Direct Restore to Microsoft Azure | VeeamPN software-defined networking
Post Reply
homerjnick
Expert
Posts: 211
Liked: 35 times
Joined: Feb 20, 2012 4:13 pm
Full Name: Nick Mahlitz
Contact:

Can Veeam PN assist with this?

Post by homerjnick » May 30, 2019 10:45 am

Hi...just looking for some general pointers.

In our private data centre we have subnets dedicated for Application servers. We have a site to site VPN connection to Azure where we have different subnets and we have used ASR to replicate VM's to it.

No issue with that except a lot of the applications are legacy and break when its IP is changed. The inter-dependency between these application servers is too much work when invoking DR in terms of testing.

We can use ASR to failover an entire subnet from private DC to Azure but then the whole subnet has to go and that means every Application server and thus no single VM testing.

Could Veeam PN achieve what we want? In that we have the same subnets in Azure and private DC and invoke DR on a single VM in Azure that has its original IP...can Veeam PN do a form of NAT with the possible requirement of manual routing?

HannesK
Veeam Software
Posts: 3698
Liked: 441 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Can Veeam PN assist with this?

Post by HannesK » May 31, 2019 5:43 am

Hello,
nope, it's not possible to create a transparent layer 2 tunnel between Azure and your local DC.

Best regards,
Hannes

PS: stretched layer 2 is something which Veeam Cloud Service providers with Veeam Replication can do...

anthonyspiteri79
Veeam Software
Posts: 597
Liked: 139 times
Joined: Jan 14, 2016 6:48 am
Full Name: Anthony Spiteri
Location: Perth, Australia
Contact:

Re: Can Veeam PN assist with this?

Post by anthonyspiteri79 » May 31, 2019 7:55 am 1 person likes this post

Nick, as Hannes mentioned we can't do l2 tunnels or have overlapping IPs between sites.

I am a little more interested in your process above for failing over the one VM. With Veeam PN you can configure an IP Translation rule and map a local IP to one in Azure that could be the replicated VM. When that is set, anything trying to reach the local IP is proxied through the Veeam PN SiteGateway to the IP in Azure. It's not exactly what you are after, but if you able to sustain a change of IP on the target end... it might do the trick.

Further from that... you will need to look at some form of l2 tunnel to stretch the subnet across sites.
Anthony Spiteri
Global Technologist, Product Strategy | VMware vExpert
Email: anthony.spiteri@veeam.com | Mobile: +61488335699
Twitter: @anthonyspiteri | Skype: anthony_spiteri

homerjnick
Expert
Posts: 211
Liked: 35 times
Joined: Feb 20, 2012 4:13 pm
Full Name: Nick Mahlitz
Contact:

Re: Can Veeam PN assist with this?

Post by homerjnick » Jun 11, 2019 10:26 am

Can you clarify this for me? I have a Veeam PN in my DC that translates a local IP and sends it to the replicated VM in Azure? So if I had a VM on 10.3.30.55/24 in my DC, replicated it to Azure so its IP was 10.3.130.55/24 I can have an IP translation rule in the Veeam PN to say everything in my DC trying to contact 10.3.30.55/24 head over to Azure and speak to 10.3.130.55/24?

That works for me in the Application stack and I just need to re-IP the replicated VM.

Is that what you mean?

Nick
Nick, as Hannes mentioned we can't do l2 tunnels or have overlapping IPs between sites.

I am a little more interested in your process above for failing over the one VM. With Veeam PN you can configure an IP Translation rule and map a local IP to one in Azure that could be the replicated VM. When that is set, anything trying to reach the local IP is proxied through the Veeam PN SiteGateway to the IP in Azure. It's not exactly what you are after, but if you able to sustain a change of IP on the target end... it might do the trick.

Further from that... you will need to look at some form of l2 tunnel to stretch the subnet across sites.
So a Veeam Cloud Service provider with Veeam Replication can do this for us? I'll need to check that out.
HannesK wrote:
May 31, 2019 5:43 am
Hello,
nope, it's not possible to create a transparent layer 2 tunnel between Azure and your local DC.

Best regards,
Hannes

PS: stretched layer 2 is something which Veeam Cloud Service providers with Veeam Replication can do...

HannesK
Veeam Software
Posts: 3698
Liked: 441 times
Joined: Sep 01, 2014 11:46 am
Location: Austria
Contact:

Re: Can Veeam PN assist with this?

Post by HannesK » Jun 12, 2019 7:08 am

Hello,
yes, it's about IP translation (NAT). It's a common (or ugly, your choice ;-)) technology to deal with duplicate subnets in a network. It's about translation rules

From your posts, I cannot identify which application / VMs cannot deal with new IPs. So the translation rules is just an idea. It does not guarantee that this works.

I'm thinking about my initial post again: the stretched layer 2 tunnel I mentioned is only built for (temporary) failover. It's not built as a "permanent" design. Internet service providers should have proper technology for stretched layer 2. Their housing capabilities might be better suitable for your use case.

Best regards,
Hannes

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests