Host-based backup of VMware vSphere VMs.
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Replication Design VLANS

Post by tfloor »

Hello,

I'm busy to create a DR site for backup copy jobs and replication jobs.

This is the sketch: http://gyazo.com/b8a1c507e48d16fcd4831ce513f821c7

The Main site productions servers are almost in the same vlan. and using the 10.10.x.x adresses. except the DMZ

I want to get an idea of how it has to be on the DR site.
The vm's are replicated and need to hold their original ip adresses.
So do you need to put the whole DR site in another VLAN. inclusing esxi servers / storage / proxy servers?
But i also have to send backup copy jobs to the same site. (so replica and backup jobs).

Can someone give me an idea of how it should be configured in this situation.

Thanks.
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

in this example the proxy servers have 2 network cards.
http://www.cragdoo.co.uk/veeam-replicat ... -1-design/

One for the management (production vlan) and one for the communication to the proxy on the DR site.
And from DR to the main the same.
dellock6
Veeam Software
Posts: 6137
Liked: 1928 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Replication Design VLANS

Post by dellock6 »

Hi Tristan,
if the main constraint is "need to hold original IP addresses" then you need to have a Layer2 connection between sites, and re-create the same networks at DR sites. It's not mandatory to have the same VLANs at both sites if the network is able to route the same subnet in different VLANS, but usually the most common design is to have a VLAN with its own IP subnet.

Luca.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

It is normal to hold the original ip adresses for the vm's isn't it. Otherwise vm's do have problems booting when ip adress changed.
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Replication Design VLANS

Post by Vitaliy S. »

There might be problems with routing, but not with server booting. Based on the existing topics, many customers are using RE-IP function on the DR site, and configure routing between main and DR sites that are using different subnets.
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

Vitaliy S. wrote:There might be problems with routing, but not with server booting. Based on the existing topics, many customers are using RE-IP function on the DR site, and configure routing between main and DR sites that are using different subnets.

I think i don't understand it.

For example i have an exchange server on the Main site.
Replicate it to the DR.
Then you don't want to boot the exchangeserver on the DR site with a different ip adress?

Changing Hostnames/ip adresses is not good for most windows applications/services.
Vitaliy S.
VP, Product Management
Posts: 27055
Liked: 2710 times
Joined: Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov
Contact:

Re: Replication Design VLANS

Post by Vitaliy S. »

I agree on the hostname part, but not on the IP address (assuming DNS service is configured). Basically, different IP addresses on the main/DR sites was the main reason why we have introduced this option for replica failover feature.
dellock6
Veeam Software
Posts: 6137
Liked: 1928 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Replication Design VLANS

Post by dellock6 »

I agree with Vitaliy, usually applications works quite well with IP changes. Windows has no problem in booting up,check the IP has changed, and if joined to an Active Directory, dinamically update its DNS records. If you go on calling servers by name, you would easily get connected to the new IP but same name.
I've seen really few workloads having problems with re-ip.
If you can create a Layer3 VPN, it's really much more simple to configure and manage.

Luca.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

We will get a direct private 1 GB line, no vpn

But i still don't understand the design.
Is there any more good documentation about this?
dellock6
Veeam Software
Posts: 6137
Liked: 1928 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Replication Design VLANS

Post by dellock6 » 1 person likes this post

Ah, got it, sorry I was thinking about a vpn.
So definely yes, you can stretch your VLANs across the link, forget what I said before. Basically you will have two switches at both ends of the connection, and you will configure all your VLANs also on that trunk, and then also at the other side of the link. Think of it just like a ethernet cable, only a bit more long :)

If instead you mean instructions on how to create this, it will depend on the networking hardware you will use... but the theory is simple VLAN publishing on the trunk and on the switches of the DR site.

Luca.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

dellock6 wrote:Ah, got it, sorry I was thinking about a vpn.
So definely yes, you can stretch your VLANs across the link, forget what I said before. Basically you will have two switches at both ends of the connection, and you will configure all your VLANs also on that trunk, and then also at the other side of the link. Think of it just like a ethernet cable, only a bit more long :)

If instead you mean instructions on how to create this, it will depend on the networking hardware you will use... but the theory is simple VLAN publishing on the trunk and on the switches of the DR site.

