Routing Basics

Interfaces and Default routes

Routers use Layer 3 IP addressing when deciding where packets should go to. Hence each router interface should have an IP address, otherwise interface won’t be used at all. You simply go:

configure terminal
interface Fa0/0
ip address 10.1.1.1 255.255.255.0

Now router knows about 10.1.1.0/24 corporate network (it’s called “connected route”) and route packets destined to it through Fa0/0 interface. It could be a number of switches behind Fa0/0.

From the opposite site router is usually connected to the Internet (links between routers are usually /30 networks with 2 useable addresses):

configure terminal
interface Fa0/1
ip address 172.16.3.2 255.255.255.252

To tell the router that Fa0/1 is the outside interface where packets to all other networks go, you configure a default route (which is defined as route to network 0.0.0.0):

ip route 0.0.0.0 0.0.0.0 172.16.3.2

Static routes and RIP

Now the reasonable question here is what if we have several networks/routers behind the border router. How will they know about each other’s networks?

One answer is static routes. You can tell router1 that router2 has network2 behind it by adding a static route to the network2 on the router1:

ip route 10.1.2.0 255.255.255.0 10.1.128.254

Here routers are connected using network 10.1.128.252/30 and router2 has network 10.1.2.0/24 behind it. 10.1.128.254 is the router2 ip address (next hop) where router1 should send packets for network 10.1.2.0. If you have many networks in organization, then static routes are obviously not a solution. It’s nearly impossible to configure all routers with static routes to all networks. That is where routing protocols come into picture.

The most primitive routing protocol which is common in LANs is Routing Information Protocol or simply RIP. Using RIP all routers exchange information about routes they know. As a result of RIP convergence all routers know about all networks which exist in corporate LAN. RIP is not meant to be used in WANs due to excessive amount of traffic. Each router sends RIP updates in 30 seconds. Since receiving router in its turn forwards this update to all its interfaces, it would simply paralyze the Internet. To enable RIP updates do the following:

configure terminal
router rip
version 2
network 199.1.1.0
network 10.0.0.0

This tells router to send RIP updates about all its networks on interfaces where networks 199.1.1.0 and 10.0.0.0 are configured.

RIP updates propagate as a broadcast storm. So if router has redundant links, it can receive RIP information about the same network from several interfaces. RIP uses distance in that case. Each time packet comes to a router, link with the shortest path is used to forward it.

Advertisement

NetApp NDMP with Symantec BackupExec

Some time ago I uploaded a bunch of photos from the data center, where you can find our backup setup. We connect Sun StorageTek SL500 tape library directly to NetApp filer to perform backups of the virtual infrastructure using NDMP protocol. As opposed to LAN backup, NDMP allows you to offload LAN from backup traffic. Look at the following picture:

Here BackupExec only sends NDMP control commands to NDMP host, which in its turn send data to directly attached tape library. We use slightly more complicated 3-way backup architecture:

We have two filers in high availability cluster. And each of the filers has its own hard drive shelves and data. Filer under number 3 on the picture is the primary source of backup data and data from filer 2 is backed up occasionally. Since filer 2 has no connection to the library, when backup is initiated it is send via LAN from filer 2 to filer 3 and then to the tape library.

NetApp configuration

NDMP configuration involves several steps. First of all enable ndmpd on NetApp and set version 4, which Symantec BackupExec works with:

ndmpd on
ndmpd version 4

Then it’s a generally good idea to restrict NDMP access only to particular hosts and interface, because by default access is allowed from anywhere. In our setup NDMP traffic goes through completely isolated management network. We added two IP addresses to allowed hosts. First is the backup server and second is the partner filer:

options ndmpd.access hosts=ip_1,ip_2
options ndmpd.access if=manage_if

Then I’d recommend to create separate user for NMDP backups, change its group to Backup Operators and create special ndmp password which you will use to connect from BackupExec:

useradmin useradd backup
useradmin user modify backup -g “Backup Operators”
ndmpd password backup

As a last recommendation I suggest changing preferred network interface for data connections. By default for data traffic filer uses the same network interface from which it receives control commands. But if you have separate network for filer to filer communications its preferable to use it. In our configuration it’s the same management interface so for us it doesn’t make any difference:

options ndmpd.preferred_interface manage_if

Additionally you can use the following command to list your tape library robots:

storage show mc

Do the same configuration for all filers, if you have more than one.

BackupExec configuration

For NDMP to work in BackupExec you should obtain a licence key and install NDMP Option module. Then go to Devices section, click Add NDMP Server. In Add NDMP Server dialog box specify server name and logon account. If you have more than one filer, do it for each one.

That’s it. Now you have filer volumes in backup selection lists, tapes in Media section and you are ready to do backups.