Skip to main content
Question

Separate network backup traffic and backup traffic for backup repository server

  • April 19, 2025
  • 4 comments
  • 63 views
K

Dears:

I have a question about how to implement: We want to separate network backup traffic and backup traffic for backup repository server.

For example, we will set one IP: 1.0.0.1 on backup repository server with DNS host name to handle all backup traffic. At the same time, we want to use another IP: 2.0.0.1 on backup repository server to replicate data to the secondary repository server using backup copy.

Any ideas how to implement?

Thank you very much!

4 comments

Chris.Childerhose
Forum|alt.badge.img+21
  • Chris.Childerhose
  • Veeam Legend, Veeam Vanguard
  • 9587 comments
  • April 19, 2025

You need to use network rules within Veeam.  As long as each subnet can talk to each other you are good.

https://helpcenter.veeam.com/docs/backup/vsphere/network_rules.html?ver=120

https://bp.veeam.com/vbr/3_Build_structures/B_Other/network_rules.html

 

Chris Childerhose - VMCA2024 | VMCE2023 | VMCE-SP2024 | Veeam Vanguard 8* | Veeam Legend 5* | VUG Canada Leader | vExpert 6* | Toronto VMUG Leader | VCAP-DCV/VCP-DCV | Object First Ace | Cisco Champion | Twitter: @cchilderhose | Blog Site – https://just-virtualization.tech
waqasali
Forum|alt.badge.img+4
  • waqasali
  • Influencer
  • 413 comments
  • April 20, 2025

Hi ​@Kan Lin This is the goal:

 

Use IP 1.0.0.1 primary NIC to receive primary backup data from production VMs.

Use IP 2.0.0.1 secondary NIC to send backup copy data to another secondary backup repository.

 

let's check how we can achieve this target:

 

Configure the network interfaces and make sure firewall ports are open between 2500-3300 for data movers.

IP 1.0.0.1 to the NIC used for regular backup traffic.

IP 2.0.0.1 to the NIC used for backup copy.

 

Configure Hostname:

 

repo-backup. domain.local → 1.0.0.1

repo-copy.domain.local → 2.0.0.1

 

in the end create a new traffic rule in VBR.

Source IP: your VBR IP
Target IP: 2.0.0.1 for backup copy
Ports: default or customized ports
Purpose: Backup Copy traffic only

 

Please check hows going.

 

Waqas Ali
Marcel.K
Forum|alt.badge.img+9
  • Marcel.K
  • Veeam Legend
  • 297 comments
  • April 21, 2025

Hi Kan Lin

i have almost this design as well

as mentioned here, it replication to secondary repository server will run, it will run over 2.0.0.1, but if you will see traffic needed as well backwards from secondary to primary on ports 2500-3300. So in some cases you will have connection back and this will be from 2.0.0.1 to 1.0.0.1. So completely to isolate is not possible.

Marcel Kačmár | VCSP Partner 2022 | VMCE 2024 | VMCA 2024 | Veeam Legend 2025 |
Marcel.K
Forum|alt.badge.img+9
  • Marcel.K
  • Veeam Legend
  • 297 comments
  • April 24, 2025

in my design i have two different admin lan so 1.0.0.0 and like 11.0.0.0  and both components have same backup vlan like 2.0.0.0. Then traffic is on 100% only via 2.0.0.0.

So if on secondary repository server you will remove interface, or change, you will always have traffic over 2.0.0.0, as there is no other opton.

If you cannot, you an edit hosts file and put into hosts ip 2.0.0.0 of primary repository server (if you are using fqdn in console), then traffic will try to reach over fqdn and traffic over 2.0.0.0 will be managed via this vlan only. In my tests host file is used first and then dns, so traffic should always run over 2.0.0.0. So is not problem to resolve fqdn of primary on secondary repository as well.

Marcel Kačmár | VCSP Partner 2022 | VMCE 2024 | VMCA 2024 | Veeam Legend 2025 |


Terms & ConditionsAccessibility statement