search

f5devcentral / f5-cloud-failover-extension

F5 Cloud Failover Extension (Archived)
Apache License 2.0
5 stars 1 forks source link

RFE: Support for destinationaddress routes pointing to different network self IPs #11

Closed JeffGiroux closed 4 years ago

JeffGiroux commented 4 years ago

Version: 1.0.0 CFE

Problem/Request: Requesting enhancement to allow CFE to update routes and use different self IPs on external and internal network. Currently, CFE will only use one "network" worth of self IPs.

Use case: Send RFC1918 VIP range(s) for "external" traffic to external self IPs. Send RFC1918 VIP range(s) for "internal" traffic to internal self IPs. Yes we can do some of this functionality with aliasIPs, but there are use cases where BIG-IP will need to be "in-line" going both directions. For example, no-SNAT'ing in both directions requires routes on both side. If multi-nic BIG-IP, then there will be different sets of self IPs per network.

Example use case setup: External subnet = 10.1.10.0/24 External self IPs = 10.1.10.35 and 10.1.10.36 External VIP range = 10.100.100.0/24 Internal subnet = 10.1.20.0/24 Internal self IPs = 10.1.20.31 and 10.1.20.32 Internal VIP range = 10.200.200.0/24 Mgmt subnet = 10.1.1.0/24

Route for external VIPs… gcloud compute routes create jg-route1-external --destination-range=10.100.100.0/24 --network=jgiroux-net-ext --next-hop-address=10.1.10.35 --description='f5_cloud_failover_labels={"goog-dm":"jg-f5-api-ha"}'

Route for internal traffic… gcloud compute routes create jg-route2-internal --destination-range=10.200.200.0/24 --network=jgiroux-net-int --next-hop-address=10.1.20.31 --description='f5_cloud_failover_labels={"goog-dm":"jg-f5-api-ha"}'

Declaration example… { "class": "Cloud_Failover", "environment": "gcp", "externalStorage": { "scopingTags": { "goog-dm": "jg-f5-api-ha" } }, "failoverAddresses": { "scopingTags": { "goog-dm": "jg-f5-api-ha" } }, "failoverRoutes": { "scopingTags": { "goog-dm": "jg-f5-api-ha" }, "scopingAddressRanges": [ { "range": "10.100.100.0/24" }, { "range": "10.200.200.0/24" } ], "defaultNextHopAddresses": { "discoveryType": "static", "items": [ "10.1.10.35", "10.1.10.36", "10.1.20.31", "10.1.20.32" ] } }, "controls": { "class": "Controls", "logLevel": "info" } }

Expected results:

  1. Routes matching destination 10.100.100.0/24 on external network and self IP 10.1.10.35 will update to 10.1.10.36
  2. Routes matching destination 10.200.200.0/24 on internal network and self IP 10.1.20.31 will update to 10.1.20.32

Actual results: CFE tries to update the 10.200.200.0/24 route with next hop self IP 10.1.10.x which does not reside in 10.1.20.0/24 address space. Error.

/var/log/restnoded/restnoded.log Thu, 30 Jan 2020 05:26:40 GMT - info: [f5-cloud-failover] Performing failover - execute Thu, 30 Jan 2020 05:26:41 GMT - info: [f5-cloud-failover] Performing Failover - discovery Thu, 30 Jan 2020 05:26:42 GMT - info: [f5-cloud-failover] Performing Failover - update Thu, 30 Jan 2020 05:26:48 GMT - info: [f5-cloud-failover] Disassociate NICs successful. Thu, 30 Jan 2020 05:26:50 GMT - severe: [f5-cloud-failover] failover.execute() error: https://www.googleapis.com/compute/v1/projects/f5-4136-mspteam-dev/global/routes/ status code 400, status message Bad Request, body: {"error":{"errors":[{"domain":"global","reason":"invalid","message":"Invalid value for field 'resource.nextHopIp': '10.1.10.35'. 10.1.10.35 must lie within the address spaces of (10.1.20.0/24)."}],"code":400,"message":"Invalid value for field 'resource.nextHopIp': '10.1.10.35'. 10.1.10.35 must lie within the address spaces of (10.1.20.0/24)."}} Error: https://www.googleapis.com/compute/v1/projects/f5-4136-mspteam-dev/global/routes/ status code 400, status message Bad Request, body: {"error":{"errors":[{"domain":"global","reason":"invalid","message":"Invalid value for field 'resource.nextHopIp': '10.1.10.35'. 10.1.10.35 must lie within the address spaces of (10.1.20.0/24)."}],"code":400,"message":"Invalid value for field 'resource.nextHopIp': '10.1.10.35'. 10.1.10.35 must lie within the address spaces of (10.1.20.0/24)."}} at IncomingMessage.response.on (/var/config/rest/iapps/f5-cloud-failover/node_modules/@f5devcentral/f5-cloud-libs/lib/httpUtil.js:175:45) at emitNone (events.js:111:20) at IncomingMessage.emit (events.js:208:7) at endReadableNT (_stream_readable.js:1064:12) at _combinedTickCallback (internal/process/next_tick.js:138:11) at process._tickCallback (internal/process/next_tick.js:180:9) Thu, 30 Jan 2020 05:26:53 GMT - info: [f5-cloud-failover] Associate NICs successful. Thu, 30 Jan 2020 05:27:12 GMT - info: [f5-cloud-failover] Updated forwarding rules successfully

jsevedge commented 4 years ago

Internal issue created to track this: AUTOSDK-160

You can make use of defaultNextHopAddresses.discoveryType = routeTag and use the f5_self_ips tag on the route table as a workaround. Although this causes some issues in IaaC scenarios so this should only be used temporarily until CFE support for this using discoveryType = static is added.

