NetApp NDMP Restores using high RPC ports

Last post 01-09-2020, 8:38 AM by johanningk. 5 replies.
Sort Posts: Previous Next
  • NetApp NDMP Restores using high RPC ports
    Posted: 12-21-2019, 1:54 PM

    Hi All,

    I got the following configuration:

    Commvault SP14 HPK29

    Commserve - 192.168.91.5

    MA01 - 192.168.91.6

    MA02 - 192.168.91.7

    MA03 - 192.168.91.8

    MA04 - 192.168.91.9

    NetApp C-mode filer (ONTAP 9.5 something) - 192.168.91.10

    Two restores servers:

    CV-TST01 - File System Agent Installed - 192.168.91.11

    CV-TST02 - File System Agent Installed - 192.168.95.20

    All the IP Address of course is made up, just to show you all the commvault infrastructure, Netapp filer and 1st restore servers are on same VLAN (VLAN 91), and the other restore server on another one (VLAN 95).

    Backing up NDMP 2 disk (Regular storage policy with one primary copy going to a disk library connected to the media agent by fiber through our SAN Switch).

    1. Scenario 1:

    restoring data from the backup to CV-TST01 through one of the media agent - works but using RPC High ports (49,000-65,535) - don't care because it is working fine

     

    2. scenario 2:

    Restoring data from backup to CV-TST02 doesn't work as our firewall blocks high ports traffic between media agents and clients, intentionally of course.

    The only ports opened between clients and commserve\media agents are 8400-8655.

    NDMP restores doesn't seem to honor the inside firewall topology configured in commvault.

    3. scenario 3:

    Restoring regular file system agent files (regular, not NDMP) to CV-TST02 works fine with the ports configured inside commvault network topology. 8400-8655 ports are honored.

     

    Please help as I can't find any mention in BOL to why NDMP restores using high RPC ports and regular file system files restore do honor the commvault topology and succeed behind a firewall.

    Thank you

  • Re: NetApp NDMP Restores using high RPC ports
    Posted: 12-25-2019, 1:58 PM

    Someone please?

    No one ever ran into this situation?

  • Re: NetApp NDMP Restores using high RPC ports
    Posted: 12-25-2019, 6:13 PM

    Being holidays for many people isn't going to help. Other people appear to have come across similar issues on the forums here, like https://forum.commvault.com/forums/thread/37205.aspx

  • Re: NetApp NDMP Restores using high RPC ports
    Posted: 01-04-2020, 11:55 AM

    NDMP is a older method for backups. It doesn't work effectively with host-based firewall environments. I would only recommended using it on a Data Storage Network. My previous implementations have required the use of a firewall rule that allows all ports in bi-direction (udp & tcp) between the two devices.

  • Re: NetApp NDMP Restores using high RPC ports
    Posted: 01-06-2020, 6:38 AM

    Hi Itaish

    You can also consider using Intellisnap

    https://documentation.commvault.com/commvault/v11/article?p=34773.htm

    By leveraging Intellisnap you are doing Hardware Level snaps and retaining the snaps directly on the Filer. 

    Of course there is a limit to the amount of snaps that can be kept on the filer, so you can incorporate retention to retain snapshots for up to 7-14 days, and then Backup Copy the Data to Disk or Tape (for long-term retention)

    By leveraging Hardware snaps the restore will be a lot quicker as you are browsing the snapshot from the Filer level. 

    However if NDMP backup is a business requirement, settiing up a one-way network route at the MediaAgent level, pointing to the NAS Filer Client (you don't need to set anything on the NAS Client as this does not contain any Commvault software) this will restrict the ports that are used when communicating to the Filer 

    Regards

    Winston 

  • Re: NetApp NDMP Restores using high RPC ports
    Posted: 01-09-2020, 8:38 AM

    Hi Itaish,

    to restrict NDMP data port Selection during backup and restore, it is required to enter a Network Route Configuration to the MediaAgents used.

    in addition to the cvfwd port (typically 8403)  you can add additional Port Ranges on the Incoming Tab (e.g. 8404-8655) of the Network Properties of the MA client.

    These ports will be selected for NDMP Data between NDMP host and (NDMP Tapeserver) MediaAgenten.

    It might be required to define Data Interface Pairs between MediaAgent and NDMP Host as well to get these restrictions activated. DIPs will enforce the use of cvfwd on the MediaAgent.

    the NDMP Controltraffic Port (typically 10000) is always required to enable communication from MediaAgent to NDMP host.

    regards
    Klaus

The content of the forums, threads and posts reflects the thoughts and opinions of each author, and does not represent the thoughts, opinions, plans or strategies of Commvault Systems, Inc. ("Commvault") and Commvault undertakes no obligation to update, correct or modify any statements made in this forum. Any and all third party links, statements, comments, or feedback posted to, or otherwise provided by this forum, thread or post are not affiliated with, nor endorsed by, Commvault.
Commvault, Commvault and logo, the “CV” logo, Commvault Systems, Solving Forward, SIM, Singular Information Management, Simpana, Commvault Galaxy, Unified Data Management, QiNetix, Quick Recovery, QR, CommNet, GridStor, Vault Tracker, InnerVault, QuickSnap, QSnap, Recovery Director, CommServe, CommCell, SnapProtect, ROMS, and CommValue, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.
Close
Copyright © 2020 Commvault | All Rights Reserved. | Legal | Privacy Policy