VMCE v9 Study Guide – Module 4 – WAN Accelerators and Managing Network Traffic
I didn’t really see WAN Acceleration mentioned anywhere within the course description of the VMCE class, so I decided this might be the best place to fit it in since we will be talking about managing network traffic in Module 4. That said, I’m sure the topic will be brought up again in later modules, however let’s go over what we can here!
WAN Acceleration is Veeam’s answer to help optimize VM traffic that will be going over the WAN. It does this by deploying at least 2 WAN Accelerators on 64 bit Windows Servers, one located at the source, and one located at the target. If you remember back to Module 3 we spoke a bit about WAN Acceleration so some of this may be a repeat, however its good to know for the exam.
Configuring WAN Accelerations happens in the following way
- Configure Source side WAN Accelerator, then the target.
- Launch the New WAN Accelerator wizard from the Backup Infrastructure view
- From the Server step
- specify the Windows Server you wish to use for the accelerator
- provide a description
- Traffic Port – Specify network port used for source to target communication – defaults to 6165
- Streams – Number of connections that must be used to transmit data (defaults to 5). Keep in mind as this number increases so will the bandwidth and accelerators resources it requires. Applies only to the source WAN Accelerator.
- Cache – location of service files and global cache
- Folder – Path o location where service files (for source and target) or Global Cache (target only) must be stored. Defaults to c:\VeeamWAN. It’s also best not to nest these deep in the file system as service file names can be very long, no use in making them longer.
- Size – Specify a size for the target WAN Accelerator according to the sizing best practices – we will go over this below
- Review components to be installed (data mover service, WAN Accelerator service) and click ‘Next’ to finish.
Clearing/Populating Global Cache
These process can all be accomplished by right clicking on the WAN Accelerator within the Wan Accelerators node in the Backup Infrastructure view and selecting the desired operation (process explained below)
WAN Accelerator Sizing
As mentioned above there are some best practices we need to take when correctly sizing how much space we need for WAN Accelerators, both source and target.
Source WAN Accelerator
- Veeam analyzes data blocks that will go to target and digests them, these are stored in our source accelerator.
- Size of cache on source accelerator depends on the capacity of all our source VM disks.
- Every 1TB of data requires 20GB of cache space. IE if you have 4TB of VM disks you are backing up, you should provide 80GB of cache on the source accelerator.
- There is no global cache on the source, only the digest metadata is stored here. Global is just for target accelerators.
Target WAN Accelerator
- This is where our global cache is stored.
- Global Cache is basically a library that holds data blocks that go from source to target.
- Populated fully on the first cycle of a job.
- If a new data block is constantly sent across the WAN, it will be added to the global cache.
- If an already cached block is not sent over the WAN after a period of time, it will be removed from the global cache.
- If a periodic check deems a block in the global cache is corrupt, it will remove it.
- Global cache can copy blocks stored from one source accelerator folder to another source accelerator folder if they are the same, meaning if we have two locations each replicating a Windows 2012 server, we can simply copy blocks from the first cache to the second cache without having to send them across the WAN.
- The Global Cache can be pre-populated without actually running the job.
- Useful on the first run of a job so all data blocks don’t need to be copied
- Useful if the cache becomes corrupt to prevent all data blocks to be copied again. This requires you to clean the cache first
- Encrypted backups are not used for population
- You cannot start any jobs using the accelerator while the cache is being populated.
- Veeam uses data blocks stored in specified repositories to populate the cache – only OS blocks are copied.
- That said if there is other accelerator cache already located in the target, it will match OSs from the source repository and copy these blocks directly from the already existing cache folders if they exist.
- Copied to a default cache folder, when a remote job starts Veeam renames this to the source accelerator used in the job.
- Recommended to provide 10GB of cache per every type of OS utilized. (defaults to 100GB, so 10 OSes). IE – say we backup 10 VMs (1xWin7, 6xWin2008, 3xWin2010) we should provide at least 30GB (3 OS types x 10GB).
- If the Digests data on the source accelerator is missing or for some reason cannot be used, the target accelerator will have to re-calculate this, therefore, will require space to do so. Therefore the same rule of source sizing applies also to target, in addition to the OS type cache allocated. IE those 10 VMs also occupy 4TB of space we will need to add 80GB (20GB/TB * 4) more cache space in addition to our OS cache. So 80GB for digest calculation and 30GB per OS caching = 110GB total.
- All this said, Global Cache is calculated per source accelerator. Within Veeam we have the ability to apply a many to one situation, meaning many source accelerators running through 1 target accelerator. This changes our cache size exponentially depending on the number of source accelerators. The formula is as follows
- Total Cache Size = (number of source accelerators) * ( Size of target WAN accelerators properties [10gb/OS]) + 20GB/TB of source data.
