cancel
Showing results for 
Search instead for 
Did you mean: 

Using Alternate Network with the new "Preferred Network" feature

rcdauria
Level 4
Partner Accredited

Hi guys,

I have the following scenario:

-Windows Master Server
Hostname VTXMASTER01
IP 10.78.0.193 (Production Network) 

-Windows Media Server 
Hostname VTXMEDIA01
IP1 10.78.0.194 (Production Network)
IP2 66.66.66.66 (Backup Network)
IP3 67.67.67.67 (Another Backup Network I will need to use eventualy - not important right now)

-Windows 2008 Client
Hostname VTXFPS02
IP 1 10.78.0.24 (Production Network)
IP 2 66.66.66.67 (Backup Network)

Requisite is quite obvious: would like the backup to pass via the 66.66.66.0/24 network.Tricky part is: customer would not like to use hosts file solutions & etc, so I went down and took a look at the new Preferred Network settings (replaces the REQUIRED_INTERFACE and REQUIRED_NETWORK ones).

Very confusing guide, but undersood I could basically insert the 66.66.66.0/24 network as a MATCH in both media server and client, and everything would work (the specified network would be matched/used as the preferred path between the media server and the client). However, no luck: the entry was skipped and the backup went via Prodution Network. Looks like bptestnetconn does not know the 66.66.66.0/24 path:

bptestnetconn -f --prefnet -H vtxfps02 

------------------------------------------------------------------------
NBU IP_ADDRESS_FAMILY configured to use Remote Addresses:  IPv4(yes) IPv6(no)
FL:                VTXFPS02 -> 10.78.0.24                              :      0 ms SRC: ANY
------------------------------------------------------------------------

Tried changing the preferred network entry from MATCH to ONLY, but from this moment on the media server cannot connect to the client.

Any sugestions? I am using this feature the wrong way?

Thanks a lot in advance

Rafael

 

 

31 REPLIES 31

Andrew_Madsen
Level 6
Partner

bptestcd the way you have posted here is going to always use the production LAN. vtxfps02 appears to resolve to 10.78.0.24. According to your route table 10.78.0.0/24 uses interface 10.78.0.194. Consequently you will always talk to the 10.78.0.0 subnet over your production LAN connection. You need to resolve the 66.66.66.0 addresses to initiate conversation over that network segment.

Let's go back to NBU 101. The Master Server has a job schedule come up that needs to run on vtxfps02. The master server resolves that IP as 10.78.0.24. The master server has a connection in the 10.78.0.0 subnet and sends a query down to vtxfps02.

The client takes the packet form the master server and parses out the IP address of the sender and does a reverse look up to validate the sender has access rights to the client (is the name a SERVER = entry in bp.conf or on the registry) that IP address is 10.78.0.193 so we are still talking over the production LAN interface.

The job kicks off and because the ONLY names the master server has for the media server and the client resolve to 10.78.0.194 communication is initiated over the 10.78.0.193 (master), 10.78.0.194 (media), and 10.78.0.24 (client) interfaces. No where is there an instruction set to use the 66.66.66.0 subnet because the master server is not aware of it because no client is on that network. Remember the master server identifies components (clients and media servers) by name resolution.

Your PREFERRED_NETWORK is working perfectly normal. If you have no traffic for 66.66.66.0 then nothing will go down that route. When you set it to ONLY that told the media server that you could ONLY use 66.66.66.66 for communications and when you tried to talk to vtxfps02 (10.78.0.24) it failed because there is no route between 10.78.0.0 and 66.66.66.0 and since it is layer 2 you cannot build one on the client or media server.

As I stated earlier you need a name that will resolve to 66.66.66.67 for the media server, 66.66.66.66 for the client, and an address and interface on the same segment for the master server. This is so the client name resolution will tell the master server which segment to move traffic on.

The PREFERRED_NETWORK entry is NOT a routing table or an override for DNS / hosts file name resolution. It was placed there for machines that have multiple network interfaces so NBU, which does not appear to use route tables and does not appear to let the host computer manage network traffic, did not take so much time in the communication portion of backups.

We had an environment that had 12 vLANs and at the beginning of the backup and anytime a sub job would kick off there was close to 15 minutes wasted in communications hand shakes and the like because every little thing between media server and client was "Is client x down this interface wait 30 seconds, nope let's try this one. Nope, let's try this one." and on and on and on. We added the PREFERRED_NETWORK setting and they were completed in 30 seconds every time. 

However we needed to have name resolution for clients on each of those vLANs and the media servers and master server needed interfaces on each of those vLANs. 

rcdauria
Level 4
Partner Accredited

Hey Andrew, wonderful explanation, thank you so much!

Thats almost what I was guessing. The only part that surprises me is the one about the MASTER needing to be on the Backup Network.

