Azure Function keeps failing

[ppetchged]

Hello Team,

The Azure Function keeps failing. I could not get it to work. I tried v1 or the one from Meraki's site. Same issue.

2021-06-24 16:45:02.024 Result: Failure Exception: IndexError: list index out of range Stack: File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 398, in _handleinvocation_request call_result = await self._loop.run_in_executor( File "/usr/local/lib/python3.8/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, self.kwargs) File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 602, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(args) File "/home/site/wwwroot/Meraki-VWAN-Automation/init.py", line 974, in main meraki_vpn_failover() File "/home/site/wwwroot/Meraki-VWAN-Automation/init__.py", line 88, in meraki_vpn_failover network_id_list.append(org_network_response[0]['id']) Error

[MitchellGulledge]

This is strange, is this a newly deployed function app? If so, we just made a few commits and updated the button to point to a new branch of code v1API2 here: https://documentation.meraki.com/MX/Deployment_Guides/Cisco_Meraki_MX_Branch_to_Azure_Virtual_WAN_Deployment_Guide The change was pushed yesterday. Additionally, it appears that this is a issue with failing over the Meraki VPN and how I might be indexing a response org_network_response[0]['id'] might not need that [0]. Might be a scenario where the indexing is not needed but would like to confirm the branch you are on first.

[MitchellGulledge]

Is this the same issue that is recorded here: https://github.com/MitchellGulledge/Meraki-vWAN/issues/27 is the status of your tunnel down and we do not have vpn events in the event log?

[ppetchged]

Yes.This is brand new deployment. I tried the one from this link https://documentation.meraki.com/MX/Deployment_Guides/Cisco_Meraki_MX_Branch_to_Azure_Virtual_WAN_Deployment_Guide and the one from GitHub

[ppetchged]

Is this the same issue that is recorded here: #27 is the status of your tunnel down and we do not have vpn events in the event log?

Correct. No events in the event log.

[MitchellGulledge]

Ah, if you send some pings from the MX in dashboard to any IP that is in the Azure subnets do we see the tunnel brought up and do the errors stop? This is likely just due to the fact that there are no VPN events in the event log and I am trying to index something that doesnt exist because the tunnel isnt brought up. Which is something that should be fixed ASAP but may not be business impacting etc

[ppetchged]

Ping did not help. I switched to the function from this link https://documentation.meraki.com/MX/Deployment_Guides/Cisco_Meraki_MX_Branch_to_Azure_Virtual_WAN_Deployment_Guide

2021-06-24 18:50:36.869 Result: Failure Exception: IndexError: list index out of range Stack: File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 398, in _handleinvocation_request call_result = await self._loop.run_in_executor( File "/usr/local/lib/python3.8/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, self.kwargs) File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 602, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(args) File "/home/site/wwwroot/Meraki-VWAN-Automation/init.py", line 974, in main meraki_vpn_failover() File "/home/site/wwwroot/Meraki-VWAN-Automation/init__.py", line 123, in meraki_vpn_failover event_data = events_response_data[-1]['eventData'] Error

2021-06-24 18:50:36.870 Executed 'Functions.Meraki-VWAN-Automation' (Failed, Id=6fbeb939-a4e8-4446-b2e9-b19ef62c2f77, Duration=36851ms) Error

2021-06-24 18:50:36.878 Result: Failure Exception: IndexError: list index out of range Stack: File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 398, in _handleinvocation_request call_result = await self._loop.run_in_executor( File "/usr/local/lib/python3.8/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, self.kwargs) File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/dispatcher.py", line 602, in _run_sync_func return ExtensionManager.get_sync_invocation_wrapper(context, File "/azure-functions-host/workers/python/3.8/LINUX/X64/azure_functions_worker/extension.py", line 215, in _raw_invocation_wrapper result = function(args) File "/home/site/wwwroot/Meraki-VWAN-Automation/init.py", line 974, in main meraki_vpn_failover() File "/home/site/wwwroot/Meraki-VWAN-Automation/init__.py", line 123, in meraki_vpn_failover event_data = events_response_data[-1]['eventData'] Error

[MitchellGulledge]

Can you send me the mac/serial for your Meraki box? Is the tunnel coming up at all? I think the script is looking for event log data that may not exist, but want to confirm

[ppetchged]

We have a HA pair here is the primary one Q2KN-AACV-UBXR, No Tunnel coming up.

Our Firmware is Current version: MX 15.42

[ppetchged]

and just want to make sure. I don't need to create a VPN site in Virtual HUB , Correct ? The script will create the VPN site for me.

[MitchellGulledge]

The script will take care of that, but the reason this is failing is because you do not have any local subnets in your site to site vpn page selected for yes to be allowed inside the VPN. Select a subnet as yes and then send some pings (this is why there were not any logs in the first place) and you should be good to go :) (this explains why there were no vpn logs in the event log showing the error you pasted above)

[ppetchged]

You mean this part, Correct ?

[MitchellGulledge]

yes :)

[ppetchged]

yes :)

No luck. I enabled subnets needed to be on VPN. Tried ping to another site and still no events. I will wait for a bit then.

[ppetchged]

Still no VPN event Logs.

[ppetchged]

and when I tried run this code manually. I got 500 error. I'm run our of ideas here :-(

[MitchellGulledge]

taking some captures now, can you confirm the site is there with the correct public IPs in the vWAN dashboard?

[MitchellGulledge]

can we create a local vlan called test with an unused IP space that is in vpn? (not a static route) I am. not seeing interesting traffic going in the tunnel on the Meraki and dont see phase 1 packets going out. And since we cannot source a ping from a static route it will not match the IKEv2 traffic selectors for the IPsec config. I worry that this might be the root problem

[ppetchged]

test

OK. I got a new VLAN created and have a computer connected to this VLAN and pinging the VPN gateway in Azure. The public IPs of AZure VPN Gateway are correct.

[MitchellGulledge]

Hmm okay now I can see some ISAKMP traffic sourced from the MX64 but nothing coming back from Azure.

Can you confirm we have the correct private subnets in the azure customer gateway config? Something is very strange here :(

[MitchellGulledge]

Like I can see us trying to initiate a tunnel now which I couldnt before after generating interesting traffic so definately progress but now I dont see the ISAKMP traffic from the vWAN hub

[MitchellGulledge]

Looks like your tunnel is up now, did you have to do anything to remediate the function or did it correct after some time?

[MitchellGulledge]

Hello, wanted to check in and verify whether or not you are still seeing issues with the Azure function?

[MitchellGulledge]

I am going to close this case, feel free to reopen if you encounter any further issues :)