AWS CFE Newly active device move the secondary IPs to the other passive device

[adirilx]

Do you already have an issue opened with F5 support? Not Yet.

Description

AWS Across AZ With CFE version For some reason CFE behaves incorrectly intermittently. Everything seem to work fine until a failover occurs and the newly active device instead of associating the EIP to it's AZ Secondary IPs - it associates with the newly passive deivce seconardy IPs AZ.

Environment information

For bugs, enter the following information:

• Cloud Failover Extension Version: 1.14
• BIG-IP version: 15.1.8.1
• Cloud provider: AWS

Severity Level

For bugs, enter the bug severity level. Do not set any labels.

Severity: 2

Severity level definitions:

1. Severity 1 (Critical) : Defect is causing systems to be offline and/or nonfunctional. immediate attention is required.
2. Severity 2 (High) : Defect is causing major obstruction of system operations.
3. Severity 3 (Medium) : Defect is causing intermittent errors in system operations.
4. Severity 4 (Low) : Defect is causing infrequent interuptions in system operations.
5. Severity 5 (Trival) : Defect is not causing any interuptions to system operations, but none-the-less is a bug.

[mikeshimkus]

Hi @adirilx, thanks for reporting. Can you provide the following:

• How often does this issue happen?
• When you say it associates with the newly passive deivce seconardy IPs AZ, do you mean that it fails to move the EIP to the active device (in other words, the existing association is simply not updated)?
• Can you provide the output of cat /var/log/restnoded/restnoded.log | grep f5-cloud-failover for both devices for both a successful and failed failover?

[shyawnkarim]

@adirilx, since you have reported this as Severity 2, can you also file a support case?

[adirilx]

Hi All, @shyawnkarim I also opened a F5 Support case #00417858 , @mikeshimkus since it appears - it now happens every time we do a failover - only a full reboot of the two cluster devices fix it for little while.

Basically because we run AWS HA Across availability zones - We have Two Virtual Servers IP ranges - one for F5 device in AZ1 and one for the device in AZ2: For example let's say 10.10.10.x is the Seconadary IP range for AZ1. And 10.10.20.x is the Secondary IP range for AZ2.

The CFE mapps every single EIP (Public IP) to two diffrent virtual servers IPs - one for virtual server in the 10.10.10.x subnet and onefor the virtual server in the 10.10.20.x subnet.

When I say it associates with the newly passive device I mean - that if the newly active device has 10.10.10.x Virtual Servers - because it belongs to AZ1 - you see in the logs it tries to map the EIPs upon the failover to the 10.10.20.x Virtual servers instead - which belong to the previously active device and not to itself. The acutal behavior causes the traffic from th EIPs to reach the passive device .

I will try providing the logs without the actual IPs in them.

Thanks, Adir

[mikeshimkus]

@adirilx Since you have opened a support case, please provide the logs there. No need to share them here. Thanks