From
PowerProtect Data Manager 19.13, NAS supports Multiple Virtual Local Area Network (Multi-VLAN). It provides flexibility to separate NAS data protection from the network traffic leveraging VLANs. Since separate VLANs are configured within the environment, it ensures that the data is protected over VLANs to which you have configured for the protection job. It also enables the use of Data Protection (DP) across multiple VLANs. For example, if you have three VLANs (management, backup, and production),
PowerProtect Data Manager allows you to separate control and data path operations on each VLAN you defined within
PowerProtect Data Manager.
Best practices for adding VLANs
When you assign a network or VLAN at an asset, data communication always occurs between the
protection engine and the
DD system.
For more information about VLANs, see the
PowerProtect Data Manager Administrator Guide.
Do not add the network or VLAN on which the
PowerProtect Data Manager is already deployed.
While adding a network or VLAN, select the network purpose as per the requirement and ensure that only available IPs are added to
Static IP Pool. To add a network or VLAN, perform the following:
From the
PowerProtect Data Manager UI, select
Infrastructure >
Networks. The
Networks window appears.
On the
Networks window, enter the required information in the
Configuration,
Static IP Pool, and
Routes sections.
Verify the network configuration information in the
Summary section, and then click
Finish.
If you want to assign a network or VLAN at an asset level, configure Data Domain (DD) with those VLANs as per the network purpose whether it is
Data/Management/Data for Management Components. To configure DD with the updated network or VLAN, perform the following:
From the
PowerProtect Data Manager UI, select
Infrastructure >
Storage. The
Storage window appears.
On the
Storage window, select the Data Domain (DD) that needs to be updated.
Click
More Actions and select
Change Network Settings. The
Change Network Settings window appears.
Select the network from the
Network Name list and click
Save.
You should create protection engines with the newly added VLANs. The existing protection engines cannot be configured with new VLANs.
You must configure the search nodes for the VLANs. There are three types of networks,
Data,
Management, and
Data for Management components. Whenever a network or VLAN is added with the
Data for Management Components option, the search engine has to be added with the new VLAN. To add the new network or VLAN to the search engine, perform the following:
From the
PowerProtect Data Manager UI, select
Infrastructure >
Search Engine. The
Search Engine window appears.
On the
Search Engine window, select the search engine for which the VLAN needs to be added.
Click
More Actions and select
Edit Networks. The
Edit Search Engine Node window appears.
In the
Networks Configuration section, select the network from the
Preferred Network PortGroup list and click
Next.
Verify the networks configuration information in the
Summary section and click
Finish.
If you have assets that have to be backed up on multiple VLANs, the respective assets should assign with the appropriate network or VLAN. To assign a network or VLAN for an asset, perform the following:
In
PowerProtect Data Manager UI, select
Infrastructure >
Assets >
NAS.
Select the asset, click
More Actions and select
Assign Network. The
Assign Network page appears.
Select a network from the
Network Label list and click
Save.
Limitations
Adding the existing VLAN allocates two IPs from the same VLAN to
PowerProtect Data Manager and it causes RPF. In detail, when incoming and outgoing packages have different interface, Linux identifies this as a potential security issue and blocks the communication between the IPs/VLANs. This behavior is known as Reverse Path Forwarding or Filtering (RPF). For example, if
PowerProtect Data Manager has two IPs in the same VLAN/subnet numbered 10.0.10.8 and 10.0.10.10. If another host with IP 10.0.10.9 sent request to 10.0.10.10, the request reaches 10.0.10.8, due to the different interface from incoming and outgoing packages, the system blocks this communication.
If an existing default network is added as a new VLAN by selecting
Management or
Data for Management Components option leads to RPF.
If
PowerProtect Data Manager has more than one route path to the hosts in the same VLAN, it breaks one route path principle of network, which can cause RPF.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\