Hi! I noticed that when backup are being done over the LAN, it's quite a common practce to have a seperate LAN to do these backup of remote servers. I'm not sure how is these being done pratically? Does that mean the servers will need to have 2 NIC cards, one connect to the production vlan another NIC card connect to the anohter dedicated vlan for backup?
How is that being done normally? Pls advise. Thanks.
Yes you would need a second NIC on the server dedicated to backup. They would be in a separate vlan of their own.
The other decision to make is whether to run these connections across your existing switch infrastructure or have dedicated switches for backup. A lot depends on how much throughput your existing switches can support.
If your intention is just to stop backup data slowing down user connections because the server NIC is too busy then you could ue the same switch infrastructure. If the backups are putting too much traffic through your switches which affects users then you need separate switches dedicated for backups.
Make sure that any servers you setup with another NIC has ip forwarding disabled.
It's just an extra security measure really. Generally speaking servers should not act as routers forwarding packets from one network to another. Your backup LAN should not be accessible from the production data side.
It's not essential but it won't hurt.
Hi! You are saying if i disable forwarding, the routing protocol that i'm using eg. RIP will not be able to learn that VLAN?
Do i disable the forwarding of the subinterface of the router for that particular vlan or the vlan interface if i'm using L3 switching?
Another option to utilise the existing infrastructure is to use trunking from the switch to the network card in the server (this is of course dependant on your network cards supporting VLAN trunking).
This will also mean that your backups will need to run overnight (or at quite times of the day) as the client connections can be using the whole bandwidth during the day, and the backup connection can use the whole of the bandwidth at night when there will be less client traffic.
If you are going to do this, make sure that the IP configuration for the backup side has no gateway address and your backup server is on the same subnet as the backup addresses. That way you prevent traffic routing across your router/MSFC/RSM.
Hi! In that case i will only need one NIC card per server?
No gateway for the servers? Will my clients be able to access the server in this case?
Do you mean that if i use trunking method, clients are not able to access the server as the bandwidth is fully loaded?
No, if you have VLAN aware network cards on the server network card, it is basically the same as having two network cards (only sharing one cable). Traffic from the client side will connect to the configured client IP, and backup traffic will connect to the configured backup IP.
The two will quite hapily co-exist as long as you do not give the backup side a gateway address. If you give both cards a gateway address, then traffic routing on the server will get confused as the routing table will have two gateways and youmay find traffic heading off in the wrong direction and the clients complaining about dropped connections.
During the day, when the clients are in and using the system then the client side IP configuration will be doing most of the work as the clients will be using the bandwidth. At night when there are (theoretically) less clients about the bandwidth is freed up to be used by the backup.
As long as your backup server/backup device has an IP address in the same subnet as the IP addresses configured on the backup configuration on the server then it will be able to find the servers.
The client side configuration must have a gateway address to be able to connect to external resource, but since the backup system does not need to do anything for the clients then it does not need a gateway.
And, yes you will only need one network card per server, just make sure its a good one that supports VLAN trunking.
We use this system all the time in my organisation and we have no issues with bandwidth problems (unless the backups overrun - which is a whole other story).
"The client side configuration must have a gateway address to be able to connect to external resource, but since the backup system does not need to do anything for the clients then it does not need a gateway. "
The statement above apply even if the backup server is also a file server or application server? If the clients need to access this file server, will they be any problem? if i ping the backup/file servers from the clients will they be able to return a response if there's no gateway set at these servers?
If there's no gateway set, does that meant i can't access other subnet from the server?
If you are using the backup server as a file/print server as well then the same rule applies - as long as the server has two cards and you make sure that the IP routing is turned off on all the servers - the problem with IP routing on the server is that it makes the server act as a router between the two subnets and again the ARP table gets confused.
If you keep all the backup cards devoid of gateway addresses and you apply gateway addresses to all the client cards then there should be no issue for the clients.
Best advice realistically is to have a totally seperate back up server (although I can appreciate that this is not always a practical consideration).
You will be able to ping all the servers from the clients (at least on the client IP address), but you probably won't get a response on the backup cards as they will not have a suitable return path - but this is only an issue if you want to use the backup IP address on your backup server to connect a remote client to for managemenet purposes (i.e. RDP, ICA or VNC).
Hi! how about those servers(with the remote backup agent installed) that are being backup? Will there need to have 2 cards as well? or just a NIC with trunking support will do?
In summary, the backup server will need to have 2 cards(combination of 2 normal nic or 1 normal nic and 1 normal nic) if i want the clients to be able to access the server. The NIC connected to the private vlan do not need a GW address, GW is only required on NIC that's connected to the prod. vlan. disable IP forwarding on the backup server. (do i need to disable ip forwarding in servers that are being backup?) If in the end i still need 2 NIC card, then there won't be any clear purpose of getting one card with trunking support right?
Are my statement above correct? Thanks.
A trunking NIC will do the job on the servers being backed up as will a trunking NIC be OK on the backup server. So if your servers are fairly modern then they should be ready to use.
Everything else is correct. The private (backup) lan does not need a gateway, the public (production) lan does need a gateway address - and for the sake of safety disable IP forwarding on all the servers - after all routers are meant to route and servers are meant to serve.
Thanks for your input. We are having the same issues with the backup. We had two nics in them and now I know that the NIC that is dedicated for the backup should not have had a GW. My question is how do I disable IP forwarding on the server? Is this a function of NIC?
That depends on the operating system in use - in Windows 2000 and 2003 as long as the Remote Access and Routing service is not running then you should be OK; in Windows NT4 it is a property of the TCP/IP setting (sorry I don't have an NT box to hand)- so from memory its - right click on network neighborhood, select protocols tab, select TCP/IP, click properties select the "Routing" tab usually there is a check box - if this is ticked then IP forwarding is enabled and your server has the potential to act as a router - uncheck this box to turn it off.
I have no idea how this is done on a Novell box.