Setting up an AWS transit gateway for HA pairs in multiple AZs
Set up an AWS transit gateway to enable access to an HA pair's floating IP addresses from outside the VPC where the HA pair resides.
When a Cloud Volumes ONTAP HA configuration is spread across multiple AWS Availability Zones, floating IP addresses are required for NAS data access from within the VPC. These floating IP addresses can migrate between nodes when failures occur, but they are not natively accessible from outside the VPC. Separate private IP addresses provide data access from outside the VPC, but they don't provide automatic failover.
Floating IP addresses are also required for the cluster management interface and the optional SVM management LIF.
If you set up an AWS transit gateway, you enable access to the floating IP addresses from outside the VPC where the HA pair resides. That means NAS clients and NetApp management tools outside the VPC can access the floating IPs.
Here's an example that shows two VPCs connected by a transit gateway. An HA system resides in one VPC, while a client resides in the other. You could then mount a NAS volume on the client using the floating IP address.
The following steps illustrate how to set up a similar configuration.
-
Create a transit gateway and attach the VPCs to the gateway.
-
Associate the VPCs with the transit gateway route table.
-
In the VPC service, click Transit Gateway Route Tables.
-
Select the route table.
-
Click Associations and then select Create association.
-
Choose the attachments (the VPCs) to associate and then click Create association.
-
-
Create routes in the transit gateway's route table by specifying the HA pair's floating IP addresses.
You can find the floating IP addresses on the Working Environment Information page in BlueXP. Here's an example:
The following sample image shows the route table for the transit gateway. It includes routes to the CIDR blocks of the two VPCs and four floating IP addresses used by Cloud Volumes ONTAP.
-
Modify the route table of VPCs that need to access the floating IP addresses.
-
Add route entries to the floating IP addresses.
-
Add a route entry to the CIDR block of the VPC where the HA pair resides.
The following sample image shows the route table for VPC 2, which includes routes to VPC 1 and the floating IP addresses.
-
-
Modify the route table for the HA pair's VPC by adding a route to the VPC that needs access to the floating IP addresses.
This step is important because it completes the routing between the VPCs.
The following sample image shows the route table for VPC 1. It includes a route to the floating IP addresses and to VPC 2, which is where a client resides. BlueXP automatically added the floating IPs to the route table when it deployed the HA pair.
-
Update the security groups settings to All traffic for the VPC.
-
Under Virtual Private Cloud, click Subnets.
-
Click the Route table tab, select the desired environment for one of the floating IP addresses for an HA pair.
-
Click Security groups.
-
Select Edit Inbound Rules.
-
Click Add rule.
-
Under Type, select All traffic, and then select the VPC IP address.
-
Click Save Rules to apply the changes.
-
-
Mount volumes to clients using the floating IP address.
You can find the correct IP address in BlueXP through the Mount Command option under the Manage Volumes panel in BlueXP.
-
If you're mounting an NFS volume, configure the export policy to match the subnet of the client VPC.
Related links