Solved

Limiting the data ports used to send data between Media Agents

  • 29 June 2021
  • 6 replies
  • 1490 views

Userlevel 1
Badge +4

Hi.  We have a complicated setup where we are using a Topology Group to send data between Media Agents through a Firewall and Proxy.  Once the data hits the Firewall all data is forced into 2 tunnel ports.

In addition to this control we would like to reduce the number of source ports being used so that these can be monitored for backup flow.  Currently using the Dynamic Port Range 49152 and 65535 does not allow us to do this.

Is it as simple as forcing all data traffic into the tunnel (8403 by default) and if so will this create a bottleneck.

Thanks, Andy

icon

Best answer by Daniel Long 29 June 2021, 14:25

View original

6 replies

Badge

You can configure a specific range of ports for the computers or groups in the Topology.
 

  • Right-click on the Group that contains the media agents and select Properties.
  • Click the Network button.
  • Select the Incoming Ports tab.
  • Under “Additional open ports” enter a “From” and “To” port number and click the “Add” button.

    For instance, you can enter a range such as 8600-8620 or 8600-8699, which is usually sufficient.
     
  • Just avoid using the default Commvault communication ports, such as 8400 (CVD.exe process) and 8403 (default tunnel port).
Userlevel 1
Badge +4

Hi Daniel

Thank you for your reply. 

To confirm a little more of my setup we have 20 sites (MAs) all going into 1 site (2MAs).  Currently they all have random source ports.  They have Outgoing routes configured on the group go through a firewall device, using port forwarding on 2 specific ports, which points to the proxys.

Are you saying that if I set incoming ports on the 1 site (2 MAs) that all source traffic will then use only that port range.  And if so will that conflict with the port forwarding, or will this be fine as a tunnel port.

Thanks again for your input.

Andy

Badge

Thank you for the clarification.  Based on the additional information, you should try the forcing all data traffic into the tunnel option, instead.

Then compare your aux copy times before and after making the change.  If it becomes a bottleneck, you should open a case with support.

Userlevel 7
Badge +23

Hi @akirby , following up to see if @Daniel Long ‘s advice worked :sunglasses:

Userlevel 1
Badge +4

Hi Mike.  I think that it is the option to go for.  The issue is trying to set this without disturbing the other Network Topology's and groups.  Hope to get a response back from the team as to how it will be effected

Userlevel 7
Badge +23

Sounds like a (potential) plan!  Keep us posted!

Reply