设置 IP 寻址以在故障转移后连接到辅助本地站点Set up IP addressing to connect to a secondary on-premises site after failover

在 System Center Virtual Machine Manager (VMM) 云中将 Hyper-V VM 故障转移到辅助站点后,需要能够连接到副本 VM。After you fail over Hyper-V VMs in System Center Virtual Machine Manager (VMM) clouds to a secondary site, you need to be able connect to the replica VMs. 本文可帮助执行此操作。This article helps you to do this.

连接选项Connection options

故障转移后,有几种方法来处理副本 VM 的 IP 寻址:After failover, there are a couple of ways to handle IP addressing for replica VMs:

  • 故障转移后保留相同的 IP 地址:在此方案中,复制的 VM 具有与主 VM 相同的 IP 地址。Retain the same IP address after failover: In this scenario, the replicated VM has the same IP address as the primary VM. 这简化了故障转移后的网络相关问题,但需要某些基础结构工作。This simplifies network related issues after failover, but requires some infrastructure work.
  • 故障转移后使用不同的 IP 地址:在此方案中,VM 会在故障转移后获取新的 IP 地址。Use a different IP address after failover: In this scenario the VM gets a new IP address after failover.

保留 IP 地址Retain the IP address

如果希望在故障转移到辅助站点后保留主站点中的 IP 地址,可以:If you want to retain the IP addresses from the primary site, after failover to the secondary site, you can:

  • 部署主站点和辅助站点之间的外延式子网。Deploy a stretched subnet between the primary and the secondary sites.
  • 执行从主站点到辅助站点的完整子网故障转移。Perform a full subnet failover from the primary to secondary site. 需要更新路由以指示 IP 地址的新位置。You need to update routes to indicate the new location of the IP addresses.

部署外延式子网Deploy a stretched subnet

在外延式配置中,子网可在主站点和辅助站点中同时使用。In a stretched configuration, the subnet is available simultaneously in both the primary and secondary sites. 在外延式子网中,将计算机及其 IP(第 3 层)地址配置移动到辅助站点时,网络会自动将流量路由到新位置。In a stretched subnet, when you move a machine and its IP (Layer 3) address configuration to the secondary site, the network automatically routes the traffic to the new location.

  • 从第 2 层(数据链路层)的角度来看,需要可以管理外延式 VLAN 的网络设备。From a Layer 2 (data link layer) perspective, you need networking equipment that can manage a stretched VLAN.
  • 通过延伸 VLAN,潜在容错域也会延伸至这两个站点。By stretching the VLAN, the potential fault domain extends to both sites. 这将成为单一故障点。This becomes a single point of failure. 尽管可能性不大,但在此方案中你可能无法隔离事件,如广播风暴。While unlikely, in such a scenario you might not be able to isolate an incident such as a broadcast storm.

故障转移子网Fail over a subnet

可以故障转移整个子网以获得外延式子网的优势,但实际上不对其进行延伸。You can fail over the entire subnet to obtain the benefits of the stretched subnet, without actually stretching it. 在此解决方案中,可在源或目标站点中使用子网,但不可同时使用。In this solution, a subnet is available in the source or target site, but not in both simultaneously.

  • 为了能够在故障转移时保留 IP 地址空间,可以编程方式安排路由器基础结构,将子网从一个站点移到另一个站点。To maintain the IP address space in the event of a failover, you can programmatically arrange for the router infrastructure to move subnets from one site to another.
  • 发生故障转移时,子网将与关联的 VM 一起移动。When a failover occurs, subnets move with their associated VMs.
  • 此方法的主要缺点是,在出现故障时,必须移动整个子网。The main drawback of this approach is that in the event of a failure, you have to move the entire subnet.

示例Example

下面是一个完整的子网故障转移示例。Here's an example of complete subnet failover.

  • 故障转移前,主站点具有在子网 192.168.1.0/24 中运行的应用程序。Before failover, the primary site has applications running in subnet 192.168.1.0/24.
  • 在故障转移期间,此子网中的所有 VM 都将故障转移到辅助站点,并保留其 IP 地址。During failover, all of the VMs in this subnet are failed over to the secondary site, and retain their IP addresses.
  • 必须修改所有站点之间的路由,以反映子网 192.168.1.0/24 中的所有 VM 现都已移至辅助站点这一事实。Routes between all sites need to be modified to reflect the fact that all the VMs in subnet 192.168.1.0/24 have now moved to the secondary site.

下图说明故障转移前后的子网:The following graphics illustrate the subnets before and after failover.

故障转移前 Before failover

此图显示了故障转移前的子网。

故障转移后 After failover

此图显示了故障转移后的子网。

故障转移后,Site Recovery 为 VM 上的每个网络接口分配 IP 地址。After failover, Site Recovery allocates an IP address for each network interface on the VM. 将为每个 VM 实例从相关网络中的静态 IP 地址池中分配地址。The address is allocated from the static IP address pool in the relevant network, for each VM instance.

