DO does not configure MAC_Masquerade and HaOrder!

[joebride]

Environment

• Declarative Onboarding Version: 1.39.0
• BIG-IP Version: 17.1.0.1
• DO was performed on TenantOS v17.1.0.1 running on LTMr2000-series (F5OS-A v1.5.0).

Summary

We are trying to onboard a device that has been device-group already configured. But DO does not configure Traffic-groups parameters, especially MacMasquerading + HaOrder.

The impact is that we cannot add MacMasquerading successfully.

            "MacMasquerading": {
                "class": "MAC_Masquerade",
                "source": {
                    "interface": "1.3"
                },
                "trafficGroup": "traffic-group-1"
            },
            "traffic-group-1": {
                "class": "TrafficGroup",
                "autoFailbackEnabled": false,
                "haOrder": [
                    "none"
                ],
                "autoFailbackTime": 60,
                "failoverMethod": "ha-order",
                "haLoadFactor": 1
            },
            "traffic-group-local-only": {
                "class": "TrafficGroup",
                "autoFailbackEnabled": false,
                "haOrder": [
                    "none"
                ],
                "autoFailbackTime": 60,
                "failoverMethod": "ha-order",
                "haLoadFactor": 1
            },

Steps To Reproduce

Steps to reproduce the behavior:

