Closed JeffGiroux closed 4 years ago
Internal issue created to track this: AUTOSDK-160
You can make use of defaultNextHopAddresses.discoveryType = routeTag and use the f5_self_ips tag on the route table as a workaround. Although this causes some issues in IaaC scenarios so this should only be used temporarily until CFE support for this using discoveryType = static is added.
Hi, this workaround does not seem to work in Azure, here's the error code generated:
Thu, 06 Feb 2020 13:58:09 GMT - severe: [f5-cloud-failover] failover.execute() error: Cannot read property 'disassociate' of undefined TypeError: Cannot read property 'disassociate' of undefined at _discoverAddressOperations.then.operations (/var/config/rest/iapps/f5-cloud-failover/nodejs/providers/azure/cloud.js:132:66) at tryCatcher (/usr/share/rest/node/node_modules/bluebird/js/release/util.js:16:23) at Promise._settlePromiseFromHandler (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:512:31) at Promise._settlePromise (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:569:18) at Promise._settlePromiseCtx (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:606:10) at Async._drainQueue (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:138:12) at Async._drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:143:10) at Immediate.Async.drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:17:14) at runCallback (timers.js:794:20) at tryOnImmediate (timers.js:752:5) at processImmediate [as _immediateCallback] (timers.js:729:5)
I'm working in AWS on a complex (multi-tier) Across-Net customer scenario that requires CFE to update two different routes in two different route tables...
I need to be able to configure CFE along these lines: { "class": "Cloud_Failover", "environment": "aws", "controls": { "class": "Controls", "logLevel": "silly" }, "externalStorage": { "scopingTags": { "f5_cloud_failover_label": "transit-az-failover" } }, "failoverAddresses": { "scopingTags": { "f5_cloud_failover_label": "transit-az-failover" } }, "failoverRoutes": { "scopingTags": { "f5_cloud_failover_label": "gccap-az-failover" }, "scopingAddressRanges": [ { "range": "100.100.0.0/16", "nextHopAddresses": { "discoveryType": "static", "items": [ "10.1.3.13", "10.1.13.13" ] } }, { "range": "100.65.4.0/29", "nextHopAddresses": { "discoveryType": "static", "items": [ "10.1.3.13", "10.1.13.13" ] } }, { "range": "100.65.5.0/29", "nextHopAddresses": { "discoveryType": "static", "items": [ "10.1.4.13", "10.1.14.13" ] } }, { "range": "0.0.0.0/0", "nextHopAddresses": { "discoveryType": "static", "items": [ "10.1.4.13", "10.1.14.13" ] } } ] } }
any updates on this? I'm seeing similar issues in AWS where I'm unable to specify the internal interface as the target of a route change.
Tue, 24 Mar 2020 19:07:55 GMT - finest: [f5-cloud-failover] updateRoutes: {"localAddresses":["10.1.21.123","10.1.11.55"],"discoverOnly":true}
Tue, 24 Mar 2020 19:07:55 GMT - finest: [f5-cloud-failover] Next hop address: 10.1.21.123
Tue, 24 Mar 2020 19:07:56 GMT - finest: [f5-cloud-failover] Moving public address: 52.21.244.67 to address: 10.1.11.205, and off of 10.1.10.14
Tue, 24 Mar 2020 19:07:56 GMT - severe: [f5-cloud-failover] failover.execute() error: Cannot read property 'NetworkInterfaceId' of undefined TypeError: Cannot read property 'NetworkInterfaceId' of undefined
at _listNics.then.nics (/var/config/rest/iapps/f5-cloud-failover/nodejs/providers/aws/cloud.js:453:51)
at tryCatcher (/usr/share/rest/node/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:512:31)
at Promise._settlePromise (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:569:18)
at Promise._settlePromise0 (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:614:10)
at Promise._settlePromises (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:693:18)
at Async._drainQueue (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:133:16)
at Async._drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:143:10)
at Immediate.Async.drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:17:14)
at runCallback (timers.js:794:20)
at tryOnImmediate (timers.js:752:5)
