Discussions specific to the VMware vSphere hypervisor
andreash
Enthusiast
Posts: 39
Liked: 5 times
Joined: Dec 04, 2013 8:13 am
Full Name: Andreas Holzhammer
Contact:

Surebackup and multiple IP nets in one production network

Post by andreash » Jan 13, 2017 12:46 pm

Hi,

we are running several IP networks inside a single production Network on ESX5.5, and our Surebackup Jobs are failing since the upgrade to V9.5.

My production setup is like this (I know this is not best practice, but sometimes things get handed over to you and you have to live with it):
- one production network on three ESX 5.5 hosts, called "VM Production"
- multiple IP networks inside this single LAN
-- 192.168.1.0/24 with default GW 192.168.1.254 - this is where most servers live
-- 192.168.2.0/24 with default GW 192.168.2.254 - a management network
-- 192.168.3.0/24 with default GW 192.168.3.254 - servers for a separate project
- all these Default GWs are virtual IPs on a single Network port on the physical firewall device. No VLAN tagging in place.

All ~50 VMs on this Cluster are backed up using VEEAM 9.5, and replicated to a fourth (legacy) ESX 5.5 host with two datastores.
So i have two replication jobs, one for each datastore on the replication host.

Up until VEEAM 9 we had a weekly Surebackup Job set up that would test all VMs on the replication host. The Virtual Appliance was configured for Advanced Single Host Networking, with one single Isolated Network, and multiple vNICs in Network Settings:
- vNIC1: Masquerade IP 192.168.255.x, Appliance IP 192.168.1.254
- vNIC2: Masquerade IP 192.168.254.x, Appliance IP 192.168.2.254
- vNIC3: Masquerade IP 192.168.253.x, Appliance IP 192.168.3.254
This was working fine until the upgrade to V9.5. The appliance failed to start and I redeployed it, and afterwards servers in the first network could be verified successfully, but servers in 192.168.2 und .3 would still fail. I logged into the appliance and couldn't find any reference to these networks, so i decided to rebuild the appliance.
Unfortunately it would not allow me to create multiple vNICs for the same Isolated Network: "vNIC with such isolated Network connected already exists".

Support told me this setup was not supported and I should file a feature request (Case ID is 02029961). As this was working in the past I'd rather think this is a bug report :-)

Any idea how to set this up in V9.5? Separating the single Network into multiple vLANs is not an option on the physical network, I'm afraid.

Regards,
Andreas

Andreas Neufert
Veeam Software
Posts: 3031
Liked: 533 times
Joined: May 04, 2011 8:36 am
Full Name: @AndyandtheVMs Veeam PM
Location: Germany
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by Andreas Neufert » Jan 13, 2017 1:25 pm

Will check... Correct case number is: 02021609

Andreas Neufert
Veeam Software
Posts: 3031
Liked: 533 times
Joined: May 04, 2011 8:36 am
Full Name: @AndyandtheVMs Veeam PM
Location: Germany
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by Andreas Neufert » Jan 16, 2017 2:07 pm

Asked team support team to investigate why this was changed.

andreash
Enthusiast
Posts: 39
Liked: 5 times
Joined: Dec 04, 2013 8:13 am
Full Name: Andreas Holzhammer
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by andreash » Jan 19, 2017 1:53 pm

Hi Andreas,
thank you for picking this up! Is this setup really so unusual?

I have tried to come up with a Workaround but have not yet been able to come up with something useful.

Regards,
Andreas

Andreas Neufert
Veeam Software
Posts: 3031
Liked: 533 times
Joined: May 04, 2011 8:36 am
Full Name: @AndyandtheVMs Veeam PM
Location: Germany
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by Andreas Neufert » Jan 19, 2017 1:56 pm

I used this setup before and it was mentioned as solution for customers with above 9 Networks as well.

No feedback yet will ask again.