1. Submit the following declaration:

   {
   "schemaVersion": "1.38.0",
   "class": "Device",
   "async": true,
   "label": "Onboard BIG-IP into an DSC cluster",
   "controls": {
       "class": "Controls",
       "dryRun": false,
       "trace": true,
       "traceResponse": false
   },
   "Common": {
       "class": "Tenant",
       "myDbVariables": {
           "class": "DbVariables",
           "provision.extramb": 500
       },
       "MacMasquerading": {
           "class": "MAC_Masquerade",
           "source": {
               "interface": "1.3"
           },
           "trafficGroup": "traffic-group-1"
       },
       "traffic-group-1": {
           "class": "TrafficGroup",
           "autoFailbackEnabled": false,
           "haOrder": [
               "none"
           ]
       },
       "traffic-group-local-only": {
           "class": "TrafficGroup",
           "autoFailbackEnabled": false,
           "haOrder": [
               "none"
           ]
       },
       "VLAN501-SelfIPv4": {
           "class": "SelfIp",
           "address": "172.5.1.88/24",
           "vlan": "VLAN501",
           "allowService": "none",
           "trafficGroup": "traffic-group-local-only"
       },
      "VLAN501-FloatingIPv4": {
           "class": "SelfIp",
           "address": "172.5.1.86/24",
           "vlan": "VLAN501",
           "allowService": "none",
           "trafficGroup": "traffic-group-1"
       },
      "VLAN501-SelfIPv6": {
           "class": "SelfIp",
           "address": "2001:6f8:1ce1:21f5::88/64",
           "vlan": "VLAN501",
           "allowService": "none",
           "trafficGroup": "traffic-group-local-only"
       },
      "VLAN501-FloatingIPv6": {
           "class": "SelfIp",
           "address": "2001:6f8:1ce1:21f5::86/64",
           "vlan": "VLAN501",
           "allowService": "none",
           "trafficGroup": "traffic-group-1"
       },
      "VLAN502-SelfIPv4": {
           "class": "SelfIp",
           "address": "172.5.2.88/24",
           "vlan": "VLAN502",
           "allowService": "none",
           "trafficGroup": "traffic-group-local-only"
       },
      "VLAN502-FloatingIPv4": {
           "class": "SelfIp",
           "address": "172.5.2.86/24",
           "vlan": "VLAN502",
           "allowService": "none",
           "trafficGroup": "traffic-group-1"
       },
      "VLAN502-SelfIPv6": {
           "class": "SelfIp",
           "address": "2001:6f8:1ce1:21f6::88/64",
           "vlan": "VLAN502",
           "allowService": "none",
           "trafficGroup": "traffic-group-local-only"
       },
      "VLAN502-FloatingIPv6": {
           "class": "SelfIp",
           "address": "2001:6f8:1ce1:21f6::86/64",
           "vlan": "VLAN502",
           "allowService": "none",
           "trafficGroup": "traffic-group-1"
       },
      "VLAN503-SelfIPv4": {
           "class": "SelfIp",
           "address": "172.5.3.88/24",
           "vlan": "VLAN503",
           "allowService": "none",
           "trafficGroup": "traffic-group-local-only"
       },
      "VLAN503-FloatingIPv4": {
           "class": "SelfIp",
           "address": "172.5.3.86/24",
           "vlan": "VLAN503",
           "allowService": "none",
           "trafficGroup": "traffic-group-1"
       },
      "VLAN503-SelfIPv6": {
           "class": "SelfIp",
           "address": "2001:6f8:1ce1:21f7::88/64",
           "vlan": "VLAN503",
           "allowService": "none",
           "trafficGroup": "traffic-group-local-only"
       },
      "VLAN503-FloatingIPv6": {
           "class": "SelfIp",
           "address": "2001:6f8:1ce1:21f7::86/64",
           "vlan": "VLAN503",
           "allowService": "none",
           "trafficGroup": "traffic-group-1"
       },
      "VLAN504-SelfIPv4": {
           "class": "SelfIp",
           "address": "172.5.4.88%10/24",
           "vlan": "VLAN504",
           "allowService": "none",
           "trafficGroup": "traffic-group-local-only"
       },
      "VLAN504-FloatingIPv4": {
           "class": "SelfIp",
           "address": "172.5.4.86%10/24",
           "vlan": "VLAN504",
           "allowService": "none",
           "trafficGroup": "traffic-group-1"
       },
      "VLAN504-SelfIPv6": {
           "class": "SelfIp",
           "address": "2001:6f8:1ce1:21f8::88%10/64",
           "vlan": "VLAN504",
           "allowService": "none",
           "trafficGroup": "traffic-group-local-only"
       },
      "VLAN504-FloatingIPv6": {
           "class": "SelfIp",
           "address": "2001:6f8:1ce1:21f8::86%10/64",
           "vlan": "VLAN504",
           "allowService": "none",
           "trafficGroup": "traffic-group-1"
       },
       "HA-01": {
           "class": "SelfIp",
           "address": "1.1.1.2/24",
           "vlan": "RD_000_VLAN_SYN_4090",
           "allowService": "default",
           "trafficGroup": "traffic-group-local-only"
       },
       "HA-02": {
           "class": "SelfIp",
           "address": "2.2.2.2/24",
           "vlan": "RD_000_VLAN_SYN_4091",
           "allowService": "default",
           "trafficGroup": "traffic-group-local-only"
       },
       "RouteDomain-10": {
           "class": "RouteDomain",
           "id": 10,
           "vlans": [
               "VLAN504"
           ]
       },
       "failoverUnicastMgmt": {
           "class": "FailoverUnicast",
           "addressPorts": [
               {
                   "address": "/Common/HA-01/address"
               },
               {
                   "address": "/Common/HA-02/address"
               }
           ]
       },
       "ConfigSync": {
           "class": "ConfigSync",
           "configsyncIp": "/Common/HA-01/address"
       },
       "myMirror": {
           "class": "MirrorIp",
           "primaryIp": "1.1.1.2",
           "secondaryIp": "2.2.2.2"
       }
   }
   }

