Problem
Normal network routing on a host may cause different outbound interfaces to be used when connecting to the same host at different times. In addition there may be times when it is desired to restrict backup traffic to a specific NIC or subset of NICs.
The REQUIRED_INTERFACE and PREFERRED_NETWORK may seem to work in some configurations but not all.
Cause
The hostname set for REQUIRED_INTERFACE can resolve to only one IP address and it may be desired to restrict traffic to more than one of the available interfaces.
REQUIRED_INTERFACE does not affect inbound connections, only outbound connections. The outbound TCP SYN sent from the host has the source IP of the REQUIRED_INTERFACE. As a result, it will affect the interface to which packets are returned which may affect the outbound interface used on the remote host..
REQUIRED_INTERFACE allows the application to hint to the operating system which outbound interface to use, but the O/S can ignore the hint and use a different interface.
Regardless of the outbound interface used, the source IP will be the IP resolved from the REQUIRED_INTERFACE. As a result, outbound packets on the outbound connection will leave the host via the O/S selected NIC. But the return packets for the same connection will be addressed to the REQUIRED_INTERFACE and routed through the network to that NIC. The differing paths for the outbound vs returned packets is referred to as asymmetrical routing and may fail if both routes do not exist.
A less than careful analysis of a network trace might correctly note that the backup image is on the expected network segment, but fail to notice that the TCP ACKs and smaller amount of application data flowing in the other direction are on the wrong network segment. This condition will be much more obvious during a restore operation when the [large] backup image is traversing the wrong network segment and the TCP ACKs and smaller amount of returned application data are on the expected network.
Some security models such as the Windows 2003/2008 stronghost model may drop or reject connections where the IP address appears to be spoofed because it is not on the expected network segment.
The discussion above also applies to the PREFERRED_NETWORK option, both when PROHIBITing a local interface and also when specifying a source interface.
Solution
NIC 2 10.2.2.1
NIC 3 192.168.1.1
NIC 4 172.16.1.1
client 1
Backup NIC 10.1.1.2
Backup NIC 10.2.2.2.2
should be able to determine the best route because the IP segments are directly attached.
NIC 2 10.2.2.1
NIC 3 192.168.1.1
NIC 4 172.16.1.1
Backup NIC 142.10.1.2
Production NIC 172.16.1.2
Backup NIC 131.222.1.2
In this example since the production NICs and backups NICs are not directly attach, you can use IP route statements
Routes back to the server's backup NIC could be done by using this type of routing statement-
On the server
route add -n 142.10.1.2 10.1.1.2
Note: Microsoft has published details of the weakhost and stronghost models here;
http://technet.microsoft.com/en-us/magazine/2007.09.cableguy.aspx
See the Related Articles for details on Preferred Network and weak host backup behavior.
Applies To
Master server has multiple NICs and needs to be able to run backups over at least one, but not all network segment.
NetBackup 3.4 - 7.5