Host-based backup of VMware vSphere VMs.
Post Reply
ven
Influencer
Posts: 10
Liked: never
Joined: Jan 28, 2013 9:40 am
Full Name: venkat bommidi
Contact:

Veeam Replication from Prodution to DR

Post by ven »

Hi,

we are planning to configure Veeam replication first time in our VMware Infrastructure.
current we have 2 sites Production and DR and using different IP schema in DR site.
but with Veeam replication we are planning to use same IP addressesn DR site same as production including DHCP, DNS and AD servers.
does this work or does it conflict with IP and DNS name resolutions.
I couldn't find any document explained with using IP and DNS names.

thank you,

ven
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Veeam Replication from Prodution to DR

Post by Vitaliy S. »

Hi Ven,
ven wrote:does this work or does it conflict with IP and DNS name resolutions.
How have you connected these sites to each other? Do you have NAT configured?

Thanks!
ven
Influencer
Posts: 10
Liked: never
Joined: Jan 28, 2013 9:40 am
Full Name: venkat bommidi
Contact:

Re: Veeam Replication from Prodution to DR

Post by ven »

hi we connected these 2 sites with 1Gig dedicated link, and also we are not using any NAT.
thank you,

ven
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Veeam Replication from Prodution to DR

Post by Vitaliy S. »

Hold a second, I'm a bit confused...you're using different IP schemas but want to keep the same IP addresses?
ven
Influencer
Posts: 10
Liked: never
Joined: Jan 28, 2013 9:40 am
Full Name: venkat bommidi
Contact:

Re: Veeam Replication from Prodution to DR

Post by ven »

Hi,

sorry about my crap diagram which one link attached here...
http://3.bp.blogspot.com/-At2-Ki7wYXc/U ... apture.PNG
yes, we are using NAT, but that one configured by ISP to provide 1Gb dedicated link.
and our infrastructure can behave that oue DR site network also inside of our domain.

thank you,

ven
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Veeam Replication from Prodution to DR

Post by Vitaliy S. »

Hi Ven,

If you want to keep the same IP addressing for your source VMs, and still have direct access to your VMs hosted on the DR site, then surely you have to configure extra routing rules on your gateway. Your DR VMs should be accessible by different IP address from the main site (should be possible if you configure routing rules on your gateway), as otherwise you will have IP/MAC address conflict errors.

Thanks!
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Veeam Replication from Prodution to DR

Post by foggy »

To have fully automated failover, I'd suggest to use Re-IP feature for your replicated VMs.
ven
Influencer
Posts: 10
Liked: never
Joined: Jan 28, 2013 9:40 am
Full Name: venkat bommidi
Contact:

Re: Veeam Replication from Prodution to DR

Post by ven »

thank you guys... i would prefer Re-IP...

thank you,

venkat
dellock6
Veeam Software
Posts: 6137
Liked: 1928 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Veeam Replication from Prodution to DR

Post by dellock6 »

L2 connectivity between two sites as for sure this disadvantage of VM testing in DR, if you power up a VM on DR site it has the same address of the production one, and "thanks" to the stretched lan it can cause conflicts. One viable solution is maybe to use a stretched lan, but using different port groups on DR site, and having rules on the DR gateway to "fence" connectivity between the two sites, unless you invoke a real failover.
From a Veeam standpoint, this means using network remapping but skipping re-ip.

Luca.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
tom11011
Expert
Posts: 192
Liked: 9 times
Joined: Dec 01, 2010 8:40 pm
Full Name: Tom
Contact:

Re: Veeam Replication from Prodution to DR

Post by tom11011 »

We do what you are proposing. Our connection between the 2 sites is layer 3 via site-to-site vpn. Layer 2 would have obvious disadvantages with IP conflicts. Even if you have a direct link between the 2 sites, might consider breaking that up.

Our production network 192.168.1.X replicates to our DR management network 192.168.2.X, however our DR site is split into two networks which also includes a duplicate 192.168.1.X so we don't have to re-ip anything. Essentially, we have 2 networks at DR, management and actual DR.

Each subnet at the DR site has it's own firewall with its own default gateway.

If we have to switch to DR, very few things need to change at all, namely Active Directory DNS forwarders and a few minor items specific to us such as virtual citrix gateway appliances. The DR firewall is already pre-populated with the proper IP addresses and firewall rules. We simply make a change to external dns to point to the new external IP addresses in the event of a failover.

