Avoid network VPN / WAN bottlenecks in a multi user environment

[kenkendk]

From kris_bey...@hotmail.com on July 07, 2012 23:14:17

How are you using Duplicati now? File based Backup for PST files to a NAS. Colleagues with laptop can cause a bottleneck on the VPN line, or worse... on our WAN. Because both networks have limited bandwidth. How would you like it to work? Ensure the backup can only be run when the workstation of the colleague is connected directly to the same network as the backup device.

1. First, manually add a list of networks (ex. network/netmask/DNS-suffix 10.6.20.0/24 be.test.eu) that are allowed to be used by a backup profile.
   You can suggest one network during setup of the backup profile (at least the one you are connected to at that time).
2. Before each backup, loop the network adapters and make a selection of network adapters with a DNS suffix which can be found in the "allowed list". If none were found, then stop the backup. Otherwise check for each row found if network/netmask matches one of the rows defined in the "allowed list" corresponding to the DNS suffix.
   Note: To know if the IP address on the adapter is in the network/netmask range, you may need to create a table with all the possible IP addresses first and loop through the table until the IP address is found.
3. As an addition, you can make one "allowed list" for full backups and one "allowed list" for incremental backups. This gives us even more flexibility; for ex. allow incremental backup via VPN. Are there special considerations to this request? - You may also think about a minimum upload/download to solve this issue, but I need to have a way to stop all the backup traffic via WAN in order to keep the line free for application traffic.

• As with the worldwide company where I work, I have no idea of all networks in each country which could connect to the backup device via WAN. That is why I choose for an "allowed list" and not a "disallowed list".
• When colleague with laptop is at an Office abroad, only the DNS suffix will always be different between the Offices that are member of the same WAN. Additional information:

Original issue: http://code.google.com/p/duplicati/issues/detail?id=663

Want to back this issue? Post a bounty on it! We accept bounties via Bountysource.

[kenkendk]

From kenneth@hexad.dk on July 09, 2012 02:01:33

I certainly see the motivation for this, but I think this is too specific to be implemented as a standard feature.
Once I get the 2.0 version ready, I will be working on scripting options, so you can add checks like these in a small script.

For now, you have to write a "generic module" that can then throw an exception if the desired conditions are not met. See the ConsolePasswordInput module for an example of a generic module: https://code.google.com/p/duplicati/source/browse/trunk/Duplicati/Library/Modules/Builtin/ConsolePasswordInput.cs

[systemmonkey42]

Hi All,
I'm looking for an alternative now that crashplan is killing off their customer base.

One of the features of CrashPlan I love is that it shows all wireless networks it has ever connected to, and lets you select from the list of networks, and enable to disable backups when connected to that network.

I'm not sure how it would apply to wired networks, probably by DNS domain..

When on the move, I want to disable backups automatically when on a customer network or at a cafe..(usually with slow wireless) so a means of enabling/disabling networks by SSID or DNS domain would be excellent.

For now, If I remember, I try to manually pause duplicati when not a home or in the office.

[kees-z]

When on the move, I want to disable backups automatically when on a customer network or at a cafe..(usually with slow wireless) so a means of enabling/disabling networks by SSID or DNS domain would be excellent.

This functionality isn't implemented in Duplicati ATM. As a workaround, you can use the command line option --run-script-before-required to launch a script that performs one or more tests. If one of the tests succeeds, the script exits with errorlevel 0, otherwise it exits with errorlevel 1.
Duplicati will abort the backup job if the script specified with --run-script-before-required returns anything else than 0.
A script could look something like this:

@echo off
setlocal enabledelayedexpansion

set ErrLev=1

rem Check if connected to SSID "MyHomeNetwork"
for /f "tokens=1,2 delims=:" %%a in ('netsh wlan show interfaces ^| find " SSID"') do (set SSID=%%b)
set SSID=!SSID:~1!
if "!SSID!" equ "MyHomeNetwork" (set ErrLev=0)

rem check if IP 172.16.1.254 can be reached
ping -n 1 -w 500 172.16.1.54 > nul 2> nul
if errorlevel 1 goto :IP_172_16_1_254_Not_Found
set ErrLev=0
:IP_172_16_1_254_Not_Found

rem check if wired interface "Ethernet" is connected AND \\SERVER1\Share\Testfile.txt can be found
for /f "tokens=1,2 delims=:" %%a in ('netsh interface show interface Ethernet ^| find "Connect state:"') do (set State=%%b)
if "!State!" equ "!State:Disconnected=!" (
   if exist "\\SERVER1\Share\Testfile.txt" (
      set ErrLev=0
   )
)

exit !ErrLev!

DISCLAIMER: Script not tested, use at your own risk!