  • 如果辅助站点的 IP 地址池与源站点的 IP 地址池相同,Site Recovery 将向副本 VM 分配与源 VM 相同的 IP 地址。If the IP address pool in the secondary site is the same as that on the source site, Site Recovery allocates the same IP address (of the source VM), to the replica VM. IP 地址保留在 VMM 中,但未设置为 Hyper-V 主机上的故障转移 IP 地址。The IP address is reserved in VMM, but it isn't set as the failover IP address on the Hyper-V host. Hyper-V 主机上的故障转移 IP 地址会在故障转移之前设置。The failover IP address on a Hyper-v host is set just before the failover.
  • 如果相同 IP 地址不可用,Site Recovery 将分配该池中的另一可用 IP 地址。If the same IP address isn't available, Site Recovery allocates another available IP address from the pool.
  • 如果 VM 使用 DHCP,则 Site Recovery 不管理 IP 地址。If VMs use DHCP, Site Recovery doesn't manage the IP addresses. 需要检查确定辅助站点上的 DHCP 服务器可分配与源站点相同范围的地址。You need to check that the DHCP server on the secondary site can allocate addresses from the same range as the source site.

验证 IP 地址Validate the IP address

为 VM 启用保护后,可以使用以下示例脚本来验证分配给 VM 的地址。After you enable protection for a VM, you can use following sample script to verify the address assigned to the VM. 此 IP 地址将被设为故障转移 IP 地址,并在故障转移期间分配给 VM:This IP address is set as the failover IP address, and assigned to the VM at the time of failover:

$vm = Get-SCVirtualMachine -Name <VM_NAME>
$na = $vm[0].VirtualNetworkAdapters>
$ip = Get-SCIPAddress -GrantToObjectID $na[0].id
$ip.address

使用不同 IP 地址Use a different IP address

在此方案中,将更改故障转移的 VM 的 IP 地址。In this scenario, the IP addresses of VMs that fail over are changed. 此解决方案的缺点是需要维护。The drawback of this solution is the maintenance required. DNS 和缓存条目可能需要更新。DNS and cache entries might need to be updated. 这可能导致停机时间,可按以下方式进行缓解:This can result in downtime, which can be mitigated as follows:

  • 对 Intranet 应用程序使用低 TTL 值。Use low TTL values for intranet applications.

  • 在 Site Recovery 恢复计划中使用以下脚本及时更新 DNS 服务器。Use the following script in a Site Recovery recovery plan, for a timely update of the DNS server. 如果使用动态 DNS 注册,则不需要该脚本。You don't need the script if you use dynamic DNS registration.

    param(
    string]$Zone,
    [string]$name,
    [string]$IP
    )
    $Record = Get-DnsServerResourceRecord -ZoneName $zone -Name $name
    $newrecord = $record.clone()
    $newrecord.RecordData[0].IPv4Address  =  $IP
    Set-DnsServerResourceRecord -zonename $zone -OldInputObject $record -NewInputObject $Newrecord
    

示例Example

在此示例中,主站点和辅助站点的 IP 地址不同,并且存在一个第三站点,可通过该站点访问托管于主站点或辅助站点上的应用程序。In this example we have different IP addresses across primary and secondary sites, and there's a third site from which applications hosted on the primary or recovery site can be accessed.

  • 故障转移之前,应用托管于主站点上的子网 192.168.1.0/24。Before failover, apps are hosted subnet 192.168.1.0/24 on the primary site.
  • 故障转移之后,应用在辅助站点的子网 172.16.1.0/24 中配置。After failover, apps are configured in subnet 172.16.1.0/24 in the secondary site.
  • 所有三个站点均可以互相访问。All three sites can access each other.
  • 故障转移后,应用将在恢复子网中还原。After failover, apps will be restored in the recovery subnet.
  • 在此方案中,无需故障转移整个子网,并且无需进行重新配置 VPN 或网络路由的更改。In this scenario there's no need to fail over the entire subnet, and no changes are needed to reconfigure VPN or network routes. 故障转移和部分 DNS 更新会确保应用程序仍然可供访问。The failover, and some DNS updates, ensure that applications remain accessible.
  • 如果 DNS 配置为允许动态更新,则 VM 会在故障转移后启动时使用新的 IP 地址自行注册。If DNS is configured to allow dynamic updates, then the VMs will register themselves using the new IP address, when they start after failover.

故障转移前 Before failover

此图显示了故障转移前不同的 IP 地址。

故障转移后 After failover

显示故障转移后不同 IP 地址的图。

后续步骤Next steps

运行故障转移Run a failover