Hi, this is possible to achieve in multiple ways. Veeam supports preferred networks so you insert the IP ranges of the backup networks and Veeam will always try to talk to those first. Make sure that if it is not routable that some device such as a firewall (can even be the server’s internal firewall) blocks the packet rather than silently dropping the traffic. Failure to do this will result in job initiation delays due to packet timeouts and retry attempts.

Alternatively you can just use firewall controls to prevent specific ports on specific interfaces.

Hi ​@nsofl.chen,

Do you maybe have a visio (or some other tool) draft that you could share? Basically you can define the netflow with component placement. This means that you e.g. have virtual proxies on the source site (that should be located in a dedicated subnet btw) that are connected via firewall / WAN to you backup site. The components on the backup site should be located in the dedicated subnet as well.

The transport will be done with TCP/IP so with network design you can define the traffic rules that are done by component placement.

In case that you use NBD as transport procotol please keep in mind that this will always trigger the Management VMKernel adapter so you have to think about handling the traffic there as well - it should be all about design.

Hope that helps! In case that you need more information please reach out.

Take care!

Lukas

Hi ​@nsofl.chen 

I agree with Lukas and Michael. Normally have a dedicated backup network is best way, when we design an architecture we suggest to create it. 

an example of a simple draft is this

​@MicoolPaul, ​@lukas.k, ​@Andanet ,

Thank you all for reply,

as my first said, veeam only have a management LAN, proxy, gateway server and VC add to veeam are using management LAN bacause veeam can’t communicate with backup LAN, and users hope that when run backup job, proxy  used backup lab to communicate with VC and gateway server, but in my actual testing, my proxy and gateway server communicate using management LAN not backup LAN .

Is it because they are added on Veeam using management LAN?

That isn’t a problem that they were added with management LAN. The Veeam components enumerate all interfaces, use preferred networks to specify the networks that you wish for components to communicate via. If those networks are unavailable then it will failover to other networks available. The logs will show if it was unable to communicate on the preferred interface

You should consider to re-design your setup that the Veeam systems (which is a backup component) is (as completely as possible) separated from the productive VC infrastructure and maybe a firewall is handling the traffic betweeen the networks to be consistent. But I totally agree with Michael.

​@MicoolPaul ,

So how to make veeam components go specified interface?

​@nsofl.chen see https://helpcenter.veeam.com/docs/backup/vsphere/select_backup_network.html?ver=120

Hi ​@MicoolPaul , ​@lukas.k ,

I’ve tried let proxy go prefer network, 

I will test with the user again  if this meets their needs.

Thank you all.

​@nsofl.chen just a little reminder for you.

When you set preferred network consider that is applied between source (VM) and target Data Movers (proxy).

In your case (VM backup) proxy and repository must have a NIC in the backup vLAN. As in my previous drawing.