Luca.
Yes it's a long ethernet cable haha.
So we have to create the same vlan networks on the DR site as we have on the main site.
But then? , There must be still something to seperate the Dr site from the main site, to get no ip-conflicts.
Or do you mean, Make everything the same, except the ip adress range of the vm's on the DR site. But i prefer not to change ip adresses of vm's because of connections based on ip instead of dns. :S

So is there another best practice to seperate it, and still have failover/failbox options.

I hope i will get a good idea soon of this design. :)
dellock6
Veeam Software
Posts: 6137
Liked: 1928 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Replication Design VLANS

Post by dellock6 » 1 person likes this post

This is another request however, you where talking about DR,so it's supposed the same VM is powered on only in one site, not all of them at the same time.

So, you have two different situations:

- when testing DR, use additional vsphere port groups with different vlans so they do not collide with production. First of all, change portgroups on the DR virtual machines,power on the VMs and test all of them. No connection/routing with production. And during the next Veeam replica, the portgroup will be reverted to the production one, since the vmx configuration file will be overwritten with the original from production.

- when in real DR, yes create the same VLANs / portgroups /subnets in DR, and power up a VM there if the production version is down and cannot be restored. To failover/failback, the two sites needs to be connected and talk each other, there will be something to sync the prod VM and its DR copy. In this situation is a Veeam Server, where you can start both the failover and the failback.

Luca.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

dellock6 wrote:This is another request however, you where talking about DR,so it's supposed the same VM is powered on only in one site, not all of them at the same time.

So, you have two different situations:

- when testing DR, use additional vsphere port groups with different vlans so they do not collide with production. First of all, change portgroups on the DR virtual machines,power on the VMs and test all of them. No connection/routing with production. And during the next Veeam replica, the portgroup will be reverted to the production one, since the vmx configuration file will be overwritten with the original from production.

- when in real DR, yes create the same VLANs / portgroups /subnets in DR, and power up a VM there if the production version is down and cannot be restored. To failover/failback, the two sites needs to be connected and talk each other, there will be something to sync the prod VM and its DR copy. In this situation is a Veeam Server, where you can start both the failover and the failback.

Luca.
So what's the normal vm powerstate for replicated vm's ? Are the turned on by default or turned off. Because i was thinking the are running all. Or do i make it more difficult than it is.
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Replication Design VLANS

Post by foggy »

Replica VMs are always turned off, until you decide to fail over to them.
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

foggy wrote:Replica VMs are always turned off, until you decide to fail over to them.
Ahhhh that explains!. that's why i had the brain problems with vlan's
But it isn't that complicated isn't it?

So i can make the DR site vlan's identical as on the main. Like it is one big datacenter, but with the vm's turned off at the DR site.
And i will an extra DR vlan, for testing pupose so i can bring the vm's up within a isolated lan and test things
And when i need to recover i can bring the DR vm's up and running attached to the production vlan's.

Do i make some progress?
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Replication Design VLANS

Post by foggy »

Yes. And to be able to perform failover/failback operations via Veeam B&R UI in case of DR, set up Veeam B&R instance responsible for replication in DR site.
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

So the veeam backup server on the main site and the DR site do have their own database.
managing seperate!
Or can i manage it from 1 console?
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Replication Design VLANS

Post by foggy »

No, different instances of Veeam B&R have their own separate SQL databases. However, different instances of Veeam B&R can be managed from a single Enterprise Manager console.
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

foggy wrote:No, different instances of Veeam B&R have their own separate SQL databases. However, different instances of Veeam B&R can be managed from a single Enterprise Manager console.
Allright thats all great information.
I have enough information to make a begin.

Thanks for all the good replies. The power of this forum.
foggy
Veeam Software
Posts: 21069
Liked: 2115 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Replication Design VLANS

Post by foggy »

You're welcome. Feel free to ask for any additional clarification, if required.
dellock6
Veeam Software
Posts: 6137
Liked: 1928 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Replication Design VLANS

Post by dellock6 »

And as a last addition to the design, you can leverage the new SureReplica feature to actually tests your DR, using a Virtual Lab in the DR site you will be able to power up the VMs with changes settings (like the portgroups) and also receive a nice report showing everything is working, and ready when you will eventually need them.

Luca.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

dellock6 wrote:And as a last addition to the design, you can leverage the new SureReplica feature to actually tests your DR, using a Virtual Lab in the DR site you will be able to power up the VMs with changes settings (like the portgroups) and also receive a nice report showing everything is working, and ready when you will eventually need them.

