To establish a connection between an ONTAP-based system and NetApp Volumes, the following prerequisites must be met:
Source ONTAP system
The following requirements must be met for the source ONTAP system:
The ONTAP system hosting the source volumes must be running ONTAP version 9.11.1 or higher to ensure compatibility with NetApp Volumes. During the allow-listing process, your ONTAP version is verified against the service version using the SnapMirror compatibility matrix.
The SnapMirror feature must be licensed and enabled on the source cluster.
On the source ONTAP system, you must configure one InterCluster-LIF per node on the network that is connected to your Google project.
The TCP ports 10000, 11104, 11105, and ICMP must be reachable on all InterCluster-LIFs. HTTPS access isn't required. These ports are included in the default-intercluster service policy, which is used on intercluster-LIFs on your source system by default.
You must have the required ONTAP administrator permissions to accept cluster and SVM peerings.
Network connection to Google Cloud project
NetApp Volumes uses private service access to connect to your Virtual Private Cloud (VPC), and private service access uses VPC peering. Due to the non-transitive routing attribute of VPC peering connections, traffic can't traverse more than one sequential VPC peering hop.
For example, using a hub and spoke network connected through VPC peering can cause connectivity issues. If your on-premise connection arrives in a transit VPC (hub) that is connected using VPC peering to a workload VPC (spoke), which is then connected to NetApp Volumes, no traffic from on-premises or the transit gateway can be routed to NetApp Volumes, and the other way around.
As a rule of thumb, NetApp Volumes is VPC peered to your user-VPC. Therefore, make sure your user-VPC doesn't use VPC peering for the next hop in the network traffic's path to your source system.
The working deployment models include the following:
Terminate the interconnect connection directly in the user-VPC.
Use a VPN connection that terminates in the user-VPC.
Use non-VPC peering routing for the upstream connection of your user-VPC.
IP address allocation
NetApp Volumes reserves dedicated /28 CIDRs from the psaRange
you delegated to the private service access peering for migration traffic. This
CIDR range is used to receive one or more volume migrations to destination
volumes within the same project or region pair. These migrations can originate
from multiple source clusters. Provisioning migrations to different projects or
region pairs results in the reservation of an additional /28 CIDR. External
replication and volume migration use the same CIDR allocations and cluster
peerings.
NetApp Volumes settings
The following requirements must be met for NetApp Volumes:
You must have sufficient IAM permissions to manage hybrid replication. The
roles/netapp.adminincludes all required permissions.Provide a storage pool that is large enough to host the destination volume. Make sure that the pool has the correct Active Directory, LDAP, and CMEK settings required by the destination volume you are creating.
If your volume contains SMB data, create the destination volume in a storage pool which is connected to the same Windows domain as the source volume.
If you use firewalls in your network, make sure that your source intercluster-LIFs and NetApp Volumes are allowed for TCP ports 10000, 11104, 11105, and ICMP.