Configure networking

This page describes how to configure networking for Google Cloud NetApp Volumes. NetApp Volumes uses private services access to create a high throughput and low-latency data path private connection.

Considerations

Consider the following before you begin to configure networking:

  • You can't share volumes between Virtual Private Cloud (VPC) instances: to share volumes, you need to share a Shared VPC from a host project with multiple service projects. Storage pools created on the Shared VPC from the service project are accessible to all service projects.

  • VPC private connections only need to be set up once: the private connection must be set up once per VPC. You don't need to repeat private connection setup for multiple service projects or regions.

  • You must assign a CIDR range: Classless Inter-Domain Routing (CIDR) ranges let you represent IP addresses and their corresponding networks for the service to use. The service uses IP addresses from the assigned CIDR range to assign volumes to the correct protocol type (Network File System (NFS) or Server Message Block (SMB)).

  • You can set up private connections before or during storage pool creation: both allow you to specify a CIDR manually or have Google networking pick one for you automatically.

  • Choose a CIDR range that doesn't collide with on-premise network CIDR ranges: if you plan to use NetApp Volumes from on-premises networks through a VPN or Cloud Interconnect, we strongly recommend that you choose a CIDR range that doesn't collide with the CIDR ranges used in your on-premise network. If you fail to do so, it can cause IP collisions and routing issues.

Configure private services access

You can choose to set up private service access later using the UI during storage pool creation or do it manually as described in the following instructions. To learn more about private service access, see configure private services access.

  1. Choose a CIDR range: NetApp Volumes uses RFC 1918 or privately used public IP (PUPI) address ranges, with the exception of 6.0.0.0/8 and 7.0.0.0/8. PUPI supports NFS or SMB volumes and NFS or SMB clients accessing the volumes. When you use PUPI addresses, use the Google Cloud CLI commands instead of the Google Cloud console to set up networking.

    You can choose to have private services access automatically select an unused CIDR range or specify it manually. Manual selection lets you choose a specific address range.

    Pick a CIDR range that is large enough to accommodate your volumes and pools. The minimum CIDR range you can use is /24. NetApp Volumes consumes subranges out of the assigned CIDR according to the following rule set:

    • Storage pools require a minimum of /28 subrange.

    • Standard, Premium, and Extreme service level volumes are able to share a single IP address, even if they are in different storage pools. Therefore, a large number of volumes and pools can share a single /28 subrange. Depending on the storage pool parameters like CMEK, LDAP, Active Directory policy, and more, volumes will consume more IPs.

    • Every Flex service level storage pool requires its own IP address with all of its volumes using that same IP address. Therefore, you can have 12 storage pools in a /28 subrange since every subnet has four unusable IP addresses.

    • Large capacity volumes (in Preview) in Extreme service level require a /27 subrange to support multiple storage endpoints.

    • Volumes in different regions in the same project require additional /28 or /27 ranges depending on the kind of volumes you deploy.

    • Volumes in different service projects in the same Shared VPC require individual /28 or /27 ranges. Therefore, the minimum sized CIDR range of /24 can accommodate a maximum of 16 region-service project combinations.

    • If an existing subrange runs out of IPs, additional subranges can be consumed, even for identical project, VPC, or region combinations.

  2. Enable the Service Networking API: make sure that you enable the servicenetworking.googleapis.com API.

    Enable the API

  3. Set up private services access: use the following instructions to set up private services access using Google Cloud CLI:

    1. Reserve a static internal IP address range for your CIDR:

      gcloud compute addresses create netapp-addresses-production-vpc1 \
       --project=PROJECT_ID \
       --global \
       --purpose=VPC_PEERING \
       --prefix-length=24 \
       --network=VPC \
       --no-user-output-enabled
      

      Replace PROJECT_ID with the name of the project you intend to set up private services access in.

      This command chooses the base address for the CIDR automatically. If you want to specify a specific base address, include the following line:

        --addresses=192.168.0.0 \
      

      Replace 192.168.0.0 with the base address you intend to set up private services access for.

    2. Run the following command to peer the networks:

        gcloud services vpc-peerings connect \
         --project=PROJECT_ID \
         --service=netapp.servicenetworking.goog \
         --ranges=netapp-addresses-production-vpc1<,psarange2> \
         --network=VPC
      

      Replace PROJECT_ID with the name of the project you intend to set up private services access in. You can add multiple compute address ranges as a comma-separated list. NetApp Volumes use /28 or /27 subranges from the compute address ranges in an undefined order.

    3. Enable custom route propagation. Note that NetApp Volumes creates a sn-netapp-prod peering when the private connection is set up.

        gcloud compute networks peerings update sn-netapp-prod \
          --project=PROJECT_ID \
          --network=VPC  \
          --import-custom-routes \
          --export-custom-routes
      

      Replace PROJECT_ID with the name of the project you intend to set up private services access in.

What's next

Set up IAM permissions.