Luca.
Luca,

Sounds great indeed. Then you do not a seperate test vlan in that use case.
Thanks. I'll keep in mind.
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

Additional question:

How about the settings like the default gateway inside a VM.
In our case the Core switch is the default gateway. But on the DR site, the core switch get another IP, correct? . So in a disaster recovery the replicated VM can't find the default gateway isn't it?
dellock6
Veeam Software
Posts: 6137
Liked: 1928 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Replication Design VLANS

Post by dellock6 »

The RE-IP process is part of the configuration of the replica job, so when you power up the VM at DR site you should already have everything already configured properly. Also, during tests in SureReplica the Virtual Lab appliance can be configured to "fake" the gateway IP.

Luca.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

dellock6 wrote:The RE-IP process is part of the configuration of the replica job, so when you power up the VM at DR site you should already have everything already configured properly. Also, during tests in SureReplica the Virtual Lab appliance can be configured to "fake" the gateway IP.

Luca.
Luca,

Since it is a direct gigabit line to the DR site, i want to have the same ip's and subnets for the vm's.
Is it possible to let veeam only change the Default gateway of the VM's using re-ip?
dellock6
Veeam Software
Posts: 6137
Liked: 1928 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Replication Design VLANS

Post by dellock6 »

Hum, never tested honestly, I quickly checked in my lab however and sounds is possible indeed. You create a rule and configure both source and destination subnets to be the same, and you set the new default gateway. The rule creation wizard will give you a warning about the two subnets being the same, but you can accept it and go on.

Luca.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

dellock6 wrote:Hum, never tested honestly, I quickly checked in my lab however and sounds is possible indeed. You create a rule and configure both source and destination subnets to be the same, and you set the new default gateway. The rule creation wizard will give you a warning about the two subnets being the same, but you can accept it and go on.

Luca.
Oke So that's possible. Good to hear.
But it looks like something is telling me this isn't a common scenario.
Do i miss something?
dellock6
Veeam Software
Posts: 6137
Liked: 1928 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: Replication Design VLANS

Post by dellock6 »

Well, it all comes down to the network configuration you have in your own environment, gladly Veeam is able to adapt to several situations.
It's not the first time I see a L2 vlan where gateway is not the same in the two sides. Probably some network vendor has a feature to set the same IP address at both ends, but I'm not a network guy, only a "consumer" if it, so I do not know.

Luca.
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2022
Veeam VMCE #1
tfloor
Veteran
Posts: 270
Liked: 15 times
Joined: Jan 03, 2012 2:02 pm
Full Name: Tristan Floor
Contact:

Re: Replication Design VLANS

Post by tfloor »

dellock6 wrote:Well, it all comes down to the network configuration you have in your own environment, gladly Veeam is able to adapt to several situations.
It's not the first time I see a L2 vlan where gateway is not the same in the two sides. Probably some network vendor has a feature to set the same IP address at both ends, but I'm not a network guy, only a "consumer" if it, so I do not know.

Luca.
Indeed you are correct.
I will trial and error when i setup the whole scenario.
Thank you
spsims
Lurker
Posts: 1
Liked: 1 time
Joined: Apr 25, 2011 7:15 pm
Full Name: Stuart Sims
Contact:

Re: Replication Design VLANS

Post by spsims » 1 person likes this post

Coming in late to this thread.

We duplicate our entire design at our DR site. Identical VLAN, identical subnets, everything. We use Veeam to replicate everything to the DR site.

During DR, the primary site is DOWN, so there is no problem with duplicate subnets. One of the steps in the DR process is to connect to the DR routers and "no shutdown" the "datacenter" subnet and VLANs. All of the replicated machines keep their normal IP addresses. The routers figure out the changed location of the "datacenter" subnet through normal routing protocols - typically the switchover happens within a few seconds of "bringing up" the DR site. Starting all the replicated virtual machines takes substantially longer.

The duplicate DR site design makes DR much simpler, no DNS changes, VLAN numbers all the same. The only caveat is that we cannot run the DR site and the primary site at the same time.

The DR site is normally used for software development (on a different subnet/vlan) so the equipment is already powered up and ready to go.
Post Reply

Who is online

Users browsing this forum: Google [Bot], uszy and 90 guests