Peter Draeger
Lurker
Posts: 1
Liked: never
Joined: Jan 19, 2017 1:58 pm
Full Name: Peter Dräger
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by Peter Draeger » Jan 19, 2017 2:27 pm

We have the same problem - esx6.0 and veeam 9.5. On version 9.0 everything was fine.
Existing shurebackups starts with "Error: An error occurred during host configuration."

This is what i tried so far:
I deleted all ShureBackups / Virtual Labs and tried to create them again. If I add more than one isolated network, all networks get the VLAN ID of the last network. It is not possible to add networks with different VLAN IDs. With Version 9.0, each network could be assigned its own VLAN ID.

If I create a vNIC, I get the error message: "Masquerade network address has been detected with warning. Masquerade network address <ip> is already in use by the virtual lab <vlabname>. Would you like to use these settings?


I will open a ticket

Andreas Neufert
Veeam Software
Posts: 3031
Liked: 533 times
Joined: May 04, 2011 8:36 am
Full Name: @AndyandtheVMs Veeam PM
Location: Germany
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by Andreas Neufert » Jan 19, 2017 3:30 pm

This is something different and it is OK. THis is just a warning only and you can say yes.

svenh
Enthusiast
Posts: 29
Liked: 5 times
Joined: Jan 21, 2016 12:56 pm
Full Name: Sven Hartge
Location: Germany
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by svenh » Jan 24, 2017 4:04 pm

andreash wrote: thank you for picking this up! Is this setup really so unusual?

I have tried to come up with a Workaround but have not yet been able to come up with something useful.
While not exactly a secure solution (as you already know) I can assure you: this is not that unusual.

I myself have some (legacy) networks where there are two IP nets in one physical network. Mostly a public IPv4 range and a private RFC1918 one for inter-server communication and management.
("Legacy" because those are mostly networks from an older design, newer deployments use correctly separated networks via VLANs.)

Andreas Neufert
Veeam Software
Posts: 3031
Liked: 533 times
Joined: May 04, 2011 8:36 am
Full Name: @AndyandtheVMs Veeam PM
Location: Germany
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by Andreas Neufert » Jan 27, 2017 2:56 pm

What I can tell you by now is that some of the customers had problems with this kind of unsupported setup and as well we had some cases were customers defined it by mistake that way. We investigate at the moment if there is a option to enable this configuration somehow without to run into the same problems again. This will need some time.

svenh
Enthusiast
Posts: 29
Liked: 5 times
Joined: Jan 21, 2016 12:56 pm
Full Name: Sven Hartge
Location: Germany
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by svenh » Jan 27, 2017 3:03 pm

Andreas Neufert wrote:What I can tell you by now is that some of the customers had problems with this kind of unsupported setup and as well we had some cases were customers defined it by mistake that way. We investigate at the moment if there is a option to enable this configuration somehow without to run into the same problems again. This will need some time.
Thank you. I guess best bet would be an "Advanced Setting" in the "vNIC Connection Settings" dialog, allowing to add additional IP addresses.

andreash
Enthusiast
Posts: 39
Liked: 5 times
Joined: Dec 04, 2013 8:13 am
Full Name: Andreas Holzhammer
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by andreash » Jan 30, 2017 2:20 pm

Hi Andreas,
thanks for staying on top of this.

Unfortunately I haven't been able to come up with a workaround yet. While it is possible to skip the ping test entirely the Surebackup Job already fails when mapping the network.
I think this area could use some more granularity. For example I have tried to assign a second virtual IP from an independent Networks to a single Interface, and it appears Surebackup picks the virtual IP over the base IP, failing the ping test.
It would already be helpful to be able to exclude some servers from a Linked Job from Surebackup, so I could spread one Job over multiple Surebackup Jobs.

