How to use Backup LAN?

[Yukinobu]

Hi,

We think that adding a NIC to Veeam Proxy and using /network/interfaces to set up a backup LAN.
However, if both are connected, does Veeam use which network for data transfer to repository, can I specify the preferred network segment?

And Is the number of concurrent tasks of Veeam Proxy for Nutanix limited?

Kind Regards,
Yukinobu Asami

[Vitaliy S.]

Hi,

You can add a new NIC to the proxy server, but to control which network will be used to transfer data traffic you need to set this up on the guest OS level. For example, if your repository is accessible over a certain network, then it will be used. If multiple networks can be used, then the selection will be done according to the OS config (for Windows servers it is defined by a "hosts" file, for Linux it is "iptables").

Thanks!

[Yukinobu]

Hi Vitaliy,

Thank you!

[tedsteenvoorden]

Hi,

You can add a new NIC to the proxy server, but to control which network will be used to transfer data traffic you need to set this up on the guest OS level. For example, if your repository is accessible over a certain network, then it will be used. If multiple networks can be used, then the selection will be done according to the OS config (for Windows servers it is defined by a "hosts" file, for Linux it is "iptables").

Thanks!

We like to separate the backup traffic from the Nutanix management traffic. As the AHV proxy needs to communicate with the Nutanix network for the volumes group services, is it possible to add a second vNIC to the AHV proxy which is connected to the backup network and communicates with the backup proxy? If this is possible, is this a supported setup?

Best regards,
Ted

[ronnmartin61]

@tedsteenvoorden Unless something has changed recently that I'm unaware of only a single NIC selection is supported for the AHV proxy VM.

[tedsteenvoorden]

Hello Ronmartin, thanx for your feedback. It was not quite clear to me because Vitaliy mentioned in the post above, you can add a new nic to the proxy server?!

[ronnmartin61]

For most proxy types that is correct however not for the AHV proxy...

[tedsteenvoorden]

Thanx!

[tedsteenvoorden]

@ronnmartin61

Does Veeam for AHV support Nutanix network segmentation of the volumes traffic? This way it would be possible to separate the iSCSI traffic between the AHV proxy and the Nutanix nodes form the management network into another network segment and make it possible to realize a dedicated backup network.

[arogarth]

We also have separate networks for backup traffic and it works well.

1. Attach 2 NICs for the Proxy - one for management and access, one for backup traffic
2. Overwrite FQDN with Backup IP on VEEAM Server AND AHV Proxy

Note: It would be easier to manage it using automatism like ansible or something else.

We run 6 different AHV Clusters with one proxy on each - All Backup Traffic is going over a separate Network Infrastructure

Best regards,
ARO

[tedsteenvoorden]

Hello ARO,

That's good to hear and I am very interested in your solution. Is the first NIC in the management LAN and the second NIC in the backup LAN? How do you give the second NIC it's ip configuration. I think the AHV Proxy GUI does not support configuration of the second nic? So via shell?

What exactly do you mean with point 2? Changing the host file of the backup server and AHV proxy with the FQDN's of the backup server and AHV proxy and their IP adres in the backup LAN?

Best regards,
Ted

[arogarth]

Hey Ted,

yes - NIC1 is for management ans NIC2 for Backup traffic - The second IP has to be configured via shell `ip add add 1.2.3.4/24 dev eth1`

In our infrastructure the VEEAM Server as also two interfaces - One for Management and one to connect to the backup subnet. VEEAM connects to the Proxy using the Hostname - Normally the FQDN is registered at the DNS as the Management ip. So, to tell VEEAM to connect to the Proxy to use the Backup-IP and not the Management IP you have to override the FQDN with the Backup-IP using the hosts-file - on both sides

Best regards,
ARO

[tedsteenvoorden]

Hello Aro, thanx for further explanation. Did you ever had support trouble with Veeam support, using this setup (multi-homed AHV proxy)?

[arogarth]

Support for this constellation is luck

[taurus1978]

Hello Community,

Is it possible to use different networks for NUTANIX Cluster Management and NUTANIX Cluster iSCSI data transfer networks. ?
We have a situation where we need to separate networks for backup and management and we want to put the AHV Proxy Appliance into the backup network.
And want only the cluster management connection go over the firewalls.
Backup traffic should stay local in the backup network.

Our solution approach right now:
Configure an additional iSCSI Adress on the NUTANIX cluster(s) which is homed in the backup network.
So that the NUTANIX Proxy Appliance has to connect to the PRISM management address over the firewalls.

Happy to hear from the community if there is any concern to this approach. Or if we should keep additional things in mind.

Thank you.

[HannesK]

Hello,
please see above

Question: what is the advantage for you in having two interfaces?

Two interfaces connected to two networks create a bridge between the two networks, that is outside control of the firewall. I heard from customers doing that, because they undersized the firewall. But fo management traffic, that should not be the reason.

Best regards,
Hannes

[taurus1978]

Helle @HannesK

thx for the reply.The main reason why we need to split the network traffic is beacause of the customers security policies. They have different security zones and segmented those zones using vlan and mulktiple firewalls between zones. And yes the FW's are limited in network traffic. . So the situation is that the nutanix cluster management IPs are in the management network. And all the backup proxies/repos/servers are in the backup VLAN. And we cannot put backup load onto the management LAN. The only traffic that we pull over the FW ist the management connection to the PRISM management ports of the clusters.

[petitbleu]

I will have an infra veeam or I will have segmentation. That is to say that the network with the data service is on an isolated vlan and not routed because I have nutanix volumes.
I read again the doc and from my point of view the proxy needs access to this interface.
Is it possible to add a second interface on the AHV proxy?

[Mildur]

Hi Manuel

I moved your question to this topic.
Please see the previous answers. It's possible but not supported.

Best,
Fabian

[petitbleu]

I will have to review the architecture that was sold because I do not put in production a solution not supported by veeam. I think it would be interesting to put a warning in the documentation that the segmentation is not supported. The segmentation is especially useful when we do nutanix volume to not have the iscsi network on the same interfaces as the management of the solution nutanix.
Especially since in a veeam solution on vmware you can have a proxy with an interface to be reachable with the server and an interface for access to iscsi or nfs for direct access to storage.