VPC Peering for External Storage Connections

Create a peering connection to a storage VPC to simplify mounting external storage volumes for your SDDC.

Peering your SDDC VPC with another VPC that hosts a storage provider such as Amazon FSx for NetApp ONTAP allows you to create a private connection to the provided storage that does not require a VMware Transit Connect or an AWS transit gateway.

VPC peering is a multi-step process that requires you to use both the VMware Cloud Console and the AWS console. You use the VMware Cloud Console to request creation of a peering connection, then you use the AWS console to accept the connection.

For more information, read the VMware Cloud Tech Zone article Feature Brief: VPC Peering for External Storage.

Prerequisites

Log in to the AWS console and create a VPC in the same region as the SDDC. If necessary, you can use an existing VPC owned by any of your AWS accounts, but you cannot use the Connected Amazon VPC for this purpose. In this document, we refer to this VPC as the FSx for ONTAP VPC.
Follow the procedure in Create an Amazon FSx for NetApp ONTAP file system to create an FSx for ONTAP Single-AZ or Multi-AZ deployment in the FSx for ONTAP VPC. The Storage Virtual Machine (SVM) IP address shown in the Endpoints section of the Storage Virtual Machine tab must be accessible from the SDDC Management Gateway. Make a note of this address. You'll need it when you attach the FSx for ONTAP storage to an SDDC cluster.
To use multi-AZ FSx for ONTAP as an external datastore, an SDDC must be a member of an SDDC group so that it can route the datastore connection through the group's VTGW. If you need to create a new SDDC group that includes this SDDC, or attach the SDDC to an existing SDDC group, follow the procedures in Create or Modify an SDDC Group. To learn more about SDDC groups, see Creating and Managing SDDC Deployment Groups with VMware Transit Connect™
To use single-AZ FSx for ONTAP as an external datastore for a single-AZ SDDC, whether or not it is a member of an SDDC group, configure VPC peering for external NFS Storage, as described in About External Storage.

Procedure

Open the Storage tab of the VMware Cloud Console and click CREATE PEERING CONNECTION under VPC Peering.

Request VPC peering.

On the Create Peering Connection page, fill in the required parameters, then click CREATE PEERING CONNECTION.

Parameter	Value
Name	The name of this VPC
AWS Account Id (Accepter)	The AWS account that owns the storage VPC.
VPC ID (Accepter)	The AWS ID of the storage VPC. Important: The storage VPC CIDR block must not overlap with the SDDC management CIDR or workload subnets. You can use an existing VPC owned by any of your AWS accounts, but you cannot use the Connected Amazon VPC or a VPC connected to a VMware Managed Transit Gateway ( VTGW) for a peering connection.
Region	The AWS region where the Accepter VPC resides. The storage VPC must be in the same region as the SDDC.

The VPC Peering page shows an Initiating status and a "VPC peering request in progress" message and displays an Expiration Time within which you must accept the peering connection.

If you supplied an invalid value for AWS Account id (Acceptor) or the CIDR block of the storage VPC (VPC ID (Acceptor)) overlaps with the management CIDR of your SDDC, the peering request cannot be completed and you must click DELETE REQUEST to delete the invalid request. Verify the AWS account ID and choose or create another storage VPC with, a CIDR block that does not overlap the management CIDR or your workload segments.

Accept the peering connection.
When the peering request completes, a Success message is displayed and the VPC Peering page displays Approval pending. Log in to the AWS console with administrator credentials for the AWS Account ID you specified for AWS account Id (Accepter), open the Peering connections page, select the peering connection (it will have a Status of Pending acceptance) and click Actions > Accept request. If you do not accept or reject the connection within the displayed Expiration Time, the peering request expires.
In the VMware Cloud Console, return to the Storage tab.
After the "Sync VPC peering data in progress" message is displayed, the Status of the Peering Connection changes form Approval pending to Active, and you can use the connection to access the peered external storage.

What to do next

To remove the peering connection, unmount all NFS datastores, then click DELETE CONNECTION.