- Posts: 76
- Liked: 16 times
- Joined: Dec 22, 2011 1:39 pm
- Full Name: Jorgen Eriksson
I have been playing around with some test's for using Veeam B&R and using ISCSI LUN's over internet (different ISP's also, customer- destination).
So far my test results are really good.
Customer 1 (One Hyper-V W2012 (4 VMS) ~40GB data (10Mbps internet Connection)
Customer 2 (One Hyper-V W2012 (2 VMS) ~100 GB data (100Mbps Internet Connection)
Destination Site (100Mbps Internet Connection)(FW + ISCSI Storage Equipment)
In Firewall i allowed ISCSI traffic from each Customer to pass to the ISCSI Storage, presented own LUN's to each customer)
Each LUN are presented @ the Customers Veeam B&R Server as an ordinary ISCSI local Drive.
I did some tests with different Backup Jobs Incremental, reversed etc .. for about 1 week now.
And it works really good, 10Mbps is a little slow but it's acceptable and works.
Customer 1 first Job Run:
Success 4 Start time 09:46:57 Total size 330,0 GB Backup size 35,5 GB
Warning 0 End time 18:44:49 Data read 76,5 GB Dedupe 1,1x
Error 0 Duration 8:57:52 Transferred 37,7 GB Compression 2,0x
Customer 1 second Job Run:
Success 4 Start time 10:01:37 Total size 330,0 GB Backup size 35,8 GB
Warning 0 End time 10:36:18 Data read 7,3 GB Dedupe 0,1x
Error 0 Duration 0:34:41 Transferred 728,4 MB Compression 2,0x
Customer 2 first Job Run:
Success 2 Start time 15:07:28 Total size 550,0 GB Backup size 24,3 GB
Warning 0 End time 15:48:55 Data read 55,1 GB Dedupe 1,0x
Error 0 Duration 0:41:27 Transferred 24,3 GB Compression 2,2x
Customer 2 second Job Run:
Success 2 Start time 10:37:30 Total size 550,0 GB Backup size 25,0 GB
Warning 0 End time 10:43:51 Data read 12,0 GB Dedupe 0,2x
Error 0 Duration 0:06:21 Transferred 651,6 MB Compression 2,4x
This is a really good way to get some backup jobs out off the customers Buildings for storage.
Some troubble i stumbled upon.
ISCSI doesn't seem to be really NAT Compliant, so if you are going to use the ISCSI storage behind and FW and using NAT, you need to have an ISCSI device which can handle multiple IP's.
You need to enter the public IP (which are natt:ed to the device in the FW) as a secondary IP @ the ISCSI storage device, else when you try to connect from the customer server and bring up the LUN's you will see them but you can't
connect, (it tries to connect to the Local IP the ISCSI storage device have on it's LAN port, and that will not work so good over the internet) So by "fooling" ISCSI when you enter a public IP (same that is nat:ed on the firewall) on the ISCSI storage device it will then show up in advanced settings in MS ISCSI and you can specifically force MS ISCSI to connect to that IP instead.
If you are using Public IP's directly on the ISCSI storage device there are no problems.
I have not tried this in VPN tunnels since i think it will bring unnecessary overhead, and backup Jobs ISCSI traffic is just a bunch of compressed 010101101 and if that traffic is sniffed
it still will be very difficult to compile and build readable data from the sessions i think (correct me if i'm wrong). Else it's possible to set up an VPN tunnel from the Customers site to the ISCSI storage device if you need to enhance the security.
Anyway i'm impressed by ISCSI resilience(in W2012, only OS i have tried this over internet), i accidentially turned off the ISCSI storage device for 24H, recieved Failure from Veeam Backup Logs of course, but after i turned on the ISCSI storage device i connected to the customer server the LUN's was visible instantly, retried the backup Jobs and all ran successfully. No need to reconnect ISCSI manually or need for restarting Veeam Services.
When i googled about using ISCSI over the internet i only got answers like NO NO NO .. avoid .. it will not work ..but those threads are a few years old so maybe ISCSI has been more resilience nowdays?
Anyway i'm very interested if anyone else have tried this? And what your results are (good/bad)?
- Veeam Software
- Posts: 15542
- Liked: 1184 times
- Joined: Oct 26, 2012 3:28 pm
- Full Name: Vladimir Eremin
Moreover, it appears that some of the users successfully use ISCSI over the internet without any issues. Even in ISCSI specification there is a line regarding such use case:
iSCSI is a way of connecting storage devices over a network using TCP/IP. It can be used over a local area network (LAN), a wide area network (WAN), or the Internet.
From my perspective, even if sniffed, the part of highly-compressed and deduplicated traffic can’t be put into any use.ISCSI traffic is just a bunch of compressed 010101101 and if that traffic is sniffed it still will be very difficult to compile and build readable data from the sessions
Hope this helps.
- Service Provider
- Posts: 26
- Liked: 2 times
- Joined: Jul 06, 2012 8:28 pm
- Full Name: Tucker Sukraw
I am attempting a similar setup. The LUN mounts correctly and all on the customer side. They have 10Mb upload speed but through put to the LUN only seems to be around 2-3Mb/s
Just curious is you saw any real decrease in speeds at times or if you were fairly stable on throughput.
Users browsing this forum: No registered users and 6 guests