Comprehensive data protection for all workloads
Post Reply
christiankelly
Service Provider
Posts: 116
Liked: 7 times
Joined: May 06, 2012 6:22 pm
Full Name: Christian Kelly
Contact:

Veeam replication resiliency through a VPN that renegotiates

Post by christiankelly » Jun 29, 2012 5:25 am

I was hoping that 6.1 was going to fix this however I’m still having trouble with Veeam replication through a VPN tunnel that occasionally drops and rebuilds. When that happens the job fails and I get an error: Error: Client error: Exception of type 'Veeam.Backup.AgentProvider.AgentClosedException' was thrown.

The drop is under 60 seconds while the VPN tunnel renegotiates and I don’t see why Veeam can’t take that kind of delay. I’m replacing some Equallogic SAN-2-SAN replication jobs with Veeam and the Equallogic jobs can deal with the tunnel renegotiation without starting over but Veeam can’t seem to.

Is there anything on the horizon that would address this?

Thanks,

foggy
Veeam Software
Posts: 18264
Liked: 1561 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: Veeam replication resiliency through a VPN that renegoti

Post by foggy » Jun 29, 2012 9:05 am

Christian, yes, we do plan to add resume transfer functionality down the road. Currently, Veeam B&R can resist to very bad connections and minor packet loss but if the connection is dropped, the job fails and the data is retransferred during the next job run.

christiankelly
Service Provider
Posts: 116
Liked: 7 times
Joined: May 06, 2012 6:22 pm
Full Name: Christian Kelly
Contact:

Re: Veeam replication resiliency through a VPN that renegoti

Post by christiankelly » Jun 29, 2012 2:44 pm

That's good news. Some jobs are LONG. I have a job that takes about 12+ hours so being able to withstand a dropped tunnel is important because if it fails it even takes longer the next time.

tsightler
VP, Product Management
Posts: 5420
Liked: 2243 times
Joined: Jun 05, 2009 12:57 pm
Full Name: Tom Sightler
Contact:

Re: Veeam replication resiliency through a VPN that renegoti

Post by tsightler » Jun 29, 2012 3:04 pm 3 people like this post

Even today Veeam can actually survive fairly long periods of outages, however, typically when there is a complete loss it means that some network device (possibly the VPN device itself) reported the loss of the connection via an ICMP "destination unreachable". This will signal Windows to close the TCP connection and unfortunately, as stated above, right now there is no resume function. You can sometimes work around these by filtering out the ICMP "destination unreachable" messages from the Windows proxies using the Windows firewall, at which point the link becomes subject to TCP timeouts only, which are generally quite long.

You can also use a product like Hyper-IP, which uses techniques like ICMP suppression and TCP keepalives to help TCP connections survive link outages. It's quite effective.

All of that being said, 60 seconds to renegotiate a VPN connection seems pretty long, might want to look at ways to reduce that time.

Post Reply

Who is online

Users browsing this forum: Bing [Bot], PattyT and 18 guests