Veeam

This site uses Just the Docs, a documentation theme for Jekyll.

Search

3.5 Cloud gateway pools

Cloud Gateway Pools is a new feature introduced with Veeam Backup & Replication 9.5 Update 4.

Cloud Gateway pools are designed to overcome the previous limit of publishing Veeam Cloud Connect over multiple networks. Previously, the process of publishing and connecting to a Cloud Connect environment was bounded to a single network, because of the way that Cloud Gateways were announced to clients.

In a common deployment, like the one described in this book, multiple Cloud Gateways are deployed over the same network, and they are all published under the same DNS Round Robin resource record. As a recap, this is the configuration of the lab used for this book:

HOST INTERNAL IP DNS HOST NAT IP
gtw1.cloudconnect.local 10.10.111.35 gtw1.virtualtothecore.com 185.56.139.35
gtw2.cloudconnect.local 10.10.111.36 gtw2.virtualtothecore.com 185.56.139.36
gtw3.cloudconnect.local 10.10.111.37 gtw3.virtualtothecore.com 185.56.139.37

When initiating a connection, a client resolves the record cc.virtualtothecore.com and it can receive any of the possible records from the DNS server thanks to round robin. As long as at least one gateway is available, the connection is successful. Once the connection is established, Cloud Connect server sends to the tenant the entire list of all the available gateways, listed with both their DNS name and IP address, and also tells the tenant to which Gateway it should connect, which is usually the one with the lowest amount of active connections. This design works perfectly over public internet, but it may lead to some connection issues in other scenarios; this can be solved thanks to Cloud Gateway Pools.

Imagine the scenario where a different network needs to be used to connect the tenant to Cloud Connect, for example a private line over MPLS. This is a common scenario in service providers offering dedicated links to large customers, or when the service provider is also a telecommunication provider with its own private lines.

Architects would deploy a dedicated Cloud Gateway over this different line, and configure its networking in a proper way to make the new gateway part of the Cloud Connect environment, like this:

Cloud Gateway Pools architecture

3.10: Cloud Gateway Pools architecture

Without Cloud Gateway Pools, every gateway is announced to every tenant connecting to Cloud Connect, regardless the source network. So, customers connecting from public Internet will also receive in the listing the GTW4 machine, which has no public IP address and cannot be reached from Internet.

In the same way, a customer connecting via MPLS will receive together with the correct GTW4, also the other three gateways, which are not reachable over MPLS.

Cloud Gateway Pools are designed to make these situations work in a proper way.

Cloud gateway pools architecture

A cloud Gateway Pool is a logical group made by one or more gateways. A gateway can only belong to one pool, or to no pool (the “default” pool). A customer can receive one or more pools, if selected, otherwise he will connect to the default pool - if it has gateways in it, that is, if not all the gateways has been allocated to the pools.

During the tenant configuration, for either backup or replication services, the provider can assign a specific pool:

Cloud Gateway Pools assignment

3.11: Cloud Gateway Pools assignment

In the dedicated box, the tenant has two options:

Cloud Gateway Pools configuration

3.12: Cloud Gateway Pools configuration

  • Automatic selection: the least loaded gateway not belonging to any gateway pool will be selected each time the tenant connects. This means that the same existing algorithm for assigning a connection to a tenant is in place also here, but the selection is not made among all the gateways, but only among the gateway not assigned to any pool. If there are no free gateways, the software will return an error:

There are no default gateways

3.13: There are no default gateways

In this case, the provider has to assign one of the available pools, choosing the other option;

  • Use the selected gateway pools” Again, the algorithm for gateway assignment is in action, but it will assign the least loaded gateway from the gateways belonging to the pool(s) assigned to the tenant. In fact, multiple pools can be assigned. Also, the additional option to Failover to the default group allows to connect to the other gateways if none of the gateways in the pool are available. This could be a common scenario for MPLS customers for example, when the private link is down and so Cloud Connect can failover to public Internet for proceeding in the backup or replication.

Because of this behaviour, a good design could involve the creation of dedicated pools for specific needs like MPLS, private links or internal tenants, and leave the gateways connected to public Internet without a pool, so that they will become both the default pool and the failover pool.