One of the many challenges with entire site recovery in times of disaster recovery is being able to provision network settings appropriately for the DR location. Whatever mechanism being used to replicate virtual machines will by default be carrying an exact copy of the virtual machine including the network settings for the primary production site location. Generally, the network at the DR/secondary location is different (different subnet, gateway, DNS, etc) than the production location. VMware’s Site Recovery Manager 8.1 is a powerful product allowing organizations to have a fully featured product allowing automation and orchestration of site recovery mechanisms that allow seamlessly replicating virtual machines across between production and recovery sites and failing over. In this post we will take a look at Automating DR Recovery Site VM Network and IP Configuration with VMware SRM 8.1 and see how SRM 8.1 provides the features and functionality to map networks and change IP configuration on replicated VMs.
Why Is Recovery Site Network Reconfiguration Needed?
We have already touched on this a bit, but why is recovery site network reconfiguration needed? Wouldn’t you simply be able to power on your virtual machines at the recovery site and everything work? Well, to a point you would be able to do that. The virtual machines would certainly boot and be configured the way they were configured in the production site with the same static IPs, etc. However, keep in mind the virtual machine would need all the same network infrastructure in place before it would truly be able to communicate, including the same gateway and DNS server addresses. Generally speaking, most recovery or DR sites are not running the same internal LAN subnet as exists for the production subnet as this would result in overlapping subnets and routing issues.
Granted, there are ways to have overlapping subnets in the same environment, but this involves NAT’ing and other network mechanisms that allow separating the two overlapping subnets and having some sort of intermediary network addresses to route to and from which allows traffic to flow between them. This creates a good deal of complexity. So, while it can be done, in a DR situation you most likely do not want to introduce additional complexity just to have network connectivity.
When thinking about hypervisor hosts such as ESXi, you also can potentially have different network labels in existence at both locations so the port group names could be labeled differently between the recovery site and the production location.
Automating DR Recovery Site VM Network and IP Configuration with VMware SRM 8.1
VMware’s Site Recovery Manager includes some really great functionality that helps to account for the network differences that exist in the protected site vs the network configuration that may exist in the recovery site. This allows SRM to reconfigure the recovered virtual machine (replicated virtual machine) with the corresponding network settings that are appropriate for the recovery site.
It does this by way of the Network Mappings settings. In Network Mappings, you can map port groups between your ESXi environment in the protected site with the corresponding port group that you want to utilize in the recovery site. This allows the VM to come online in the correct port group.
Additionally, there are IP Customization rules that allow basically mapping an IP address scheme from your protected site with the corresponding IP address scheme at the recovery site. With the IP customization rule, VMware Site Recovery Manager preserves the host bits for statically assigned virtual machines and replaces the network bits. So as an example, in my lab environment:
Protected site – 10.1.149.53/24
would be reconfigured to
Recovery site – 192.168.1.53/24
In the above the class C address space is changed but host address is preserved. Let’s take a look at how to create the network mapping rules and test network for SRM between the protected and recovery sites.
Create Network Mapping with Site Recovery Manager 8.1
As you can see below, you navigate to the Network Mappings section under the Configure menu. Once there, under the network mappings section, you can edit mappings already there or click the +New button to add a new mapping.
Here I am selecting to Prepare mappings manually. You can have the wizard automatically prepare the mappings by mapping the matching names together at each site.
Expand the available networks under each site and Add Mappings.
Here I am simply selecting the VM Network label at each site then clicking the Add Mappings button.
Network mapping has been added.
You can select to reverse the mapping as well for your reverse replication. Select the reverse order listed and click Next.
The Test Network are used instead of the recovery networks while running tests of the recovery plan. The isolated networks are automatically created and used during the tests for all networks.
The wizard is ready to complete the new network mappings wizard.
Creating a New IP Customization Rule in SRM 8.1
So, we have handled the customization of the network mapping. Now, the IP address still has to be configured. For that, Site Recovery Manager allows creating IP Customization rules that allow customizing the IP address of the recovered virtual machine automatically.
The Add IP Customization box pops up, allowing us to configure the source IP range at the protected site and then defining the resulting IP subnet range at the recovery site. Site Recovery Manager will look at the IP address of statically assigned virtual machines in the recovery site and see if they match the source range. If they do, it will then look at the target subnet that needs to be configured and replace the network bits with the configured network range of the resulting subnet at the recovery site. You also have the ability to configure the gateway, DNS suffixes, Primary WINS server and Secondary WINS server.
We now have both the network mappings and IP customization configured for our Site Recovery Manager Recovery plans to operate both in test mode and production failover.
All too often, we think very in depth about the actual data protection (which is critical and extremely important). But we fail to think about connectivity to that data after it is restored. It is critically important to think through how connectivity is restored back to virtual machines that have been recovery possibly in a different site altogether and how those virtual machines are going to be brought back up on the network. if you have one or a handful of virtual machines, you may get away with doing this manually. However, if you are talking about tens or hundreds of VMs, you need to have an automated way to do this. Automating DR Recovery Site VM Network and IP Configuration with VMware SRM 8.1 makes the process extremely easy by defining mapped networks and creating IP customization rules that can take care of the heavy lifting involved with assigning the network port group at the recovery site as well as handle the re-IP’ing of the virtual machines so they can access the network i a totally different IP subnet.