I felt (really FELT, never read about it) that a layered structure would come in place here, so we could have something like - again, hypothetically:

1-Master starts a new job and talks to Media Server it will need xxxx resources - using the LAN;
2-Masters checks the client status - also using the LAN 

--- (note there is no hosts entries in the Master Server Machine) ---

3-Now media requests data to the client. But yup, let's suppose we have hosts files in the media and client machines. So, they will resolve each other to the BAN IPs and heavy traffic (backup data) will navigate in the BAN network.

Shouldn't that work? Coming down to 3 lines

Master <> Client via LAN
Master <> Media via LAN
Media <> Client via BAN

Anyway, that's just a curiosity.

Basically, I wanted to deviate traffic to the backup network without using DNS tricks. You basically told me it's not possible, right? :)

Thanks a lot once again,

Rafael

mph999
Level 6
Employee Accredited

Yes, thanks Andrew, that makes sense. 

Andrew_Madsen
Level 6
Partner

It all begins with communication. If you want traffic to traverse the 66.66.66.0 segment you need to start it there. In order to start it there the master server needs to be able to talk to the segment and the various addresses need to resolve. It is not really DNS tricks, it is what DNS is supposed to do. It helps eliminate communication errors because someone failed to put in an entry into everyone's hosts file. Here is how it could look:

Master Server

VTXMASTER01 - 10.78.0.193 (Production Network)

VTXMASTER01-bkp1 - 66.66.66.68 (Backup Network 1)

VTXMASTER01-bkp2 - 67.67.67.68 (Backup Network 2)

 

Media Server 

VTXMEDIA01 - 10.78.0.194 (Production Network)

VTXMEDIA01-bkp1 - 66.66.66.66 (Backup Network 1 )

VTXMEDIA01-bkp1 -  67.67.67.67 (Backup Network 2)

 

Windows 2008 Client

VTXFPS02 - 10.78.0.24 (Production Network)

VTXFPS02-bkp1 - 66.66.66.67 (Backup Network)

Your hosts file on the master would have entries for VTXFPS02-bkp1, VTXMEDIA01-bkp1, and VTXMEDIA01-bkp2. The media server would have entries for VTXMASTER01-bkp1, VTXMASTER01-bkp2, and VTXFPS02-bkp1. The client would have entries for VTXMASTER01-bkp1 and VTXMEDIA01-bkp1. Also there will need to be added the -bkp1 entries for the master and media in the client's registry for server access and in the master and media server.

Using a BAN (Backup Area Network) is a much better way of handling backup traffic and from your post the customer has certainly moved down the path to take advantage of it. All they need now is to finish it by adding the DNS entries and extra interfaces to the master server.

rcdauria
Level 4
Partner Accredited

Just for your information: I set up a lab where I configured, basically:

1-hosts file (deviations to BAN IPs) only between the media and the clients.
2-Master is not on the BAN. 
3-No preferred-network entries.

Backups and restores are working great, via BAN.

Rafael

Andrew_Madsen
Level 6
Partner

How are the clients identified in the Policy?

rcdauria
Level 4
Partner Accredited

By its real hostname (that resolves to their Production IP, not BAN IP)

To make it clear, on my lab I have:

Master Server
Hostname: vtxmaster01
IP: 10.78.0.1 (LAN)
No 'hosts' file entries

Media Server
Hostname: vtxmedia01
IP1: 10.78.0.2 (LAN)
IP2: 66.66.66.66 (BAN)
'Hosts' file entry: vtxclient01 > 66.66.66.67

Client Server
Hostname: vtxclient01
IP1: 10.78.0.3 (LAN)
IP2: 66.66.66.67 (BAN)
'Hosts' file entry: vtxmedia01 > 66.66.66.66

There is no reachability/routes between the two subnets (that is, a 10.78.0.x IP will never talk to a 66.66.66.x IP as there is no router operating at the lab).

And backup and restores are working as expected (via BAN).

Rafael

sdo
Moderator
Moderator
Partner    VIP    Certified

If you look at the process flow overview doc that Marianne posted:

https://www-secure.symantec.com/connect/downloads/netbackup-7x-process-flow

...you'll see that client to master comms is required for client side initiated restores - so, in your lab, some (a small amount of) NetBackup traffic must be traversing the 10.78.0.x network.  So, how will this translate from the lab to production?  Firewall requirements in production?

mph999
Level 6
Employee Accredited

Master > Client is also needed if you use ALL_LOCAL_DRIVES in the policy file selection ...
 

Andrew_Madsen
Level 6
Partner

That would work except your client says they do not want to use hosts files. That leaves DNS and if you did this in DNS you would mess everything else up in production. Also you would have issues if you needed to talk over the production network to the client from the media server.

rcdauria
Level 4
Partner Accredited

@sdo/mph999 - I will test this scenarios (client-initiated restores and ALL_LOCAL_DRIVES directive). Lets see whats happens. Technically, there is Master-Client communication, so I don't see why this shouldn't work.

@Andrew: Yes, forget about the guys who didn't want to play with hosts file. Just told them its not possible and live goes on. :) 

Just mentioned the lab for general understanding purposes.

Rafael

 

 

Andrew_Madsen
Level 6
Partner

Does the customer not want to use DNS?