KNOWN RESTRICTION: NetBackup 8.x, 9.x and 10.x Environment will not run on LINK-LOCAL (APIPA) subnets
Problem
NetBackup services will not start when LINK-LOCAL IP addresses are used.
Error Message
N/A
Cause
IPv6 support, introduced in NetBackup 7.1, ignores LINK-LOCAL IP addresses and some NetBackup services will not start on servers that use these address ranges.
In NetBackup 7.x, 8.x, 9.x and 10.x this behavior has been extended to IPv4 networks and, by default, will prevent NetBackup from starting on servers running on Automatic Private IP Addressing (APIPA) subnets in the range from 169.254.0.1 to 169.254.255.254.
For customers using APIPA subnets and either installing NetBackup 8.x, 9.x or 10.x for the first time or upgrading to NetBackup 8.x, 9.x or 10.x, this problem may manifest itself as a "NetBackup not running problem" after the upgrade completes. This is most likely to affect development/test environments and POC configurations configured in virtual environments.
Based on guidance from the Internet Engineering Task Force (IETF), Veritas has adopted a policy of ignoring LINK-LOCAL network ranges. The reasoning behind this guidance from the IETF is that LINK-LOCAL addresses are not suitable for use in enterprise production networks. Messages sent using LINK-LOCAL addresses are not routable between subnets and can result in connectivity problems that are difficult to diagnose.
Solution
The default behavior of preventing NetBackup starting on machines with APIPA network addresses can be overridden by adding the following entry to the bp.conf file on UNIX and Linux servers:
ALLOW_LINK_LOCAL_APIPA_ADDRS = TRUE
For Windows servers, add the string value ALLOW_LINK_LOCAL_APIPA_ADDRS to the registry key HKEY_LOCAL_MACHINE->SOFTWARE->Veritas->NetBackup->CurrentVersion->Config with a value of TRUE. This change will override the checks and allow NetBackup services to start normally.
*During client installation, an error occurs when executing nbcertcmd during the process. Therefore, complete the installation first with “Proceed without configuring security certificates” option,
and install certificates manually with the following nbcertcmd command with “ALLOW_LINK_LOCAL_APIPA_ADDRS” enabled.
nbcertcmd -getCACertificate
nbcertcmd -getCertificate
The command bptestnetconn can be run on the server to identify when an APIPA address is in use, as in the following Windows example shows:
C:\Program Files\Veritas\NetBackup\bin\admincmd> bptestnetconnSERVER = london
OPS_CENTER_SERVER_NAME = london
------------------------------------------------------------------------
NBU IP_ADDRESS_FAMILY configured to use Remote Addresses: IPv4(yes) IPv6(no)
FL: london -> 169.254.128.102 Warning: LINK-LOCAL (APIPA) [NOT USED] : 15
ms FAST (< 5 sec) [local] TGT PROHIBITED
FL: london -> 169.254.128.102 Warning: LINK-LOCAL (APIPA) [NOT USED] : 0
ms FAST (< 5 sec) [local] TGT PROHIBITED
------------------------------------------------------------------------
RL: 169.254.128.102 -> LONDON : 0 ms FAST (< 5 s
ec)
RL: 169.254.128.102 -> LONDON : 0 ms FAST (< 5 s
ec)
RL: 127.0.0.1 -> LONDON : 0 ms FAST (< 5 s
ec) MISMATCH
------------------------------------------------------------------------
Slow (>5 sec) or/and failed/mismatched reverse lookups:
localhost : 0 sec [MISMATCH] -> LONDON
------------------------------------------------------------------------
Some target addresses are link-local/zero-conf/APIPA addresses.
Using such addresses as targets (fe80:: or 169.254)
is not allowed (the default case)
DNS Lookup failed for host london error:123!
No PREFERRED_NETWORK directives.
------------------------------------------------------------------------
Total elapsed time: 1 sec
This command will also show whether or not the registry entry is in place to override the default behavior, as this example shows:
C:\Program Files\Veritas\NetBackup\bin\admincmd>bptestnetconn -sfp------------------------------------------------------------------------
NBU IP_ADDRESS_FAMILY configured to use Remote Addresses: IPv4(yes) IPv6(no)
FL: london -> 169.254.128.102 Warning: LINK-LOCAL (APIPA) [Allowed] : 0
ms [local] SRC: ANY
FL: london -> 169.254.128.102 Warning: LINK-LOCAL (APIPA) [Allowed] : 0
ms [local] SRC: ANY
------------------------------------------------------------------------
Some target addresses are link-local/zero-conf/APIPA addresses.
ALLOW_LINK_LOCAL_APIPA_ADDRS is TRUE in the configuration
so 169.254 and fe80:: addresses may be used by NetBackup.
DNS Lookup failed for host london error:123!
------------------------------------------------------------------------
Total elapsed time: 1 sec
Was this content helpful?
Translated Content
Please note that this document is a translation from English, and may have been machine-translated. It is possible that updates have been made to the original version after this document was translated and published. Veritas does not guarantee the accuracy regarding the completeness of the translation. You may also refer to the English Version of this knowledge base article for up-to-date information.