Regards,
Andreas

atrotter
Lurker
Posts: 1
Liked: never
Joined: Apr 05, 2016 4:47 pm
Full Name: Anthony Trotter
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by atrotter » Jan 31, 2017 4:51 pm

You're not alone. I too just experienced this directly after upgrading from 9.0 to 9.5 Update 1. I used to have two subnets defined on the single isolated network and it worked fine in 9.0. Now, the SureBackup jobs fail at the ping test. The logs show the ping test utilizing the incorrect mask IP--that is, it uses the mask IP of the other subnet rather than the one that it was assigned to. I have a ticket open with Veeam, currently escalated to Tier 2. Hopefully they can provide some insight into the issue.

andreash
Enthusiast
Posts: 39
Liked: 5 times
Joined: Dec 04, 2013 8:13 am
Full Name: Andreas Holzhammer
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by andreash » Feb 02, 2017 12:04 pm

I have received the following Feedback from Tier 2 Support:
"Unfortunately, I have to state this feature ("allowing multiple vNICs with different masquerade/appliance IP addresses in Virtual Lab constructor for one isolated network") had been mistakenly allowed in Veeam version 8 and 9.
As of now this setup is not supported and is prohibited in the new version."

Btw, there's also another change in the surebackup logic: (Windows) Network interfaces with an alias IP get recognized with the alias IP, not the Primary one. This breaks another ping test in my case.

My workaround looks like this:
1. for every IP network, create a separate Virtual Lab with the Isolated Network mapped to this IP Network (i.e. I have "VLAB 192.168.1.0", VLAN "192.168.2.0" and so on)
2. for every IP Network, create an Application Group containing all VMs inside this Network with source Backup
3. for every IP Network, create a second Application Group containing all VMs inside this Network with source Replication
4. for every IP Network, create a Surebackup Job with the corresponding VLAB and Application Group with source Backup
4. for every IP Network, create a second Surebackup Job with the corresponding VLAB and Application Group with source Replication
So basically I am no longer testing "Linked Jobs" but Application Groups which means no parallel processing. This obviously also only works if there are no dependecies between those networks. We only run simple ping test currently, so that's acceptable for now.

Any changes in the VM-Infrastructure (i.e. new Servers) need to be manually added to the above setup, i can no longer simply add them to the replication job.

So, for me I no longer have two Surebackup Jobs (one for Backup and Replication each), but I will have 6 of them, plus the added overhead for maintenance.

Please, VEEAM Team, think about this and get us back the previous functionality!

Regards
Andreas

andreash
Enthusiast
Posts: 39
Liked: 5 times
Joined: Dec 04, 2013 8:13 am
Full Name: Andreas Holzhammer
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by andreash » Feb 02, 2017 12:48 pm

Major drawback #1: All VMs in an Application Group stay online, so I need a lot of Ressources or a lot of Jobs.
Major drawback #2: Processing stops if a VM brings up an error (doesn't boot in time because of Update Installation for example)

JasonRoss
Lurker
Posts: 1
Liked: 2 times
Joined: Mar 08, 2017 12:57 am
Full Name: Jason Ross
Contact:

Re: Surebackup and multiple IP nets in one production networ

Post by JasonRoss » Mar 08, 2017 1:14 am 2 people like this post

I had this same issue and resolved it. I upgraded from 9 to 9.5, needed to modify a virtual lab, but was getting the error message "vNIC with such isolated Network connected already exists". I tried everything... I still wasn't able to complete the final creation stage with multiple isolated networks. Hope this helps somebody.

It is a simple mistake that I would ALMOST call a design flaw. - From the "Isolated Network" section after you click the Add button for additional networks, the middle "Isolated network" dropbox keeps the same name as the original one. Hence the VLAN ID changing for all of the networks.

Edit the name to match the production network. For example...

Production: xx Network
Isolated network: Virtual Lab xx Network
VLAN ID: xx

After this, assign a vNic for each isolated network with the appropriate network settings. Each masquerade address will need to be unique in the lab.

Post Reply

Who is online

Users browsing this forum: Google [Bot], vmJoe and 22 guests