Table of ContentsView in Frames

AWS networking requirements for ONTAP Cloud HA configurations

Additional AWS networking requirements apply to ONTAP Cloud HA configurations. You should review these requirements before you launch an ONTAP Cloud HA pair because you must enter the networking details in Cloud Manager.

Availability Zones

To ensure high availability of your data, you must use a dedicated Availability Zone for each ONTAP Cloud instance and the mediator instance, which provides a communication channel between the HA pair. Using the same Availability Zone for more than one instance is not supported. It does not provide high availability for all the required protection scenarios.

If your region does not have three Availability Zones, try to request more from AWS.

Outbound Internet access

The mediator instance must have outbound Internet access so it can communicate with AWS to assist with storage failover.

Floating IP addresses

ONTAP Cloud HA configurations use floating IP addresses for storage failover between nodes when using NFS and CIFS. You must specify three floating IP addresses that are outside of the CIDR blocks for all VPCs in the AWS region where you deploy the HA configuration. You can think of the floating IP addresses as a logical subnet that is outside of the VPCs in your region.

Note: One floating IP address is for cluster management, one is for NFS/CIFS data on node 1, and one is for NFS/CIFS data on node 2. iSCSI data LIFs are created by default and use static IP addresses, rather than floating IP addresses.
Note: If you use SnapDrive for Windows or SnapCenter with an ONTAP Cloud HA pair, a floating IP address is also required for the SVM management LIF. You must create this LIF after you launch the HA pair.

The following example shows the relationship between floating IP addresses and the VPCs in an AWS region. While the floating IP addresses are outside the CIDR blocks for all VPCs, they are routable to subnets through route tables.

Conceptual image showing the CIDR blocks for five VPCs in an AWS region and three floating IP addresses that are outside the CIDR blocks of the VPCs.

You must manually enter the floating IP addresses in Cloud Manager when you create an ONTAP Cloud HA working environment. Cloud Manager allocates the IP addresses to the HA pair when it launches the system.

Route tables

After you specify the floating IP addresses in Cloud Manager, you must select the route tables that should include routes to the floating IP addresses. This enables client access to the ONTAP Cloud HA pair.

If you have just one route table for the subnets in your VPC (the main route table), then Cloud Manager automatically adds the floating IP addresses to that route table. If you have more than one route table, it is very important to select the correct route tables. Otherwise, some clients might not have access to the ONTAP Cloud HA pair.

For example, you might have two subnets that are associated with different route tables. If you select route table A, but not route table B, then clients in the subnet associated with route table A can access the HA pair, but clients in the subnet associated with route table B cannot access the HA pair.

Amazon Web Services (AWS) Documentation: Route Tables

Connection to NetApp management tools

ONTAP Cloud HA configurations use a private, floating IP address for the cluster management interface. Therefore, external routing is not available. If you want to use NetApp management tools with ONTAP Cloud HA configurations, they must be part of the same routing domain.

Example configuration

The following image shows an optimal ONTAP Cloud HA configuration in AWS operating as an active-passive configuration:

Conceptual image showing components in an ONTAP Cloud HA architecture: two ONTAP Cloud nodes and a mediator instance, each in separate availability zones.