NDMP backups and Network Address Translation

Article: 100028538
Last Published: 2013-01-21
Ratings: 0 0
Product(s): NetBackup

Problem

It is not possible to backup an NDMP filer that is on the other side of a gateway that is performing network address translation (NAT) or port address translation (PAT).

Cause

When an NDMP data connection is created, one side will create a listen port, then pass the IP address and port number to the other side, which then connects to the listening port on the original host.  Because the numbers are embedded within the data exchanged, they are not visible in the packet header and are not translated by the gateway.  The receiving host will attempt to connect to the non-translated IP address and port, and will fail.  The NDMP protocol requires the use of numbers and does not provide for the use of host or service names, thus preventing the application layer on each side from translating the names to appropriate numbers for each side of the connection.

 

NDMP local backups do not use a data connection for the movement of file data (the tape is attached directly to the filer being backed up). However, at the end of the backup, the media server will send the TIR data (the catalog file) to tape. To do this, the media server creates a listen port, passed the address and port to the filer, which then connects. If a NAT gateway is present between the media server and the filer, this will not work.

 

NDMP three-way (3-way) backups will encounter the same problem transferring the TIR data if a NAT gateway is present between the media server and the filer with the tape device.  In addition, a data connection is needed for movement of the file data between the filers.  One filer creates a listen port and passes the address and port to the other filer via the media server. If a NAT gateway is present between the filers, the address and/or port forwarded by the media server will not allow for a successful connection between the filers.

 

NDMP remote backups use a data connection for the movement of file data between the filer and the media server.  The media server creates a listen port and passes the address and port to the filer. If a NAT gateway is present in between, the filer will be unable to connect.

Solution

NDMP backups are only possible when NAT and PAT are not used between the media server and the filer(s).


Applies To

All current versions of NetBackup and NDMP.

Was this content helpful?