Cloud Volumes Service uses private services access to create a high-throughput and low-latency data path connection. You need to perform the following steps once for each project. However, if you are using a Shared VPC, you only need to perform these steps on the host project. You can only peer VPC networks that use RFC 1918 address ranges as internal addresses.
You need to perform the following steps based on the service type—CVS or CVS-Performance—that you deploy for your project. For example, if you deploy a volume that uses the CVS service type, use the commands for the CVS service type to perform the steps. If, later, you deploy a volume that uses the CVS-Performance service type, you need to perform the steps again and use commands for the CVS-Performance service type.
The steps and examples in this section assume that you are deploying a volume of each service type and that you use a separate VPC network for each service type.
When you create a volume with a VPC network that hasn't yet been peered, a dialog appears with a message stating, View commands how to set up network peering, indicating that you need to set up network peering. The example commands that are shown when you click the button in that dialog give the minimum CIDR block size, but you might need to increase it to allow for growth in usage.
Cloud Volumes Service creates peering dynamic routes within your consumer VPC network. You must use unique allocated IP address ranges for other service producers. For more information, see Configure private services access considerations.
Set up private service access
Create an allocated IP address range within your VPC network for the Cloud Volumes Service mount points.
You can't modify the IP address range after you establish it and allocate it to a volume, so we recommend allocating a range that is large enough to accommodate future usage. However, if the IP address range allocation is too small, you can add additional CIDR ranges.
For the CVS-Performance service type, the minimum CIDR range you can use is
/24
, which lets you provision up to 16 region-service project combinations when each range is/28
. If you require more regions, service projects, or both, choose a CIDR that can accommodate more/28
subnets.The CVS service type (
Standard-SW
) needs a minimum CIDR block of/25
(128 addresses). This supports up to 100 storage pools with up to 50 volumes each per region in your project. A larger block can support more region and project pairs. Cross-region access isn't supported.Shared VPC is supported for the CVS and CVS-Performance service types. For Shared VPC networks, peering is done from the host project only. Each service project in an additional region uses an additional CIDR block (
/28
for the CVS-Performance service type and/25
for the CVS service type) from the VPC range.
The following example assumes deployment of volumes of the CVS-Performance service type:
CIDR range Number of region and project pairs supported Example region to project pairs /28
1 Region1:Project1 /27
2 Region1:Project1
Region2:Project1/26
4 Region1:Project1
Region2:Project1
Region3:Project1
Region1:Project2/25
8 Region1:Project1
Region2:Project1
Region1:Project2
Region2:Project2
Region1:Project3
Region2:Project3
Region1:Project4
Region2:Project4/24
16 Region1:Project1
Region1:Project2
Region1:Project3
Region1:Project4
Region2:Project1
Region2:Project2
Region2:Project3
Region2:Project4
Region3:Project1
Region3:Project2
Region3:Project3
Region3:Project4
Region4:Project1
Region4:Project2
Region4:Project3
Region4:Project4The following example assumes that a VPC network already exists in the project:
gcloud \ --project=my-cvs-prj compute addresses create netapp-addresses-production-vpc1 \ --global \ --purpose=VPC_PEERING \ --prefix-length=20 \ --network=production-vpc1 \ --no-user-output-enabled
When you use this command, Google Cloud picks an RFC 1918 CIDR base for you. If you need to control the CIDR base, use the following syntax:
gcloud \ --project=my-cvs-prj compute addresses create netapp-addresses-production-vpc1 \ --global \ --addresses 192.168.0.0 \ --purpose=VPC_PEERING \ --prefix-length=20 \ --network=production-vpc1 \ --no-user-output-enabled
If you specify non-RFC 1918 addresses, follow the instructions in Use non-RFC 1918 IP addresses.
Create a private service connection to the Cloud Volumes Service endpoint.
