Problem with routing to ONTAP SVM in single VPC

Question

I created a new multi AZ ONTAP file system in a VPC. I choose the defaults to use unassigned IP's in the VPC. Everything created correctly including the ENI adapters for the SVM. It used a /26 range of unassigned IPs as expected. Also the routes to the ENI adapters in that IP range were added to the main routing table of the VPC. The problem is that they are only reachable from the subnets that use the main routing table. For whatever reason (maybe there's good ones), most of our subnets in that vpc use their own routing tables and can't reach the SVM's ENI adapters.

I also can't manually add the routes to those ENI adapters in the other routing tables because it makes an error that the IP's are not in a valid CIDR range and that is correct because there are no subnets defined for the range. That's by design I believe. I'm not sure how to move forward.

I also can't manually add the routes to those ENI adapters in the other routing tables because it makes an error that the IP's are not in a valid CIDR range and that is correct because there are no subnets defined for the range.  That's by design I believe.  I'm not sure how to move forward.

Accepted Answer

Subnets utilizing their own routing tables, are generally configured that way in order to separate environments. For example, separating staging and production environments.

That being said, the issue you have noted is quite common in this situation as by default, Amazon FSx uses your VPC's main route table[1].

A solution to this, would be to edit the route tables for the FSx. To do this, you can follow these steps:

1. From your Fsx filesystem dashboard, select the filesystem you would like to update.
2. Click 'Actions, Update file system, update route tables'.
3. A new window will pop up, listing your route tables in the VPC.
4. Select the route tables for your subnets and click 'Associate'.
5. Once the association has been completed, click 'Close'
6. Your route tables should now be correctly associated.

This then allows the FSx to utilize all of the route tables you have specified in that VPC

[1] https://docs.aws.amazon.com/fsx/latest/ONTAPGuide/unable-to-access.html#subnet-route-tables

Problem with routing to ONTAP SVM in single VPC

相关内容