2. Observe the following response:

   {
   "id": "4840065d-68e2-4845-8c0c-91718e8eb9e5",
   "selfLink": "https://localhost/mgmt/shared/declarative-onboarding/task/4840065d-68e2-4845-8c0c-91718e8eb9e5",
   "code": 500,
   "status": "ERROR",
   "message": "invalid config - rolled back",
   "errors": [
       "Cannot find MAC for given interface",
       "Cannot find MAC for given interface"
   ],
   "result": {
       "class": "Result",
       "code": 500,
       "status": "ERROR",
       "dryRun": false,
       "message": "invalid config - rolled back",
       "errors": [
           "Cannot find MAC for given interface",
           "Cannot find MAC for given interface"
       ]
   },
   "declaration": {
       "schemaVersion": "1.38.0",
       "class": "Device",
       "async": true,
       "label": "Onboard BIG-IP into an DSC cluster",
       "controls": {
           "class": "Controls",
           "dryRun": false,
           "trace": true,
           "traceResponse": false
       },
       "Common": {
           "class": "Tenant",
           "myDbVariables": {
               "class": "DbVariables",
               "provision.extramb": 500
           },
           "MacMasquerading": {
               "class": "MAC_Masquerade",
               "source": {
                   "interface": "1.3"
               },
               "trafficGroup": "traffic-group-1"
           },
           "traffic-group-1": {
               "class": "TrafficGroup",
               "autoFailbackEnabled": false,
               "haOrder": [
                   "none"
               ],
               "autoFailbackTime": 60,
               "failoverMethod": "ha-order",
               "haLoadFactor": 1
           },
           "traffic-group-local-only": {
               "class": "TrafficGroup",
               "autoFailbackEnabled": false,
               "haOrder": [
                   "none"
               ],
               "autoFailbackTime": 60,
               "failoverMethod": "ha-order",
               "haLoadFactor": 1
           },
           "VLAN501-SelfIPv4": {
               "class": "SelfIp",
               "address": "172.5.1.88/24",
               "vlan": "VLAN501",
               "allowService": "none",
               "trafficGroup": "traffic-group-local-only"
           },
           "VLAN501-FloatingIPv4": {
               "class": "SelfIp",
               "address": "172.5.1.86/24",
               "vlan": "VLAN501",
               "allowService": "none",
               "trafficGroup": "traffic-group-1"
           },
           "VLAN501-SelfIPv6": {
               "class": "SelfIp",
               "address": "2001:6f8:1ce1:21f5::88/64",
               "vlan": "VLAN501",
               "allowService": "none",
               "trafficGroup": "traffic-group-local-only"
           },
           "VLAN501-FloatingIPv6": {
               "class": "SelfIp",
               "address": "2001:6f8:1ce1:21f5::86/64",
               "vlan": "VLAN501",
               "allowService": "none",
               "trafficGroup": "traffic-group-1"
           },
           "VLAN502-SelfIPv4": {
               "class": "SelfIp",
               "address": "172.5.2.88/24",
               "vlan": "VLAN502",
               "allowService": "none",
               "trafficGroup": "traffic-group-local-only"
           },
           "VLAN502-FloatingIPv4": {
               "class": "SelfIp",
               "address": "172.5.2.86/24",
               "vlan": "VLAN502",
               "allowService": "none",
               "trafficGroup": "traffic-group-1"
           },
           "VLAN502-SelfIPv6": {
               "class": "SelfIp",
               "address": "2001:6f8:1ce1:21f6::88/64",
               "vlan": "VLAN502",
               "allowService": "none",
               "trafficGroup": "traffic-group-local-only"
           },
           "VLAN502-FloatingIPv6": {
               "class": "SelfIp",
               "address": "2001:6f8:1ce1:21f6::86/64",
               "vlan": "VLAN502",
               "allowService": "none",
               "trafficGroup": "traffic-group-1"
           },
           "VLAN503-SelfIPv4": {
               "class": "SelfIp",
               "address": "172.5.3.88/24",
               "vlan": "VLAN503",
               "allowService": "none",
               "trafficGroup": "traffic-group-local-only"
           },
           "VLAN503-FloatingIPv4": {
