Networker

Re: [Networker] Which interface?

2003-01-09 07:10:00
Subject: Re: [Networker] Which interface?
From: Paul White <Paul.White AT ADIC DOT COM>
To: NETWORKER AT LISTMAIL.TEMPLE DOT EDU
Date: Thu, 9 Jan 2003 04:06:23 -0800
Rob,

The multi-interface support in NetWorker is meant to provide for load
balancing across multiple interfaces on one network. The problem you have
(as others have suggested) is that NetWorker will always want to resolve the
primary name of a client, and then use that for the meta-data during backup
initialisation, even though the main data flow is across the interface
specified in the client setup.

So when you start a backup from "client" (the client) to "legato" (the
server) it will resolve the main server name and try to contact that.
Strictly speaking it sounds to me like your Legato server is straddling a
DMZ AND an internal network, which security wise is a slightly shaky idea
IMHO. If you have to run with this, then what you can do is configure the
client to only know about a server called "legato-dmz", and the server to
only know about a client called "client-dmz" which forces all communications
down the interface that you want, the side effect here is that you might
have to remove all resolution for the real name of the legato server from
the client. So in other words "nslookup legato" on the client will fail, but
"nslookup legato-dmz" will succeed.

It CAN be done, but usually, you have to mess the name resolution so much
that it removes functionality from other apps. I can't remember all the
steps, but I think last time I tried this I had to set the client to always
resolve "legato" and "legato-dmz" to the "legato-dmz" IP, and the other way
round for the client name from the server.

If I can recommend something, I presume that there is a firewall joining
your DMZ to your internal LAN. If you just set up default routes so that
contact to the DMZ client (and its subnet) has to go through the firewall,
and the client has to come back to the server this way, then it is much
easier to configure. In this case you have to open some ports, as Terry
suggested, the exact amount depends on how many streams you are going to run
at once, but I think the admin guide covers this. If not, try to find a
Legato course manual, as this was part of the Admin 1 course when I used to
run it last year whilst working at a Legato VAR (pre-global knowledge Legato
Training scheme).

Regards

Paul.

------------------------------

Date:    Mon, 6 Jan 2003 14:54:38 -0500
From:    "Robert L. Harris" <Robert.L.Harris AT RDLG DOT NET>
Subject: Which interface?

  I'm trying to get a couple clients working.  These clients need to use a
different interface than most.  The server has 2 interfaces:
legato(eth0) and legato-dmz(eth1).  The new servers need to use legato-dmz.=
=20 I've gone into my client config and added the legato-dmz to the option
for "Server network interface" however a "save -s legato-dmz" executed on
the client hangs.  If I strace the save.real process I can see it waiting to
get to the IP for legato.  All the resolution points to legato-dmz, there's
no crosses I can find.

Thoughts?=20
=20
  Legato 6.1.2 Build340



:wq!
---------------------------------------------------------------------------

Paul White BSc (Hons), Pre-Sales Systems Engineer
Advanced Digital Information Corporation (ADIC) Europe

115 Wharfedale Road,    SwitchBoard: 0118 922 9100
Winnersh,               Mobile:      07876 575321
Berkshire,              Email:       Paul.White AT ADIC DOT com
RG41 5RB, UK            Web:         www.adic.com

--
Note: To sign off this list, send a "signoff networker" command via email
to listserv AT listmail.temple DOT edu or visit the list's Web site at
http://listmail.temple.edu/archives/networker.html where you can
also view and post messages to the list.
=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=*=

<Prev in Thread] Current Thread [Next in Thread>