cancel
Showing results for 
Search instead for 
Did you mean: 

accessing MSDP and dedup pool from mulitple networks

dav_tlse
Level 2

Hello all,

First of all i would like to provide my excuse for my poor english writing, i'm french.

I come today on this forum to query advices and solutions for the problem i'm going to report here.

i just come to deploy a netbackup environnement with these architecture:

netbackup version: 7.6.1

 

- Principal Site:

Rôles:

backup VMWare virtual machines (hypervisor network) thru media-hyp-princ.domain.fr network interface

backup clients for physical servers (backup network) thru master-princ.domain.fr of the master and media-princ.domain.fr for the media

NDMP backup 

  • Operating system: Windows 2012R2 for master and media
  • one VM (VMWare): master server/EMM, one network interface on backup network (master-princ.domain.fr)
  • One physical server:  MSDP with one dedup pool attached
  • MSDP is multi-homed: one network interface on hypervisor network (bonding SFP+ 10Gb, media-hyp-princ.domain.fr), one network interface on backup network (bonding SFP+ 10Gb, media-princ.domain.fr)
  • MSDP FQDN is configured on hypervisor network hostname (media-hyp-princ.domain.fr)
  • The media gateway is on the backup network, on the network interface media-princ.domain.fr
  • The master gateway is on the backup network, on the network interface master-princ

-Secondary site:

Rôle: AIR (Auto image Replication)

  • One netbackup appliance 5230: master/media
  • MSDP FQDN is configured on backup network hostname (master-sec.domain.fr)
  • MSDP has just one bonding SFP+ 10Gb on backup network (master-sec.domain.fr)

Each backup (VMs and clients) on the principal site are replicated via AIR to the secondary domain (using SLP)

i've checked the network client backup flow and all transits thru the backup vlan (media-princ.domain.fr), that we want

And the VMWare backup is on the same VLAN (hypervisor vlan) so the backup flow transits thru media-hyp-princ.domain.fr network interface

All works great but....

The deduplication pool is attached to the MSDP hostname media-hyp-princ.domain.fr, on the hypervisor VLAN and i try to associate media-princ.domain.fr to the MSDP that it could be recognize as media-princ.domain.fr and media-hyp-princ.domain.fr

i've added media-princ.domain.fr as media server and you ca see below the nbemmcmd.exe -listhosts result:

<netbackup_install_path\NetBackup\bin\admincmd>nbemmcmd.exe -listhosts
NBEMMCMD, Version: 7.6.1
The following hosts were found:
server           master-princ.domain.fr
master           master-princ.domain.fr
media            media-hyp-princ.domain.fr
ndmp             media-hyp-princ.domain.fr
remote_master    master-sec
virtual_machine  vcenter.domain.fr
replication_host master-sec
media            media-princ.domain.fr
ndmp             vuserhomedata-cl1.domain.fr
Command completed successfully.

media-princ.domain.fr and media-hyp-princ.domain.fr appear on the media list from the netbackup windows administration console as media server.

As you can see, media-princ.domain.fr and media-hyp-princ.domain.fr are the same physical media server but on differents vlans

Why i want to do this ?

because when i try to backup Active Directory servers with granular recovery, client backed up try to communicate with media-hyp-princ.domain.fr, and this is the only error i encounter.

Below the nbfsd logs on the client:

12:25:18.724 [472.2344] <2> logparams: <install_path_netbackup_client>\Veritas\NetBackup\bin\nbfs mount -server media-hyp-princ.domain.fr -port 7394 -retry 11 -cred ABCDEFGHIJKLMNOPQRSTUV (cred volontary replaced for copy on this forum)
12:25:18.739 [472.2344] <2> rpc_connect: connecting to media-hyp-princ.domain.fr
12:25:39.753 [472.2344] <16> rpc_connect: can't create TCP connection to media-hyp-princ.domain.fr (12 10060), will retry...
12:25:44.760 [472.2344] <2> rpc_connect: connecting to media-hyp-princ.private.univ-tlse3.fr
12:26:05.773 [472.2344] <16> rpc_connect: can't create TCP connection to media-hyp-princ.domain.fr (12 10060), will retry...
12:26:10.781 [472.2344] <2> rpc_connect: connecting to media-hyp-princ.domain.fr
12:26:31.810 [472.2344] <16> rpc_connect: can't create TCP connection to media-hyp-princ.domain.fr (12 10060), giving up

  • I've tried to manually debug using this methode below but replacing media-hyp-princ.domain.fr by media-princ.domain.fr:

https://www.veritas.com/support/en_US/article.TECH124810

and it works....

