Discussions specific to the VMware vSphere hypervisor
Post Reply
jeffzuhlke
Novice
Posts: 4
Liked: never
Joined: Dec 26, 2013 9:18 pm
Full Name: Jeff Zuhlke
Location: Wisconsin, USA
Contact:

How should I configure my VPN tunnel to do off-site replicat

Post by jeffzuhlke » Dec 26, 2013 11:37 pm

I would like to replicate VMs from my datacenter's (herein shortened to DC) ESXi hosts (x2) to a remote office's ESXi host (x1) for backup and DR purposes utilizing Backup and Recover 7 Standard (B&R). I have a private 3Mbps MPLS WAN link between the DC and the remote office but I don't want to saturate it with replication traffic. Since both sites have secondary Internet links as well (with much bigger pipes - business-class Time Warner cable circuits), I'd like to use these secondary Internet links for replication instead of our MPLS WAN link. Both sites have their own subnets.

I had my network consultant set up a VPN tunnel for me, utilizing the Time Warner cable circuits, based on the following information: I gave him the IP address of the Veeam B&R server in the DC, which happens to be a physical server, as well as the IP address of the B&R server at the remote office, which is a VM on the remote office's ESXi host. So as it stands now the ONLY traffic that goes through the VPN tunnel is traffic from the DC's B&R server IP address that is addressed to the remote office's B&R server IP address and vice versa.

I know that the VPN tunnel is working between those two IP addresses (remember, these are the two B&R servers) based on running a traceroute in order to see that it's taking the Time Warner path. The replication is working but it's running very slow (like 300Kbps). Then I had an epiphany...I bet there are other IP addresses involved for replication traffic since I'm guessing that not all of the replication traffic is solely going through the B&R's IP addresses.

So I guess my only question so far boils down to this: Are there other IP addresses that need to be included into the tunnel for replication in my scenario? Since my epiphany, I would think that there's also replication-related traffic happening between the ESXi hosts' IP addresses as well, especially since the remote office's B&R server is a VM. In case it matters, all three ESXi hosts use local storage.

I can definitely provide more information but I don't want to type too much right now that might not be relevant either.

Thanks for the help,
Jeff

Gostev
SVP, Product Management
Posts: 24643
Liked: 3470 times
Joined: Jan 01, 2006 1:01 am
Location: Baar, Switzerland
Contact:

Re: How should I configure my VPN tunnel to do off-site repl

Post by Gostev » Dec 27, 2013 12:21 am 1 person likes this post

Replication traffic goes from source to target backup proxy server, plus you need to make sure that backup server can connect to both. That is all connectivity that is needed, the rest of communication happens within source and target datacenters.

foggy
Veeam Software
Posts: 18158
Liked: 1542 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: How should I configure my VPN tunnel to do off-site repl

Post by foggy » Dec 27, 2013 8:47 am 1 person likes this post

Jeff, please also see this thread outlining all the connections required for offsite replication. Thanks.

jeffzuhlke
Novice
Posts: 4
Liked: never
Joined: Dec 26, 2013 9:18 pm
Full Name: Jeff Zuhlke
Location: Wisconsin, USA
Contact:

Re: How should I configure my VPN tunnel to do off-site repl

Post by jeffzuhlke » Dec 27, 2013 4:04 pm

Thanks for the replies. Foggy- The thread you pointed me to seems to answer my question but I have one clarification question. You mentioned in that thread that the BACKUP SERVER needs access to the components you mentioned. Which backup server are you referring to? The one that is initiating the replication job? Maybe it's just the terminology I have wrong, but would argue that I have two backup servers...one in the datacenter that initiates the jobs (source backup server) and has the backup proxy and repository and another backup server at the remote office (target backup server) that also contains a backup proxy and repository.

I learned that my network consultant set up the tunnel by using PBR (policy-based routing), so I'm hoping it doesn't get too complicated to add the five or so additional IPs that I need in order for all of the replication traffic to go across the VPN.

Thanks,
Jeff

foggy
Veeam Software
Posts: 18158
Liked: 1542 times
Joined: Jul 11, 2011 10:22 am
Full Name: Alexander Fogelson
Contact:

Re: How should I configure my VPN tunnel to do off-site repl

Post by foggy » Dec 27, 2013 4:08 pm

It's the one that is initiating the replication job. Btw, you do not need a second full-blown Veeam B&R installation to handle replication, you just need a single backup server with the default proxy server and a second proxy server on the other side.

jeffzuhlke
Novice
Posts: 4
Liked: never
Joined: Dec 26, 2013 9:18 pm
Full Name: Jeff Zuhlke
Location: Wisconsin, USA
Contact:

Re: How should I configure my VPN tunnel to do off-site repl

Post by jeffzuhlke » Dec 27, 2013 4:47 pm

Excellent. Thanks for the clarification and the tip regarding the unnecessary B&R server. Once I hear back from my consultant I'll see if I can implement the IP config changes. I'll reply back if I have any more questions.

I really appreciate the help.

Jeff

Post Reply

Who is online

Users browsing this forum: No registered users and 16 guests