CVS service type example:
gcloud \ --project=my-cvs-prj services vpc-peerings connect \ --service=cloudvolumesgcp-sds-api-network.netapp.com \ --ranges=netapp-addresses-production-vpc1 \ --network=production-vpc1
CVS-Performance service type example:
gcloud \ --project=my-cvs-prj services vpc-peerings connect \ --service=cloudvolumesgcp-api-network.netapp.com \ --ranges=netapp-addresses-production-vpc1 \ --network=production-vpc1
Enable custom route propagation:
CVS service type example:
gcloud \ --project=my-cvs-prj compute networks peerings update netapp-sds-nw-customer-peer \ --network=production-vpc1 \ --import-custom-routes \ --export-custom-routes
CVS-Performance service type example:
gcloud \ --project=my-cvs-prj compute networks peerings update netapp-cv-nw-customer-peer \ --network=production-vpc1 \ --import-custom-routes \ --export-custom-routes
Check that the connection is established:
gcloud \ --project=my-cvs-prj services vpc-peerings list \ --network=production-vpc1
Add CIDR ranges
If the initial CIDR range is too small and you run out of /28
(CVS-Performance) or /25
(CVS) blocks, you can add CIDR ranges to the
allocation.
With the additional address blocks, you can use Cloud Volumes Service in additional regions or service projects.
Before you add a CIDR range, review the steps in Setting up private service access. Make sure that the additional CIDR range is large enough to accommodate future increased usage.
Create an additional IP allocation range.
The following example assumes that a VPC network already exists in the project:
gcloud \ --project=my-cvs-prj compute addresses create netapp-addresses-production-vpc1-2 \ --global \ --purpose=VPC_PEERING \ --prefix-length=20 \ --network=production-vpc1 \ --no-user-output-enabled
If you need to control which CIDR base is used, add the
--addresses CIDR_BASE
parameter.Add the new IP address allocation to the existing peering connection:
CVS service type example:
gcloud \ --project=my-cvs-prj services vpc-peerings update \ --service=cloudvolumesgcp-sds-api-network.netapp.com \ --ranges=netapp-addresses-production-vpc1,netapp-addresses-production-vpc1-2 \ --network=production-vpc1
CVS-Performance service type example:
gcloud \ --project=my-cvs-prj services vpc-peerings update \ --service=cloudvolumesgcp-api-network.netapp.com \ --ranges=netapp-addresses-production-vpc1,netapp-addresses-production-vpc1-2 \ --network=production-vpc1
Use non-RFC 1918 IP addresses
You can bring non-RFC 1918 IP addresses (non-private addresses) into the NetApp network for the CVS-Performance service type. You can create a new subnet with a new VPC network or add a new subnet to an existing VPC network. You can use non-RFC 1918 IP addresses for clients of the CVS-Performance service type, but not for the storage IP addresses.
Create a new subnet with a new VPC network
Create a new VPC network and a new subnet with the non-RFC 1918 IP address range.
In Cloud Volumes Service, create a volume in the new VPC network. Select the newly created VPC network name in which the volume is accessible.
To set up a peer network to create the volume, click the View commands how to set up network peering button, and run the given commands.
Enable the peer on your platform to accept incoming and outgoing public routes:
gcloud \ --project=cloud-heroes compute networks peerings update netapp-cv-nw-customer-peer \ --network=nonrfcdemovpc \ --import-subnet-routes-with-public-ip \ --export-subnet-routes-with-public-ip
Set the export policy in the volume details with the VM instance's IP address range.
You can then export the volume to the VM and run your workloads on the volume.
Add a new subnet in an existing VPC network
- Create a new subnet with the non-RFC 1918 IP address range in an existing VPC network.
- Create a support case with NetApp to enable the non-RFC 1918 IP address range.
Access Cloud Volumes from different regions or external networks
Your project can access a volume of the CVS or CVS-Performance service type from any zone within the region in which a volume is provisioned. Furthermore, if your VPC has enabled global dynamic routing, your project can access a CVS-Performance volume from any other Google Cloud regions.
If you want to access volumes of the CVS-Performance service type from an external network, like an on-premises network through a VPN or Cloud Interconnect, you need to configure a static route on the on-premises router to the CIDR range that you selected in step 1 when you set up private service access for Cloud Volumes Service. A volume of the CVS service type is only accessible from within its region.
What's next
Manage storage pools (CVS service type only)
Explore reference architectures, diagrams, and best practices about Google Cloud. Take a look at our Cloud Architecture Center.