  • i've tried to create medi-hyp-princ.domain.fr alias with media-princ.domain.fr instead of declaring media server media-princ.domain.fr
  • I've tried to modify hosts file on the client to backed up with the IP adress of media-princ.private.domain.fr for media-hyp-princ.domain.fr
  • i've tried preferred network

 

QUESTIONS:

  • 1) Do i have to re-install everything from scratch using medi-princ.domain.fr as MSDP name ? i found the link below:

             https://www.veritas.com/support/en_US/article.000072756

            Perhaps is it the best solution for me because i have a lot of production backup on the media

  • 2) If i do this, do will i have trouble to backup virtual Machines with a deduplication pool attached on a MSDp on backup VLAN (media-princ.domain.fr)
  • 3) I've tried to associate media-princ.domain.fr to the Storage Unit (PureDisk, dedup-pool) but it doesn't appear (i know that it must be a MSDP and not alonely a media server). Can i configure a second MSDP (with differents credentials and different name) on the same server ? i think no

Because MSDP is declared on hypervisor vlan, my responsible wants i re-install everything....

After such a big works, i'm desesperate in the idea to re-install everythings, i did all the research, test, and implementation alone, without help, this represent months of work, but in my test environnement, my media wasn't on multiple network, just on the hypervisor network, so i did the same configuration on my pre-production architecture and i think now this is a mistake to configure my MSDP on the hypervisor network

Thanks a lot in advance for your advices and solutions

3 REPLIES 3

RiaanBadenhorst
Moderator
Moderator
Partner    VIP    Accredited Certified

Hello

 

Let me say I don't like backup networks for the exact reasons posted above, its really really complicated and NetBackup's communications are also quite complex. None the less you'd like to do it so I'll give a suggestion that might resolve some issues.

 

What i would do is install the servers using the shortname, not FQDN. I always do this just in case someone wants to change domains at a later stage.

 

So as an example you'd have media server called media1, that might have two interfaces

10.10.10.10 media1.production.company.com

20.20.20.20 media1.backup.company.com

 

But it is still just called Media1, so there is no confusion about the name. 

 

In terms of the clients, if you'd like to access them via the backup network, they would need IPs/entries in the backup network too (xxx.backup.company.com). That would ensure they media server is going to contact them via 20 network. With this however you might find issue with applications like Exchange where the "DAG" name is used, but you could probably implement some workarounds for that.

 

I hope that helps/makes sense.

 

I would just bond the 10g and have 20g and drop all these complicated networks  :)

 

dav_tlse
Level 2

First of all, big thanks for your interesting answer.

the only problem it's just that the domain name is the same, it's a private domain name that we use for non external routable domain.

 

And the other question is:

Do my MSDP fqdn domain is in the good network ? i use the attached storage for the backup client (backup network) and VMWare backup (hypervisor network)

 

it seems that my FQDN's msdp should be in the backup network...

But i'm not sure about it

 

Thanks a lot

RiaanBadenhorst
Moderator
Moderator
Partner    VIP    Accredited Certified

Hi 

 

I dont think the dual names will work, or i don't how it will work. Other alternative you can use (on a small scale) is to use hosts files and specific routes.

 

In this scenario you'll place hosts files on the media and client

 

Media server will have entry that overrides any DNS and points to x.x.x.x for client A.

 

Client A will have a entry that points x.x.x.y for media.

 

Having the route ensure there are no other options to get to the media. This method gets a bit messy when you've got many clients as you'll have to manage the hosts files.