NDMP backups and Network Address Translation

Article:TECH201874  |  Created: 2013-01-21  |  Updated: 2013-01-21  |  Article URL http://www.symantec.com/docs/TECH201874
Article Type
Technical Solution


Issue



It is not possible to backup an NDMP filer that is on the other side of a gateway that is performing network address translation (NAT) or port address translation (PAT).


Environment



All current versions of NetBackup and NDMP.


Cause



When an NDMP data connection is created, one side will create a listen port, then pass the IP address and port number to the other side, which then connects to the listening port on the original host.  Because the numbers are embedded within the data exchanged, they are not visible in the packet header and are not translated by the gateway.  The receiving host will attempt to connect to the non-translated IP address and port, and will fail.  The NDMP protocol requires the use of numbers and does not provide for the use of host or service names, thus preventing the application layer on each side from translating the names to appropriate numbers for each side of the connection.

 

NDMP local backups do not use a data connection for the movement of file data (the tape is attached directly to the filer being backed up). However, at the end of the backup, the media server will send the TIR data (the catalog file) to tape. To do this, the media server creates a listen port, passed the address and port to the filer, which then connects. If a NAT gateway is present between the media server and the filer, this will not work.

 

NDMP three-way (3-way) backups will encounter the same problem transferring the TIR data if a NAT gateway is present between the media server and the filer with the tape device.  In addition, a data connection is needed for movement of the file data between the filers.  One filer creates a listen port and passes the address and port to the other filer via the media server. If a NAT gateway is present between the filers, the address and/or port forwarded by the media server will not allow for a successful connection between the filers.

 

NDMP remote backups use a data connection for the movement of file data between the filer and the media server.  The media server creates a listen port and passes the address and port to the filer. If a NAT gateway is present in between, the filer will be unable to connect.


Solution



NDMP backups are only possible when NAT and PAT are not used between the media server and the filer(s).





Article URL http://www.symantec.com/docs/TECH201874


Terms of use for this information are found in Legal Notices