shyawnkarim
commented
3 years ago Thanks for suggesting this enhancement. I have added this to our backlog and we are tracking it internally with ID ESECLDTPLTP-2351.
Closed vvt137 closed 1 year ago
shyawnkarim
commented
3 years ago Thanks for suggesting this enhancement. I have added this to our backlog and we are tracking it internally with ID ESECLDTPLTP-2351.
shyawnkarim
commented
1 year ago Closing due to age. These legacy templates are now in maintenance mode and are being replaced by our next-generation templates available in the Cloud Templates 2.0 GitHub repo.
Do you already have an issue opened with F5 support?
No
Description
The "across Availability Zones" failover templates configure CFE declaration for "failoverRoutes" clause with the tag key/value: "f5_cloud_failover_label"/AWS::StackName". This choice creates an issue for CFE route failover when multiple F5 failover stacks are implemented within the same VPC and use the same route table(s).
The issue is caused by AWS not supporting tags against individual routes (only whole route tables can be tagged). Please refer to the bug request in the CFE repo for more details (https://github.com/F5Networks/f5-cloud-failover-extension/issues/37).
The issue can be resolved by replacing the "f5_cloud_failover_label"/"AWS::StackName" tag in the template by a constant value that will enable CFE route failover for the whole route table, for example by a constant "f5_cloud_failover_label"/"enabled". Alternatively this value can be exposed as a separate template parameter. Individual routes that belong by different F5 failover clusters will be controlled independently due to different "scopingAddressRanges" "range" values in the CFE declarations for these clusters.
The documentation would have to be modified as well so that the route tables in question are tagged by the user as "f5_cloud_failover_label"/"enabled" (rather than as "f5_cloud_failover_label"/"mydeployment"). Declaration examples in the following F5 articles (and, possibly others) would also need to be updated as the template documentation refers to them: https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/example-declarations.html https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/configuration.html#components-of-the-declaration
Note that CFE route-failover feature is critical in across-net (across-AZ) cases as it is the only available HA mechanism when "Provision Public IP addresses for the BIG-IP interfaces" parameter is set to "No" (or when applications are accessed via both Private as well as Public IP addresses). See https://devcentral.f5.com/s/articles/deploy-bigip-in-aws-with-ha-across-azs-without-using-eips-33378 for details.
Template
https://github.com/F5Networks/f5-aws-cloudformation/tree/master/supported/failover/across-net/via-api/2nic/existing-stack/payg and all other via-api failover templates
Severity Level
3