have your firewall guy create a one-to-one rule where everything is open between your backup server interface and interface on datamover. Once you get NDMP working he can lock it down a little further. This way you won't be waisting your time trying to figure out if it's firewall related or something else. Also take a look at this solution:
In newer DARTs you can configure that range that NDMP works like ftp – its got one control port that is fixed and the uses dynamic ports for the data transfer.
Any Firewall admin worth his salt should be able to figure that out
You were right again! This was a firewall issue .I had all the TCP ports opened and now the backup guy is successfully able a run the Job.
However, there is a speed concern.
I understand , the method we are using provides the slowest throughput for NDMP backups. The data is traveling across a LAN/WAN connection from the filer to the media server. Once it arrives at the media server, it is written to tape through buffers on the media server.The possibility of zoning the Tape directly is ruled out at present.
I wonder with the existing configurations it shouldn't so too slow around 250KB/sec , Backup guy would need to have 3-4MB/sec, at least, to backup.
please suggest if there is a way this can be improved...Thanks a lot for your answers! They 're helpful plus solution driven.
the fact that you are going through the firewall could be the problem. I don't know what firewall appliance/software you are using but there could be a limited number of interfaces so it's throttling down your backups. Backup traffic is typically very large size i/o that requires plenty of bandwidth so if you can move one of your media server interfaces on a network where it does not have to go through the firewall that would be ideal. When i used to run 3-Way NDMP, i actually had a dedicated interface on datamover and dedicated interface on my TSM server ..both interfaces were connected to dedicated "backup" VLAN. If your security guys are still very concerned, they can create network switch port ACLs to restrict traffic between the two end points.
Dynamox, thanks for the suggestion. I have a small doubt. Moving one of the interfaces of media server so that the traffic does not have to go through firewalls can be best judged by the Network guy ( please correct me if a i 'm wrong)??
Their statement is - they already had all the TCP ports between the DM and and the b'up server interface opened.Also, from the ping result there is no packet drops and 7-9 ms latency is looks absolutely fine to them . they have also checked switch port to see if there is any error/drop on the port but it looks clean to them.
I am not sure , how can i pick/ select another interface from media server that would be ideal for data transfer?
i am not familiar with nebackup to tell you if it requires a special license to share tape drives with multiple servers. Basically you need to zone tape drives to your datamover, don't need to zone the changer unless you are going to dedicate this library to NDMP backups only. What kind of tape drives do you have ? Need to make sure they are compatible with Celerra. You could zone a couple of drives to AUX0 and a couple more drives to AUX1. Once drives are zoned you will need to rescan datamover to make sure they get picked up and special device files get created.
server_devconfig server_2 -probe -scsi -al
server_devconfig server_2 -create -scsi -all
[nasadmin@ns20 ~]$ server_devconfig server_2 -list -scsi -nondisks -all server_2 : Scsi Device Table name addr type info ttape1 c64t0l0 tape IBM ULTRIUM-TD1 4561 ttape2 c64t0l1 tape IBM ULTRIUM-TD1 4561 ttape3 c64t0l2 tape IBM ULTRIUM-TD1 4561 ttape4 c64t0l3 tape IBM ULTRIUM-TD1 4561
Here are my 4 tape drives on this datamover, the "addr" column contains the device name for these drives. You will need to use these names when you define drives in Netbackup. That reminds that it was either Backup Exec or Netbakcup that required a separate NDMP license.
Deeppat - what version of Netbackup are you using? Are you licensed for SSO (assuming you're sharing drives in the library with other backup jobs) and NDMP? Without an NDMP license, NBU may let you set up the client, but it may not behave properly.
Not sure how that could relate to slow backup time
If the Backup server is on a slow link with the Data Mover (and the drives are SAN attached to the Data Mover) I would assume that the amount of metadata are causing the slowness
Again , a very helpful answer from you Dynamox, i 'll keep the things you mentioned in mind.
Karl thanks for the input- it's 6.5 version.
here's what symantec expert asked to check from EMC side:
"Can you prevent scsi reservations on the EMC for the tape devices? I have a feeling this is the issue."
"It is SCSI reservation. EMC, by default, enable SCSI reservations on all hardware. You need to disable this for the 3/4 drives that you have connected to the EMC filer. NetBackup maintains this list and controls the reservations for the tape devices. If a media server or NDMP host attempts to reserve a drive at the OS level, NetBackup will deny the reservation. "
I have never heard of scsi reservation bits being set anywhere but on the storage device itself"
dynamox
9 Legend
•
20.4K Posts
0
January 10th, 2011 09:00
have your firewall guy create a one-to-one rule where everything is open between your backup server interface and interface on datamover. Once you get NDMP working he can lock it down a little further. This way you won't be waisting your time trying to figure out if it's firewall related or something else. Also take a look at this solution:
http://www.symantec.com/business/support/index?page=content&id=TECH55847
dynamox
9 Legend
•
20.4K Posts
1
January 10th, 2011 05:00
how many network interfaces on NetBackup server ?
Rainer_EMC
4 Operator
•
8.6K Posts
1
January 10th, 2011 08:00
Yes, you need open ports
In newer DARTs you can configure that range that NDMP works like ftp – its got one control port that is fixed and the uses dynamic ports for the data transfer.
Any Firewall admin worth his salt should be able to figure that out
deeppat
2 Intern
•
261 Posts
0
January 10th, 2011 08:00
Hi Dynamox,
it's using two interfaces..
The question is( besides, my other two question above) : Do i actually need to open ports ranging from 20000-21000?
I read in the forum: "port 10000 is used to initiate the NDMP backup. After that, it switches to a dynamic range."
How does it work for a completley new environment?
deeppat
2 Intern
•
261 Posts
0
January 10th, 2011 09:00
Hi Rainer,
The firewall guy and symantec support aren't of much help.
