GCP CVO single node network security

danilo2021 · ‎2023-09-08

Hello Team,

I am working to setup a new CVO instance on GCP so I am going to create a single node instance via BlueXP console.

At this moment I have some concerns about the network, I see that only one VPC is required

then I will have ONTAP mgmt interfaces AND data interface on the same network subnet.

How this sound for you?

Does it may be better to have the management interfaces on a different subnet?

anee · ‎2023-10-16

The default deployment for Single Node from Blue XP creates both Mgmt Interfaces (Node-mgmt, Cluster-mgmt) and the data interfaces ( NAS and ISCSI lif ) all on same subnet and single VPC and on port e0a.

If different subnets and VPCs required - Kindly either create a HA pair or file a Feature Policy Variation request (FPVR) via the account teams as the current design for single node supports only single VPC and subnet.

https://docs.netapp.com/us-en/bluexp-cloud-volumes-ontap/reference-networking-gcp.html#requirements-specific-to-single-node-systemshttps://docs.netapp...

Single node
BlueXP allocates 4 IP addresses to a single node system:
- Node management LIF
- Cluster management LIF
- iSCSI data LIF
  
  An iSCSI LIF provides client access over the iSCSI protocol and is used by the system for other important networking workflows. These LIFs are required and should not be deleted.
- NAS LIF
  You can skip creation of the storage VM (SVM) management LIF if you deploy Cloud Volumes ONTAP using the API and specify the following flag:
  skipSvmManagementLif: true