Skip to main content
Cloud Volumes ONTAP
All cloud providers
  • Amazon Web Services
  • Google Cloud
  • Microsoft Azure
  • All cloud providers

Setting up an AWS transit gateway for HA pairs in multiple AZs

Contributors netapp-driley netapp-bcammett netapp-rlithman

Set up an AWS transit gateway to enable access to an HA pair's floating IP addresses from outside the VPC where the HA pair resides.

When a Cloud Volumes ONTAP HA configuration is spread across multiple AWS Availability Zones, floating IP addresses are required for NAS data access from within the VPC. These floating IP addresses can migrate between nodes when failures occur, but they are not natively accessible from outside the VPC. Separate private IP addresses provide data access from outside the VPC, but they don't provide automatic failover.

Floating IP addresses are also required for the cluster management interface and the optional SVM management LIF.

If you set up an AWS transit gateway, you enable access to the floating IP addresses from outside the VPC where the HA pair resides. That means NAS clients and NetApp management tools outside the VPC can access the floating IPs.

Here's an example that shows two VPCs connected by a transit gateway. An HA system resides in one VPC, while a client resides in the other. You could then mount a NAS volume on the client using the floating IP address.

A diagram that shows an HA configuration in one VPC, with floating IPs routed to ENIs, a client in another VPC, with floating IPs routed to the transit gateway, and a transit gateway, with floating IPs routed to the VPC1 route table.

The following steps illustrate how to set up a similar configuration.

Steps
  1. Create a transit gateway and attach the VPCs to the gateway.

  2. Associate the VPCs with the transit gateway route table.

    1. In the VPC service, click Transit Gateway Route Tables.

    2. Select the route table.

    3. Click Associations and then select Create association.

    4. Choose the attachments (the VPCs) to associate and then click Create association.

  3. Create routes in the transit gateway's route table by specifying the HA pair's floating IP addresses.

    You can find the floating IP addresses on the Working Environment Information page in BlueXP. Here's an example:

    A screenshot of BlueXP that shows the floating IP addresses for the cluster management interface, two NFS and CIFS data interfaces, and the SVM management interface.

    The following sample image shows the route table for the transit gateway. It includes routes to the CIDR blocks of the two VPCs and four floating IP addresses used by Cloud Volumes ONTAP.

    A screenshot of the AWS console that shows the route table for the transit gateway. It includes routes to the CIDR blocks of the two VPCs and four floating IP addresses used by Cloud Volumes ONTAP.

  4. Modify the route table of VPCs that need to access the floating IP addresses.

    1. Add route entries to the floating IP addresses.

    2. Add a route entry to the CIDR block of the VPC where the HA pair resides.

      The following sample image shows the route table for VPC 2, which includes routes to VPC 1 and the floating IP addresses.

      A screenshot of the AWS console that shows the route table for VPC 2, which includes routes to VPC 1 and the floating IP addresses.

  5. Modify the route table for the HA pair's VPC by adding a route to the VPC that needs access to the floating IP addresses.

    This step is important because it completes the routing between the VPCs.

    The following sample image shows the route table for VPC 1. It includes a route to the floating IP addresses and to VPC 2, which is where a client resides. BlueXP automatically added the floating IPs to the route table when it deployed the HA pair.

    A screenshot of the AWS console that shows the route table for VPC 1. It includes a route to the floating IP addresses and to VPC 2, which is where a client resides.

  6. Update the security groups settings to All traffic for the VPC.

    1. Under Virtual Private Cloud, click Subnets.

    2. Click the Route table tab, select the desired environment for one of the floating IP addresses for an HA pair.

    3. Click Security groups.

    4. Select Edit Inbound Rules.

    5. Click Add rule.

    6. Under Type, select All traffic, and then select the VPC IP address.

    7. Click Save Rules to apply the changes.

  7. Mount volumes to clients using the floating IP address.

    You can find the correct IP address in BlueXP through the Mount Command option under the Manage Volumes panel in BlueXP.

    400
  8. If you're mounting an NFS volume, configure the export policy to match the subnet of the client VPC.

Related links