CFE incorrectly removes secondary IP addresses from AWS ENI's when VIP is in traffic group 1

[mikeoleary]

Do you already have an issue opened with F5 support?

No

Description

In a previous version of CFE we enforced the use of traffic group None for VIP's that are intended to failover between AZ's in AWS. However now we see this unwanted behavior when using CFE:

1. Customer deploys our CFT in AWS for HA across AZ's.
2. Customer configures 2x VIPs in BIG-IP, one in each AZ. Because they are not intimate with our CFE requirements, they put these VIP's in traffic-group-1 which is default when using the GUI.
3. Customer configures secondary IP addresses on her ENI's in AWS to match the VIP configuration.
4. Customer configures an EIP with the correct tags so that this EIP is associated/re-associated with her 2x secondary IP addresses configured in Step 3. Everything is configured correctly except the VIPs are in Traffic Group 1, not None.
5. Customer tests failover. Because she has not created her VIP's in traffic group None, CFE does not perform failover successfully, and further it deletes the secondary IP addresses she had created for her VIPs.

Environment information

For bugs, enter the following information:

• Cloud Failover Extension Version: 1.7
• BIG-IP version: unknown
• Cloud provider: AWS when failover is set up across AZ's with 1x EIP and 2x VIPs.

Severity Level

For bugs, enter the bug severity level. Do not set any labels.

Severity: 3

[shyawnkarim]

Thanks for reporting this issue. We are tracking this bug internally with ID AUTOSDK-534.

[mikeoleary]

@shyawnkarim you asked me for a qkview but the customer is using an eval key and is unable to open a support case and provide a qkview - sorry about that.

[shyawnkarim]

@mikeoleary thanks for checking.