The code i 'm using is -5.6.45-5 , which is pretty new.
does it mean i need to open all the ports in this range of 20000-21000? There's no documentation listed to help me understand this theory.
please suggest?
deeppat
2 Intern
•
261 Posts
0
January 17th, 2011 11:00
Hello Dynamox,
You were right again! This was a firewall issue .I had all the TCP ports opened and now the backup guy is successfully able a run the Job.
However, there is a speed concern.
I understand , the method we are using provides the slowest throughput for NDMP backups. The data is traveling across a LAN/WAN connection from the filer to the media server. Once it arrives at the media server, it is written to tape through buffers on the media server.The possibility of zoning the Tape directly is ruled out at present.
I wonder with the existing configurations it shouldn't so too slow around 250KB/sec , Backup guy would need to have 3-4MB/sec, at least, to backup.
please suggest if there is a way this can be improved...Thanks a lot for your answers! They 're helpful plus solution driven.
dynamox
9 Legend
•
20.4K Posts
1
January 17th, 2011 11:00
the fact that you are going through the firewall could be the problem. I don't know what firewall appliance/software you are using but there could be a limited number of interfaces so it's throttling down your backups. Backup traffic is typically very large size i/o that requires plenty of bandwidth so if you can move one of your media server interfaces on a network where it does not have to go through the firewall that would be ideal. When i used to run 3-Way NDMP, i actually had a dedicated interface on datamover and dedicated interface on my TSM server ..both interfaces were connected to dedicated "backup" VLAN. If your security guys are still very concerned, they can create network switch port ACLs to restrict traffic between the two end points.
deeppat
2 Intern
•
261 Posts
0
January 17th, 2011 12:00
Dynamox, thanks for the suggestion. I have a small doubt. Moving one of the interfaces of media server so that the traffic does not have to go through firewalls can be best judged by the Network guy ( please correct me if a i 'm wrong)??
Their statement is - they already had all the TCP ports between the DM and and the b'up server interface opened.Also, from the ping result there is no packet drops and 7-9 ms latency is looks absolutely fine to them . they have also checked switch port to see if there is any error/drop on the port but it looks clean to them.
I am not sure , how can i pick/ select another interface from media server that would be ideal for data transfer?
dynamox
9 Legend
•
20.4K Posts
0
January 17th, 2011 12:00
is everything connected to 1G network ? 250 KB/s is ridiculously slow
Rainer_EMC
4 Operator
•
8.6K Posts
0
January 18th, 2011 07:00
That’s a network / firewall issue – that speed is ridiculously slow
Most firewalls aren’t built for high-bandwidth traffic
deeppat
2 Intern
•
261 Posts
0
January 18th, 2011 11:00
Hello Dynamox and Rainer-
Thank you both for the inputs.
Dynamox- Yes , it is a 1G network. I even tried with another interface, speed for this was even slower compared to the first one ( 156 KB/sec)
It's certainly the firewal ( CISCO AWS) issue.
I have decided to zone the DM directly to the tapes.
what are the things I need to keep in mind to make sure the backup is succcess ful this time. Does zoning suffice?
Please share some pointers as i 'll be doing this for the first time , but, i want to make sure i nail this the right way .
Appreciate if you can share your experiance while directly zoning to tapes.
dynamox
9 Legend
•
20.4K Posts
0
January 18th, 2011 13:00
i am not familiar with nebackup to tell you if it requires a special license to share tape drives with multiple servers. Basically you need to zone tape drives to your datamover, don't need to zone the changer unless you are going to dedicate this library to NDMP backups only. What kind of tape drives do you have ? Need to make sure they are compatible with Celerra. You could zone a couple of drives to AUX0 and a couple more drives to AUX1. Once drives are zoned you will need to rescan datamover to make sure they get picked up and special device files get created.
server_devconfig server_2 -probe -scsi -al
server_devconfig server_2 -create -scsi -all
Here are my 4 tape drives on this datamover, the "addr" column contains the device name for these drives. You will need to use these names when you define drives in Netbackup. That reminds that it was either Backup Exec or Netbakcup that required a separate NDMP license.
umichklewis_ac7b91
300 Posts
0
January 19th, 2011 06:00
Deeppat - what version of Netbackup are you using? Are you licensed for SSO (assuming you're sharing drives in the library with other backup jobs) and NDMP? Without an NDMP license, NBU may let you set up the client, but it may not behave properly.
bergec
275 Posts
0
January 19th, 2011 09:00
There is an NDMP param for scsi reservation but it is off (=0) by default and requires a Data Mover reboot to change
Check server_param server_2 -f NDMP -i scsiReserve -v
Not sure how that could relate to slow backup time
If the Backup server is on a slow link with the Data Mover (and the drives are SAN attached to the Data Mover) I would assume that the amount of metadata are causing the slowness
Are you backing up a lot of small files?
Claude
deeppat
2 Intern
•
261 Posts
0
January 19th, 2011 09:00
Thanks Dynamox and Karl-
Again , a very helpful answer from you Dynamox, i 'll keep the things you mentioned in mind.
Karl thanks for the input- it's 6.5 version.
here's what symantec expert asked to check from EMC side:
"Can you prevent scsi reservations on the EMC for the tape devices? I have a feeling this is the issue."
"It is SCSI reservation. EMC, by default, enable SCSI reservations on all hardware. You need to disable this for the 3/4 drives that you have connected to the EMC filer. NetBackup maintains this list and controls the reservations for the tape devices. If a media server or NDMP host attempts to reserve a drive at the OS level, NetBackup will deny the reservation. "
I have never heard of scsi reservation bits being set anywhere but on the storage device itself"
need some expert advise from you guys..