-
- Novice
- Posts: 4
- Liked: never
- Joined: Dec 26, 2013 9:18 pm
- Full Name: Jeff Zuhlke
- Location: Wisconsin, USA
- Contact:
How should I configure my VPN tunnel to do off-site replicat
I would like to replicate VMs from my datacenter's (herein shortened to DC) ESXi hosts (x2) to a remote office's ESXi host (x1) for backup and DR purposes utilizing Backup and Recover 7 Standard (B&R). I have a private 3Mbps MPLS WAN link between the DC and the remote office but I don't want to saturate it with replication traffic. Since both sites have secondary Internet links as well (with much bigger pipes - business-class Time Warner cable circuits), I'd like to use these secondary Internet links for replication instead of our MPLS WAN link. Both sites have their own subnets.
I had my network consultant set up a VPN tunnel for me, utilizing the Time Warner cable circuits, based on the following information: I gave him the IP address of the Veeam B&R server in the DC, which happens to be a physical server, as well as the IP address of the B&R server at the remote office, which is a VM on the remote office's ESXi host. So as it stands now the ONLY traffic that goes through the VPN tunnel is traffic from the DC's B&R server IP address that is addressed to the remote office's B&R server IP address and vice versa.
I know that the VPN tunnel is working between those two IP addresses (remember, these are the two B&R servers) based on running a traceroute in order to see that it's taking the Time Warner path. The replication is working but it's running very slow (like 300Kbps). Then I had an epiphany...I bet there are other IP addresses involved for replication traffic since I'm guessing that not all of the replication traffic is solely going through the B&R's IP addresses.
So I guess my only question so far boils down to this: Are there other IP addresses that need to be included into the tunnel for replication in my scenario? Since my epiphany, I would think that there's also replication-related traffic happening between the ESXi hosts' IP addresses as well, especially since the remote office's B&R server is a VM. In case it matters, all three ESXi hosts use local storage.
I can definitely provide more information but I don't want to type too much right now that might not be relevant either.
Thanks for the help,
Jeff
I had my network consultant set up a VPN tunnel for me, utilizing the Time Warner cable circuits, based on the following information: I gave him the IP address of the Veeam B&R server in the DC, which happens to be a physical server, as well as the IP address of the B&R server at the remote office, which is a VM on the remote office's ESXi host. So as it stands now the ONLY traffic that goes through the VPN tunnel is traffic from the DC's B&R server IP address that is addressed to the remote office's B&R server IP address and vice versa.
I know that the VPN tunnel is working between those two IP addresses (remember, these are the two B&R servers) based on running a traceroute in order to see that it's taking the Time Warner path. The replication is working but it's running very slow (like 300Kbps). Then I had an epiphany...I bet there are other IP addresses involved for replication traffic since I'm guessing that not all of the replication traffic is solely going through the B&R's IP addresses.
So I guess my only question so far boils down to this: Are there other IP addresses that need to be included into the tunnel for replication in my scenario? Since my epiphany, I would think that there's also replication-related traffic happening between the ESXi hosts' IP addresses as well, especially since the remote office's B&R server is a VM. In case it matters, all three ESXi hosts use local storage.
I can definitely provide more information but I don't want to type too much right now that might not be relevant either.
Thanks for the help,
Jeff
-
- Chief Product Officer
- Posts: 31814
- Liked: 7302 times
- Joined: Jan 01, 2006 1:01 am
- Location: Baar, Switzerland
- Contact:
Re: How should I configure my VPN tunnel to do off-site repl
Replication traffic goes from source to target backup proxy server, plus you need to make sure that backup server can connect to both. That is all connectivity that is needed, the rest of communication happens within source and target datacenters.
-
- Veeam Software
- Posts: 21139
- Liked: 2141 times
- Joined: Jul 11, 2011 10:22 am
- Full Name: Alexander Fogelson
- Contact:
Re: How should I configure my VPN tunnel to do off-site repl
Jeff, please also see this thread outlining all the connections required for offsite replication. Thanks.
-
- Novice
- Posts: 4
- Liked: never
- Joined: Dec 26, 2013 9:18 pm
- Full Name: Jeff Zuhlke
- Location: Wisconsin, USA
- Contact:
Re: How should I configure my VPN tunnel to do off-site repl
Thanks for the replies. Foggy- The thread you pointed me to seems to answer my question but I have one clarification question. You mentioned in that thread that the BACKUP SERVER needs access to the components you mentioned. Which backup server are you referring to? The one that is initiating the replication job? Maybe it's just the terminology I have wrong, but would argue that I have two backup servers...one in the datacenter that initiates the jobs (source backup server) and has the backup proxy and repository and another backup server at the remote office (target backup server) that also contains a backup proxy and repository.
I learned that my network consultant set up the tunnel by using PBR (policy-based routing), so I'm hoping it doesn't get too complicated to add the five or so additional IPs that I need in order for all of the replication traffic to go across the VPN.
Thanks,
Jeff
I learned that my network consultant set up the tunnel by using PBR (policy-based routing), so I'm hoping it doesn't get too complicated to add the five or so additional IPs that I need in order for all of the replication traffic to go across the VPN.
Thanks,
Jeff
-
- Veeam Software
- Posts: 21139
- Liked: 2141 times
- Joined: Jul 11, 2011 10:22 am
- Full Name: Alexander Fogelson
- Contact:
Re: How should I configure my VPN tunnel to do off-site repl
It's the one that is initiating the replication job. Btw, you do not need a second full-blown Veeam B&R installation to handle replication, you just need a single backup server with the default proxy server and a second proxy server on the other side.
-
- Novice
- Posts: 4
- Liked: never
- Joined: Dec 26, 2013 9:18 pm
- Full Name: Jeff Zuhlke
- Location: Wisconsin, USA
- Contact:
Re: How should I configure my VPN tunnel to do off-site repl
Excellent. Thanks for the clarification and the tip regarding the unnecessary B&R server. Once I hear back from my consultant I'll see if I can implement the IP config changes. I'll reply back if I have any more questions.
I really appreciate the help.
Jeff
I really appreciate the help.
Jeff
Who is online
Users browsing this forum: No registered users and 34 guests