Network Mapping and Re-IP

[rogerdu]

I have a couple of questions for this... My client has 2 sites, geographically separate and they are acting as failover sites for the other. They share a common DNS scheme but each site has its own set of network IPs (Ethernet traffic, iSCSI1 and iSCSI2) that do not match the other site.

I get that I can setup IP mapping on a per VM basis (3 per VM). Do I also need to register the remote site VMs in DNS before hand?

Roger

[skrause]

How you set up your DNS is really up to you. We use short TTLs (2 minutes) on our VMs that we replicate and then we have changing the DNS pointer to the new IPs be part of our failover process. Since the entire spin-up process takes 3-5 minutes for us, that TTL gives the DNS changes ample time to take effect for clients before the service is back online.

Depending upon what you use to manage your DNS you could likely use some kind of pre-run script as part of your failover plan in Veeam that would change the DNS for you.

[rogerdu]

I believe we have DNS setup to dynamically register. I'm not sure what the mechanism is... will have to check with our AD expert. DNS is managed by our Active Directory servers, so integrated with Windows.

We don't have any Linux except the vCenter appliance which we plan to replicate. I'm guessing a pre-run script would have to do.

[skrause]

AD *should* automatically update DNS when the machine boots up if it is on the domain provided that the TCP/IP configuration in Windows says "register this connection in DNS". I have seen issues with AD DNS updates being slow, so you will probably want to do some testing ahead of time and work with your AD experts.

[rogerdu]

OK I verified that Windows systems will in fact re-register. I've also worked out a script fow Linux systems that will:
- remove a DNS record and the associated PTR record from the appropriate zone
- create a DNS A record and the associated PTR record in the appropriate zone

The follow up question then (again, not mentioned in the documentation) is whether the re-IP mapping mechanism will change the IP address of a Linux system... specifically the vCenter appliance?

Thanks in advance,

Roger

[foggy]

Re-IP is only supported for Windows VMs, but you can use custom scripts for Linux.

[rogerdu]

suggestion then to replicate the vCenter appliance? I'd have to check, but I'm not sure that you CAN log in as root or admin to use BASH commands...

[WRS2200]

Thank you for the post. This was very helpful.

[rogerdu]

Just did a quick search "VCSA 6 Appliance IP change"... The overwhelming reply was to redeploy.

le sigh...

Any other suggestions?

[foggy]

Have a second vCenter instance in the target site?

[rogerdu]

Part of the problem is that it also acts as the SSO instance... as vCenter is relatively easy to redeploy, and I have backups of the database, its not a biggie to redeploy... I was hoping for a quick fix and to use the awesome replication technologies of Veeam...

Thanks for the info!

[skrause]

If you are using replication as a means of a quick DR solution (minutes instead of hours), it is probably worth the extra licensing cost to have a second vCenter in the failover location where you target your replication jobs.

[push3r]

Or forget about Re-IP all-together and setup separate overlapping networks for each site for the purpose of Veeam DR, using site-to-site vpn (or whatever WAN techno you are using).

Re-IP is a huge headache and who knows whether any applications are happy with new IPs.

This is what we do with our DR design. We have a co-lo with the exact same network scheme as production (overlapping network) connected via site-to-site VPN. Just replicate from prod to dr. If we need to failover, just orchestrate them from a second Veeam's server at the dr site. No need to worry about Re-IP. Each site or Veeam server/proxy do know that the other side has the same IP scheme. They access each other via different IPs, of course, that are then double NATed from the firewalls.

Search the Veeam forum as I got the idea from a thread here. And look into setting up overlapping network setup between two sites. We do it with two different firewalls too, SonicWall and Cisco ASA.

Good luck.