Additional AWS networking requirements apply to ONTAP Cloud HA configurations. You should review these requirements before you launch an ONTAP Cloud HA pair because you must enter the networking details in Cloud Manager.
To ensure high availability of your data, you must use a dedicated Availability Zone for each ONTAP Cloud instance and the mediator instance, which provides a communication channel between the HA pair. Using the same Availability Zone for more than one instance is not supported. It does not provide high availability for all the required protection scenarios.
If your region does not have three Availability Zones, try to request more from AWS.
The mediator instance must have outbound Internet access so it can communicate with AWS to assist with storage failover.
ONTAP Cloud HA configurations use floating IP addresses for storage failover between nodes when using NFS and CIFS. You must specify three floating IP addresses that are outside of the CIDR blocks for all VPCs in the AWS region where you deploy the HA configuration. You can think of the floating IP addresses as a logical subnet that is outside of the VPCs in your region.
The following example shows the relationship between floating IP addresses and the VPCs in an AWS region. While the floating IP addresses are outside the CIDR blocks for all VPCs, they are routable to subnets through route tables.
You must manually enter the floating IP addresses in Cloud Manager when you create an ONTAP Cloud HA working environment. Cloud Manager allocates the IP addresses to the HA pair when it launches the system.
After you specify the floating IP addresses in Cloud Manager, you must select the route tables that should include routes to the floating IP addresses. This enables client access to the ONTAP Cloud HA pair.
If you have just one route table for the subnets in your VPC (the main route table), then Cloud Manager automatically adds the floating IP addresses to that route table. If you have more than one route table, it is very important to select the correct route tables. Otherwise, some clients might not have access to the ONTAP Cloud HA pair.
For example, you might have two subnets that are associated with different route tables. If you select route table A, but not route table B, then clients in the subnet associated with route table A can access the HA pair, but clients in the subnet associated with route table B cannot access the HA pair.
ONTAP Cloud HA configurations use a private, floating IP address for the cluster management interface. Therefore, external routing is not available. If you want to use NetApp management tools with ONTAP Cloud HA configurations, they must be part of the same routing domain.
The following image shows an optimal ONTAP Cloud HA configuration in AWS operating as an active-passive configuration: