To set up replication across regions

1. Create two VPCs with valid CIDR blocks, for example, 10.30.0.0/16 and 10.60.0.0/16 respectively.
2. Create the primary site EC2 instances in the respective Availability Zones of the region.
3. Create the primary site VPN instances in the respective Availability Zones of the region. The VPN instances belong to the same VPC as that of the primary EC2 instance.
4. Choose a valid overlay IP address as the replication IP address for the primary site. The overlay IP address is a private IP address outside of the primary site's VPC CIDR block. Plumb the overlay IP address on the master node of the primary site cluster.
5. Modify the route table on the primary site to include the overlay IP address. Ensure that the route table entry directs any traffic destined for the primary site to be routed through the secondary VPN instance and the traffic destined for the secondary site overlay IP to be routed through the secondary InfoScale instance.
   
6. Create the secondary site EC2 instances in the respective Availability Zones of the second region.
7. Create the secondary site VPN instances in the respective Availability Zones of the second region. The VPN instances belong to the same VPC as that of the secondary EC2 instance.
8. Choose a valid overlay IP address as the replication IP address for the secondary site. The overlay IP address is a private IP address outside of the secondary site's VPC CIDR block. Plumb the overlay IP address on the master node of the secondary site cluster.
9. Modify the route table on the secondary site. Ensure that the route table entries direct traffic destined for the secondary site to be routed through the primary VPN instance and the traffic destined for the primary site overlay IP to be routed through the primary InfoScale instance.
   
10. Set up connectivity across regions using software VPN. The sample configuration uses Openswan.

    Perform the following steps:

    • Install the Openswan packages on the primary and secondary VPN instances.

    • Configure the /etc/ipsec.conf and /etc/ipsec.secrets files.

      Note:

      The /etc/ipsec.conf file contains information about the private IP address of the VPN instance, the subnet range of the left subnet, elastic IP address of the destination VPN, the subnet range of the destination right subnet. The /etc/ipsec.secrets file contains the secret key. This key must be the same on both VPN sites.

    • Restart the IPSec service.

      # service ipsec restart

    • Add the IPSec connection.

      # ipsec auto -add vpc2vpcConnection 
      # ipsec auto -up vpc2vpcConnection

    • Enable IPSec forwarding.

      # sysctl -w net.ipv4.ip_forward=1

11. Modify the ipsec.conf file to add the overlay IP address for both primary and secondary site VPN instances.
    
12. Verify whether or not the master nodes on the primary and secondary site can reach each other using the overlay IP address.
13. Set up replication between the primary and secondary sites.

    For instructions, see the chapter Setting up replication in the Veritas InfoScale Replication Administrator's Guide.

14. Verify the status of replication.

    # vradmin -g dg_name repstatus rvg_name

    Ensure that the RLINK is in CONNECT state and the replication status shows:

    Replication status: replicating (connected)