30 AM
In NBU 6.x - 7.0, PBX was only used for comms between master and media server(s).
Servers used vnetd to connect to clients. If vnetd failed, it would fail back to bpcd.
From NBU 7.0.1 onwards, comms to 7.x and 6.x clients will be tried as per the section under this topic in above TN:
NetBackup 7.0.1 Considerations
This means that 7.1 server connecting to 6.x client will be exactly the same - 1st try pbx (which will fail), then fail back to vnetd. If still not successful, it will try bpcd.
Exact same ports will be used for clients behind firewall.
In a production environment, it is very easy to see port connection attempts with bptestbpcd command on master and/or media server:
Connection test to a client:
bptestbpcd -client <client-name> -verbose -debug
Connection test to a media server:
bptestbpcd -host <server-name> -verbose -debug
08-25-2015 07:52 PM
thanks Marianne, now i able to understand the concept of communication
08-25-2015 08:09 PM
Marianne, do we have an option to check the RANDOM PORTS in windows 2003 R2 client under firewall?