Start a Conversation

Unsolved

S

2 Intern

 • 

136 Posts

38

January 17th, 2024 11:33

Firewall configuration for Avamar NDMP Accelerator

Hello,

I am setting up an existing Avamar server to backup a new Powerscale, with OneFS 9.5.

I have already configured the Powerscale for NDMP as detailed in the User Guide for Avamar NDMP Accelerator. The ndmp user has been defined, the DMA set to generic and the browse user has been setup, too.

Backup Client has been successfully configured on the NDMP accelerator and when I run a test backup, it connects to the Powerscale at first and reports the version. But when it tries to backup data, it times out.

2024-01-16 12:48:21 avndmp Info <41910>: [snapup-/ifs/path] NDMP listening IPV4 for data on address xxx.xxx.xx.xxx, port 27071
2024-01-16 12:48:21 avndmp Info <41861>: [snapup-/ifs/path] Connecting to data socket on address xxx.xxx.xx.xxx, port 27071.
2024-01-16 12:50:31 avndmp Error <41862>: [snapup-/ifs/path] Unable to establish data connection to address xxx.xxx.xx.xxx, port 27071.

A telnet to the IP and port from the NDMP Acclerator hangs, which seems to mean it cannot connect to the system. The initial NDMP connection goes through port 10000, but the data connection is to a random port (27071 in this example). Since the Powerscale's internal firewall is active by default in OneFS 9.5, do I need to create a rule for the connection from the NDMP Accelerator? And if so, how? I'm not a firewall specialist. Turning off the firewall is not an option. There is a default ndmp rule in the existing policy, but I'm guessing that's just the NDMP service port of 10000.

Thanks in advance for any tips.

Moderator

 • 

8.5K Posts

January 17th, 2024 17:44

Hi,

Thanks for your question.

Try the steps in this article. https://dell.to/48XB9Up You will need to login to view it.

 

Let us know if you have any additional questions.

1 Rookie

 • 

1 Message

February 13th, 2024 20:23

@DELL-Josh Cr​ 

Josh, the article you reference appears to be for NetApp NAS/Filers. Is there one specific to the Isilon_Filer for Powerscale, or are you saying these same steps still apply?

I'm having the similar issues as the OP, and I'm also running OneFS Version: 9.5.0.3. The difference for our site being is that sometimes, our NDMP backups are successful. For instance, I just ran the same NDMP/Powerscale job back to back. The first one failed using port 21592, however the second one was successful using port 54581.

I will follow the port usage more closely over the next few days, but wondered if you had any further ideas?

Adding our NDMP Version information:

root@ndmp-powerscale:/home/admin/#: avndmp --version
  version:     19.8.100-83
  build date:  Oct 26 2022 09:45:26
  msg format:  13-10
  SSL:         TLSv1   OpenSSL 1.0.2x-fips  8 Dec 2020
  Zlib:        1.2.11
  LZO:         1.08 Jul 12 2002
  platform:    Linux
  OS version:  SLES-64
  Processor:   x86_64

Thanks in advance.

(edited)

Moderator

 • 

8.5K Posts

February 13th, 2024 20:41

Try adding a firewall rule for ndmp https://dell.to/3UHmPvk and https://dell.to/3UH0le8

 

And maybe on the avamar side too https://dell.to/49wqaBJ

No Events found!

Top