We have a defined DR plan that scripts everything out and we test this quarterly.
KiwiJJ
Expert
Posts: 105
Liked: 2 times
Joined: Feb 16, 2010 8:05 pm
Full Name: John Jones
Location: New Zealand

Re: Veeam Replication from Prodution to DR

Post by KiwiJJ »

That sounds exactly like I want to do, how does the replicated data move from the management subnet to the DR subnet to update the changed blocks ? Is the DR firewall not connected to the WAN until required ?
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Veeam Replication from Prodution to DR

Post by Vitaliy S. »

KiwiJJ wrote:how does the replicated data move from the management subnet to the DR subnet to update the changed blocks ?
Not sure I understand the question, but you surely have a gateway that routes all the traffic to the DR site, and most likely you have NAT configured between your sites.
KiwiJJ wrote:Is the DR firewall not connected to the WAN until required ?
I believe it should be connected in any case and you need to open the corresponding ports to let Veeam traffic go through this firewall.
dellock6
Veeam Software
Posts: 6137
Liked: 1928 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Veeam Replication from Prodution to DR

Post by dellock6 »

John, you mean how do you manage a L2 disaster recovery site?
Well, from a network stadnpoint, the broadcast domain (subnet) is spreaded between both sites, so there is no routing or natting betweek them. At one point, the same Ip address can be used in each site. The problem is, the same IP cannot be powered on in both site because they act as a stretched LAN and they will give you duplicate error.
To solve this, you can test replica VM by creating a dedicated port group on DR cluster, and poweron replica VM connected in this way. At every replica run, vmx configuration will be overwritten so when needed the replica VM will start with the same configuration as in production, regardless the changes you made to do the tests.

Luca.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
KiwiJJ
Expert
Posts: 105
Liked: 2 times
Joined: Feb 16, 2010 8:05 pm
Full Name: John Jones
Location: New Zealand

Re: Veeam Replication from Prodution to DR

Post by KiwiJJ »

Thanks Vitaliy and Luca,
I'm trying to decide between using different subnets at each site or strecthing the LAN to the DR site. If I use a stretched LAN can I leave the VM's powered down but still replicate the changed blocks ?
I will have a workstation at the DR site that will contain the Veeam repository and backup proxy, and a single ESXi server with local storage

What do other people use, different subnet over a VPN or the streched lan over a VPN ?

thanks,

John
Drewskii
Novice
Posts: 6
Liked: never
Joined: Dec 20, 2012 3:00 am
Full Name: Andrew Bray
Contact:

Re: Veeam Replication from Prodution to DR

Post by Drewskii »

One of my bigger clients has a 10gb link to their DR on the other side of the block (8KM) and use the same subnet. We do this for a couple of reasons:
1. DNS servers are IP based and doing a re-IP wouldn't work
2. If we want to only do a partial fail, we don't have to Change NAT rules for the entire subnet, we can just bring up the affected VM(s) on the other cluster
3. Well, it's just easier!

As others have mentioned, if you want to do testing on the replicas, just pop them into an isolated (or NATTED) network, power on and test.

Hope that helps!

Drew
KiwiJJ
Expert
Posts: 105
Liked: 2 times
Joined: Feb 16, 2010 8:05 pm
Full Name: John Jones
Location: New Zealand

Re: Veeam Replication from Prodution to DR

Post by KiwiJJ »

Hi Drew,
Thanks for that, sounds like that is the easier route rather than doing all the re-ip stuff. Our DNS is IP based as well.
I have quotes coming from the telecoms supplier for a 5MB WAN so will see what the costs are like.

So I take it that their VM's are powered down until required ? and that they replicate the changed blocks to the powered off VM's

John
veremin
Product Manager
Posts: 20270
Liked: 2252 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: Veeam Replication from Prodution to DR

Post by veremin »

There are no issues related to replicating changed blocks to powered off VMs. Actually, replicated VMs stay shutdown till the moment failover is taking place.

Probably, you’re confusing it with the fact that CBT cannot be enabled on powered off VMs. However, your situation is slightly different - you’re replicating to shutdown VMs and not from. So, abovementioned problem shouldn’t bother you.

Hope this helps.
Thanks.
KiwiJJ
Expert
Posts: 105
Liked: 2 times
Joined: Feb 16, 2010 8:05 pm
Full Name: John Jones
Location: New Zealand

Re: Veeam Replication from Prodution to DR

Post by KiwiJJ »

Thanks Vladimir,
That answers my question

cheers,

John
Post Reply

Who is online

Users browsing this forum: Bing [Bot] and 89 guests