One way to achieve AWS high availability is to deploy a Cloud Volumes HA configuration for AWS in multiple AWS Availability Zones (AZs). This ensures high availability of your data if a failure occurs within a single AZ or with an Amazon EC2 instance running a Cloud Volumes ONTAP node. Normally, Cloud Volumes ONTAP HA restricts access to just one Amazon Virtual Private Cloud (VPC). But what if more than one VPC needs to access the configuration? This issue must be addressed in order to maintain AWS HA.
In this blog we’ll give you step-by-step instructions on how to allow external VPCs to use the Cloud Volumes ONTAP HA configuration floating IP addresses via AWS Transit Gateway.
A New Way to Provide NFS and CIFS Data Access
Cloud Volumes ONTAP HA for AWS uses Amazon EC2 instances for compute and Amazon EBS volumes for storage, the same way that standard Cloud Volumes ONTAP does. The difference is that with Cloud Volumes ONTAP HA, that environment is replicated and in sync in a secondary location, which will most likely be in a different AZ. There are different approaches and best practices for optimizing your use of AWS AZs.
When a Cloud Volumes ONTAP HA configuration for AWS is spread across multiple Availability Zones, it requires a total of three floating IP addresses in order to provide NAS data access from within the VPC in use. These three floating IP addresses must be outside of the Client Network IP/mask (CIDR) blocks for all VPCs in the region. When failures take place, the floating addresses are able to migrate between nodes. Clients outside the VPC in use won’t be able to access any of the three floating IP addresses in the Cloud Volumes ONTAP HA configuration. At least, that used to be the case.
In November 2018, AWS announced a new feature: AWS Transit Gateway. AWS Transit Gateway gives users a way to create a single gateway that connects multiple Amazon Virtual Private Clouds (VPCs) they use with any on-prem networks. With AWS Transit Gateway, Cloud Volumes ONTAP HA can be set up to allow more than one VPC to access the configuration, enhancing overall AWS HA.
Setting Up Cloud Volumes ONTAP HA for Multiple VPC Access in Multiple Availability Zones
In this section, we’ll walk you through one way it is possible to configure Cloud Volumes ONTAP HA to be accessed by multiple VPCs. In this case, we’ll see how an NFS volume residing in a Cloud Volumes ONTAP HA environment can be mounted on a Linux machine in a different VPC. This is possible by peering the VPC associated with Cloud Volumes ONTAP HA and the Linux-based VPC using AWS Transit Gateway.
As you can see in the diagram below, the environment in this example includes:
A VPC hosting a Cloud Volumes ONTAP HA architecture environment (we’ll refer to this as VPC1).
A VPC which hosts a Linux Amazon EC2 instance (referred to as VPC2).
The CIDR block of VPC1 is 10.160.0.0/20. The Floating IP Addresses in VPC1 are:
The CIDR block of VPC2 is 10.100.0.0/16.
A Cloud Volumes ONTAP HA’s NFS volume on one VPC with another VPC peered via AWS Transit Gateway.
In this scenario, we want an NFS volume residing in Cloud Volumes ONTAP HA in VPC1 to be mounted on a Linux-based Amazon EC2 instance residing in VPC2. We can achieve this in two simple steps.
Step 1: AWS Transit Gateway Attachment
The first step is to create an AWS Transit Gateway and attach both VPCs to it, as described here.
Step Two: Adding Routes in the Transit Gateway
After completing the Transit Gateway attachment, next you need to add routes in the Transit Gateway route table to the floating IP addresses.
The Transit Gateway route table should appear the way it does here:
The Transit Gateway route table.
In order for the Linux machine’s Amazon EC2 instance to use the floating IP addresses, you will need to add route entries for the floating IP addresses (in addition to routing to the VPC1 CIDR block) in the VPC2 routing table, as shown below:
Adding route entries for the floating IP addresses.
Please note: It is important to add a route for VPC2 in the VPC1 routing table in order to complete the peering via Transit Gateway:
Adding routes for VPC2 in the VPC1.
The above procedure will allow you to connect clients in peered VPCs to volumes on your Cloud Volumes ONTAP HA environment in AWS.
The above procedure shows how to use Amazon Transit Gateway to allow multiple VPCs to access a Cloud Volumes ONTAP HA configuration. Expanding access to additional VPCs provides an added level of flexibility for users and helps you to meet your AWS HA requirements.
Watch this demo video to learn how to set-up and troubleshoot Cloud Volumes ONTAP HA deployment with AWS transit Gateway.