               "class": "SelfIp",
               "address": "172.5.3.86/24",
               "vlan": "VLAN503",
               "allowService": "none",
               "trafficGroup": "traffic-group-1"
           },
           "VLAN503-SelfIPv6": {
               "class": "SelfIp",
               "address": "2001:6f8:1ce1:21f7::88/64",
               "vlan": "VLAN503",
               "allowService": "none",
               "trafficGroup": "traffic-group-local-only"
           },
           "VLAN503-FloatingIPv6": {
               "class": "SelfIp",
               "address": "2001:6f8:1ce1:21f7::86/64",
               "vlan": "VLAN503",
               "allowService": "none",
               "trafficGroup": "traffic-group-1"
           },
           "VLAN504-SelfIPv4": {
               "class": "SelfIp",
               "address": "172.5.4.88%10/24",
               "vlan": "VLAN504",
               "allowService": "none",
               "trafficGroup": "traffic-group-local-only"
           },
           "VLAN504-FloatingIPv4": {
               "class": "SelfIp",
               "address": "172.5.4.86%10/24",
               "vlan": "VLAN504",
               "allowService": "none",
               "trafficGroup": "traffic-group-1"
           },
           "VLAN504-SelfIPv6": {
               "class": "SelfIp",
               "address": "2001:6f8:1ce1:21f8::88%10/64",
               "vlan": "VLAN504",
               "allowService": "none",
               "trafficGroup": "traffic-group-local-only"
           },
           "VLAN504-FloatingIPv6": {
               "class": "SelfIp",
               "address": "2001:6f8:1ce1:21f8::86%10/64",
               "vlan": "VLAN504",
               "allowService": "none",
               "trafficGroup": "traffic-group-1"
           },
           "HA-01": {
               "class": "SelfIp",
               "address": "1.1.1.2/24",
               "vlan": "RD_000_VLAN_SYN_4090",
               "allowService": "default",
               "trafficGroup": "traffic-group-local-only"
           },
           "HA-02": {
               "class": "SelfIp",
               "address": "2.2.2.2/24",
               "vlan": "RD_000_VLAN_SYN_4091",
               "allowService": "default",
               "trafficGroup": "traffic-group-local-only"
           },
           "RouteDomain-10": {
               "class": "RouteDomain",
               "id": 10,
               "vlans": [
                   "VLAN504"
               ],
               "connectionLimit": 0,
               "strict": true
           },
           "failoverUnicastMgmt": {
               "class": "FailoverUnicast",
               "addressPorts": [
                   {
                       "address": "/Common/HA-01/address",
                       "port": 1026
                   },
                   {
                       "address": "/Common/HA-02/address",
                       "port": 1026
                   }
               ]
           },
           "ConfigSync": {
               "class": "ConfigSync",
               "configsyncIp": "/Common/HA-01/address"
           },
           "myMirror": {
               "class": "MirrorIp",
               "primaryIp": "1.1.1.2",
               "secondaryIp": "2.2.2.2"
           }
       }
   }
   }

Expected Behavior

The traffic-groups should be configured correctly (with MAC-Masquarding and any HA-order should be set to none).

cm traffic-group traffic-group-1 {
    default-device <name-of-one-LB>
    ha-order none
    mac 16:a9:d0:30:b8:8c
    unit-id 1
}
cm traffic-group traffic-group-local-only {
    description "static failover objects"
    ha-order none
    is-floating false
}

Actual Behavior

The traffic-groups is not configured correctly.

cm traffic-group traffic-group-1 {
    default-device <name-of-one-LB>
    unit-id 1
}
cm traffic-group traffic-group-local-only {
    description "static failover objects"
    is-floating false
}

[dstokesf5]

Thank you for your feedback. It looks like DO is unable to find a MAC address associated with the 1.3 interface. Can you provide the output from a GET request to <big-ip-host>/mgmt/tm/sys/mac-address? Feel free to redact the output, I am just checking to see if there is an address that has an objectId that matches the requested interface.

[joebride]

Hi, find attached the output: issue-362_DO-MAC-masquerade-HaOrder.txt