The initial appliance configuration assigns the best possible IP address to the management NIC, eth0, used to access the Symantec NetBackup Appliance web interface for initial configuration. But the varied and changing nature of customer networks makes a one-size-fits-all solution unavailable.
The following details should be reviewed to understand whether the assigned address is appropriate, how it will be used by NetBackup, the appliance, and remote hosts, and how to select a new IP address if the default one is not appropriate.
Note: The IPMI port is a separate NIC, distinct from eth0 … ethN, and is administered separately. The discussion below does not apply to the IPMI port.
The management NIC is intended to be used only for connecting a laptop directly for initial or subsequent configuration. The default IP address is compatible with a network segment that contains only the management interface and the laptop.
Frequently though, the interface is connected to a network which may cause unexpected behaviors in some configurations.
Recommendations for Management-only Networks
If connected to a network, the management NIC should preferably be connected to a management-only segment that would be non-routed and using link-local (169.254.0.0/16 or fe80::/128) IP addresses. That would automatically prevent using the NIC to backup remote clients because packets would not be routed from the link-local network to the production or backup networks.
Any other IP address range could also be used provided it is not routed.
Recommendations for Routed Networks
If the management NIC is attached to a routed network (e.g. 192.168.0.10/24) it should not be the default route and none of the NetBackup hosts should have a configuration that references the hostname for the eth0 interface. As a result there should not be any inbound connections to that NIC.
Similarly, all remote NetBackup hosts should have a network interface other than 192.168.0.0/24 that is used in the NetBackup configuration so there should not be any need for an outbound connection from the management NIC either.
However, the appliance could return the management NIC IP or hostname in a forwarding profile during initial CORBA connection from a remote host, which might use it for subsequent connections. NetBackup 220.127.116.11 and 7.6 restrict the usage of the returned profile to prevent that from happening. Until upgraded, the remotes hosts may want prohibit the IP address for the management NIC on the appliances to which they connect. Do not use a target range that includes any interface on the local host!
PREFERRED_NETWORK = my_appliance_master_eth0 PROHIBITED
PREFERRED_NETWORK = my_appliance_mm_eth0 PROHIBITED
If a CORBA using clients has a second interface and it is on the management network it may return that interface in a forwarding profile to the appliance. As a result, there may be a small amount of non-image traffic through the management NIC. If this is undesirable until upgraded (to NB 18.104.22.168 or higher), configure the appliance to not make connections to those interfaces on the clients. A range can be used if it does not prohibit the local interface.
PREFERRED_NETWORK = client-1_on_mgmt_net PROHIBITED
PREFERRED_NETWORK = client-2_on_mgmt_net PROHIBITED
PREFERRED_NETWORK = client-n_on_mgmt_net PROHIBITED
Examples of CORBA using clients include the following:
- SAN Clients
- Deduplication Clients
- Oracle Clients using Guided Recovery and Metadata Collection
- DB2 Clients using Guided Recovery
- Clients running the Discovery Service
Recommendations When Clients Are Only on the Management Network
If a remote client only has one network interface and it is on the management network, then connections from the appliance to the client will normally be routed out the management NIC. If a network route exits from the eth1-6 interfaces to the client, then a static route should be added from the eth1-6 interface to that client. TCP replies would come back to that source interface and the client would use that interface in its servers list. If using CORBA connections, the client should prohibit connections to the management NIC on the server, as noted in the previous section.
Using a static route is better than configuring the appliance with
PREFERRED_NETWORK = client_on_mgmt_net MATCH non-mgmt_IP
because the weakhost model in SuSE 10 will connect outbound to the client from the management NIC with the source IP set to the non-mgmt_IP. Consequently the reply packets will be returned to that NIC. This asymmetrical routing may not be noticed during a backup, but during a restore the client bound packets containing the backup image will be on the slower eth0 interface. Using Connect Options of '1 1 2' for the client will cause the client to initiate the connection to bptm at the non-mgmt_IP but the weakhost model will still send the reply packets out the eth0 interface.
Note: If using static routes, the remote client cannot be used to administer the appliance if the non-mgmt NIC used for the static route is down or non-routable for any reason.
If the remote client is only routable via the management network, then those backups and restores will unavoidably use the slower eth0; neither static routes nor Preferred Network will be of benefit.
Note: When assigning IP addresses, be sure that the number of addresses unique to the local host exceeds the number of addresses that might be assigned to multiple hosts. See Related Articles for details.
NetBackup appliances; 5200, 5220, 5230