- Let’s say we add a second source accelerator to our example we have been using. The second accelerator has 1TB of source data spread across 2 OS types (Linux, Server 2003). We would end up with the following for a global cache size
- Total Cache size = 2(we have two source accelerators) * 50GB (5 OS types [Linux, server 2003, server 2008, server 2012, win7) at 10GB per) + 100GB ( 5TB of source data spread across the 2 source locations)
- 2 * 50GB + 100GB = Total Cache Size of 200GB
- With all of this, if you have the space it’s best to add as much as you can in order to obtain more efficient acceleration as it would be able to hold more repeating data blocks.
Data Block Verification
Veeam calculates checksums on blocks being transferred between source and target to help ensure that no corrupt blocks are stored in the global cache. This works in the following way
- Before sending, Veeam calculates a checksum on the block
- When the target receives the block it re-calculates this checksum (before it is even written to cache).
- The checksums are compared, if there is a difference, the target sends a request for the source to resend, upon receiving the block again, it is written to the global cache.
WAN Acceleration works in the following way
- If using a backup copy job, Veeam uncompressed backup file to analyze content
- Source accelerators analyzes data blocks and creates file with digest for blocks.
- Veeam compresses data and sends it to the target
- Target populates global cache with blocks from the copied file
- On the next job cycle, source analyzes data blocks in the file that need transferred and creates digests just for these blocks
- Source compares new digests with old – if duplicate blocks are found the file is not copied over the WAN. Instead, the target will pull this file from the global cache
- Also, restore points already existing on the target side are analyzed – if there is a duplicate located in them, the target will take them directly from the restore points.
Managing Network Traffic
Before we get into some of the ways we can throttle and manage our network manually, let’s have a look at a couple different ways Veeam manages network disconnects automatically.
Data Transport on WAN Disconnect
This type of reconnection attempt exists only on jobs who utilize WAN accelerators. Basically if a connection drops while we are transferring VM data between accelerators VBR will pick up and resume the job from the point where the connection was lost when services are restored, rather than starting all over again. When the connection is restored, VBR will initiate a new transfer process, this time writing data to a new working snapshot. If the connection drops multiple times, veeam will only keep 2 working snapshots on the VM by merging previous ones together. Once all data has made its way to the target, all snapshots are merged and a new restore point is created.
Resume on Disconnect
This process handles network disconnects not applying to accelerators, and handles disconnects between backup server, proxies, and repositories (storing replica metadata). VBR will attempt to reestablish the connection every 15 seconds for 30 minutes, picking up right where it left off.
Network Traffic Throttling Rules
Network throttling rules are setup and enforced globally on the backup server. They essentially limit the maximum throughput of traffic going from source to target. They are set with a pair of IP addresses, source ip, and target ip. If a component within the backup infrastructure fall into the specified source and target IP range, the rule is applied to them. The steps to set them up are as follows…
- Select Network Traffic from the Main Menu and click ‘Add ‘ in the Global Network Traffic Rules section.
- In the source ip range, specify a range of IPs representing the source components
- In the target IP range, specify a range of IPs representing the target components.
- Select the box to Throttle Network traffic
- Specify the maximum speed that must be used to transfer VM data to in the Throttle to field
- In the Apply throttling we can set up a schedule in which this rule will apply, or have it apply all the time.
- If a rule has overlapping schedules, the rule with the lowest maximum speed will apply
- Network Data Encryption is also setup in this same manner with the Encrypt network traffic checkbox. More on network encryption below
Managing Data Transfer Connections
By default Veeam uses 5 TCP/IP connections to transfer data from source to target. This may cause network traffic to be heavy if multiple jobs run at the same time. This can also be changed in the Global Network Traffic Rules settings using the ‘Use multiple upload streams per job’ selection box.
Enabling Network Encryption
By default Veeam encrypts data with 256-AES flowing to/from public IPs, however you may want to have encryption between your local/remote source and targets. Again this is done in the Global Network Traffic Rules window by clicking add. It’s the same process as setting up throttling rules (above), however checking the ‘Use Network Encryption’ box.
Specifying priority networks for transfer
VBR gives you the ability to specify what networks you want to send your VM data on. This is useful if you have some sort of backup network or non-production network that is utilized for backup data. Again from the Global Network Traffic Rules section we set this up
- Click on Networks
- Select to ‘Prefer the following networks for backup and replication traffic’ and click ‘Add’
- Specify a network in a CIDR notation or mask
- VBR will failover to the production network if for some reason the preferred networks are unavailable.