kvanderp commented 4 years ago

Hi, this workaround does not seem to work in Azure, here's the error code generated:

Thu, 06 Feb 2020 13:58:09 GMT - severe: [f5-cloud-failover] failover.execute() error: Cannot read property 'disassociate' of undefined TypeError: Cannot read property 'disassociate' of undefined at _discoverAddressOperations.then.operations (/var/config/rest/iapps/f5-cloud-failover/nodejs/providers/azure/cloud.js:132:66) at tryCatcher (/usr/share/rest/node/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:512:31) at Promise._settlePromise (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:569:18) at Promise._settlePromiseCtx (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:606:10) at Async._drainQueue (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:138:12) at Async._drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:143:10) at Immediate.Async.drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:17:14) at runCallback (timers.js:794:20) at tryOnImmediate (timers.js:752:5) at processImmediate [as _immediateCallback] (timers.js:729:5)

steveh565 commented 4 years ago

I'm working in AWS on a complex (multi-tier) Across-Net customer scenario that requires CFE to update two different routes in two different route tables...

I need to be able to configure CFE along these lines: { "class": "Cloud_Failover", "environment": "aws", "controls": { "class": "Controls", "logLevel": "silly" }, "externalStorage": { "scopingTags": { "f5_cloud_failover_label": "transit-az-failover" } }, "failoverAddresses": { "scopingTags": { "f5_cloud_failover_label": "transit-az-failover" } }, "failoverRoutes": { "scopingTags": { "f5_cloud_failover_label": "gccap-az-failover" }, "scopingAddressRanges": [ { "range": "100.100.0.0/16", "nextHopAddresses": { "discoveryType": "static", "items": [ "10.1.3.13", "10.1.13.13" ] } }, { "range": "100.65.4.0/29", "nextHopAddresses": { "discoveryType": "static", "items": [ "10.1.3.13", "10.1.13.13" ] } }, { "range": "100.65.5.0/29", "nextHopAddresses": { "discoveryType": "static", "items": [ "10.1.4.13", "10.1.14.13" ] } }, { "range": "0.0.0.0/0", "nextHopAddresses": { "discoveryType": "static", "items": [ "10.1.4.13", "10.1.14.13" ] } } ] } }

chen23 commented 4 years ago

any updates on this? I'm seeing similar issues in AWS where I'm unable to specify the internal interface as the target of a route change.

Tue, 24 Mar 2020 19:07:55 GMT - finest: [f5-cloud-failover] updateRoutes:  {"localAddresses":["10.1.21.123","10.1.11.55"],"discoverOnly":true}
Tue, 24 Mar 2020 19:07:55 GMT - finest: [f5-cloud-failover] Next hop address: 10.1.21.123
Tue, 24 Mar 2020 19:07:56 GMT - finest: [f5-cloud-failover] Moving public address: 52.21.244.67 to address: 10.1.11.205, and off of 10.1.10.14
Tue, 24 Mar 2020 19:07:56 GMT - severe: [f5-cloud-failover] failover.execute() error: Cannot read property 'NetworkInterfaceId' of undefined TypeError: Cannot read property 'NetworkInterfaceId' of undefined
    at _listNics.then.nics (/var/config/rest/iapps/f5-cloud-failover/nodejs/providers/aws/cloud.js:453:51)
    at tryCatcher (/usr/share/rest/node/node_modules/bluebird/js/release/util.js:16:23)
    at Promise._settlePromiseFromHandler (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:512:31)
    at Promise._settlePromise (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:569:18)
    at Promise._settlePromise0 (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:614:10)
    at Promise._settlePromises (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:693:18)
    at Async._drainQueue (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:133:16)
    at Async._drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:143:10)
    at Immediate.Async.drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:17:14)
    at runCallback (timers.js:794:20)
    at tryOnImmediate (timers.js:752:5)
    at processImmediate [as _immediateCallback] (timers.js:729:5)
Tue, 24 Mar 2020 19:07:56 GMT - finest: [f5-cloud-failover] Uploading data to: f5cloudfailover/f5cloudfailoverstate.json {"taskState":"FAILED","message":"Failover failed because of failover.execute() error: Cannot read property 'NetworkInterfaceId' of undefined TypeError: Cannot read property 'NetworkInterfaceId' of undefined\n    at _listNics.then.nics (/var/config/rest/iapps/f5-cloud-failover/nodejs/providers/aws/cloud.js:453:51)\n    at tryCatcher (/usr/share/rest/node/node_modules/bluebird/js/release/util.js:16:23)\n    at Promise._settlePromiseFromHandler (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:512:31)\n    at Promise._settlePromise (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:569:18)\n    at Promise._settlePromise0 (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:614:10)\n    at Promise._settlePromises (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:693:18)\n    at Async._drainQueue (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:133:16)\n    at Async._drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:143:10)\n    at Immediate.Async.drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:17:14)\n    at runCallback (timers.js:794:20)\n    at tryOnImmediate (timers.js:752:5)\n    at processImmediate [as _immediateCallback] (timers.js:729:5)","timestamp":"2020-03-24T19:07:56.130Z","instance":"ip-10-1-2-228.ec2.internal","failoverOperations":{"addresses":null,"routes":null}}
Tue, 24 Mar 2020 19:08:01 GMT - finest: socket 202 closed
shyawnkarim commented 4 years ago

This issue will be fixed in our next release (1.2), which is scheduled to wrap up April 17th.

alaari-f5 commented 4 years ago

fixed in CFE 1.2. Pls see https://github.com/f5networks/f5-cloud-failover-extension