at processImmediate [as _immediateCallback] (timers.js:729:5)
Tue, 24 Mar 2020 19:07:56 GMT - finest: [f5-cloud-failover] Uploading data to: f5cloudfailover/f5cloudfailoverstate.json {"taskState":"FAILED","message":"Failover failed because of failover.execute() error: Cannot read property 'NetworkInterfaceId' of undefined TypeError: Cannot read property 'NetworkInterfaceId' of undefined\n at _listNics.then.nics (/var/config/rest/iapps/f5-cloud-failover/nodejs/providers/aws/cloud.js:453:51)\n at tryCatcher (/usr/share/rest/node/node_modules/bluebird/js/release/util.js:16:23)\n at Promise._settlePromiseFromHandler (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:512:31)\n at Promise._settlePromise (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:569:18)\n at Promise._settlePromise0 (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:614:10)\n at Promise._settlePromises (/usr/share/rest/node/node_modules/bluebird/js/release/promise.js:693:18)\n at Async._drainQueue (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:133:16)\n at Async._drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:143:10)\n at Immediate.Async.drainQueues (/usr/share/rest/node/node_modules/bluebird/js/release/async.js:17:14)\n at runCallback (timers.js:794:20)\n at tryOnImmediate (timers.js:752:5)\n at processImmediate [as _immediateCallback] (timers.js:729:5)","timestamp":"2020-03-24T19:07:56.130Z","instance":"ip-10-1-2-228.ec2.internal","failoverOperations":{"addresses":null,"routes":null}}
Tue, 24 Mar 2020 19:08:01 GMT - finest: socket 202 closed
This issue will be fixed in our next release (1.2), which is scheduled to wrap up April 17th.
fixed in CFE 1.2. Pls see https://github.com/f5networks/f5-cloud-failover-extension
Version: 1.0.0 CFE
Problem/Request: Requesting enhancement to allow CFE to update routes and use different self IPs on external and internal network. Currently, CFE will only use one "network" worth of self IPs.
Use case: Send RFC1918 VIP range(s) for "external" traffic to external self IPs. Send RFC1918 VIP range(s) for "internal" traffic to internal self IPs. Yes we can do some of this functionality with aliasIPs, but there are use cases where BIG-IP will need to be "in-line" going both directions. For example, no-SNAT'ing in both directions requires routes on both side. If multi-nic BIG-IP, then there will be different sets of self IPs per network.
Example use case setup: External subnet = 10.1.10.0/24 External self IPs = 10.1.10.35 and 10.1.10.36 External VIP range = 10.100.100.0/24 Internal subnet = 10.1.20.0/24 Internal self IPs = 10.1.20.31 and 10.1.20.32 Internal VIP range = 10.200.200.0/24 Mgmt subnet = 10.1.1.0/24
Route for external VIPs… gcloud compute routes create jg-route1-external --destination-range=10.100.100.0/24 --network=jgiroux-net-ext --next-hop-address=10.1.10.35 --description='f5_cloud_failover_labels={"goog-dm":"jg-f5-api-ha"}'
Route for internal traffic… gcloud compute routes create jg-route2-internal --destination-range=10.200.200.0/24 --network=jgiroux-net-int --next-hop-address=10.1.20.31 --description='f5_cloud_failover_labels={"goog-dm":"jg-f5-api-ha"}'
Declaration example… { "class": "Cloud_Failover", "environment": "gcp", "externalStorage": { "scopingTags": { "goog-dm": "jg-f5-api-ha" } }, "failoverAddresses": { "scopingTags": { "goog-dm": "jg-f5-api-ha" } }, "failoverRoutes": { "scopingTags": { "goog-dm": "jg-f5-api-ha" }, "scopingAddressRanges": [ { "range": "10.100.100.0/24" }, { "range": "10.200.200.0/24" } ], "defaultNextHopAddresses": { "discoveryType": "static", "items": [ "10.1.10.35", "10.1.10.36", "10.1.20.31", "10.1.20.32" ] } }, "controls": { "class": "Controls", "logLevel": "info" } }
Expected results:
Actual results: CFE tries to update the 10.200.200.0/24 route with next hop self IP 10.1.10.x which does not reside in 10.1.20.0/24 address space. Error.
/var/log/restnoded/restnoded.log Thu, 30 Jan 2020 05:26:40 GMT - info: [f5-cloud-failover] Performing failover - execute Thu, 30 Jan 2020 05:26:41 GMT - info: [f5-cloud-failover] Performing Failover - discovery Thu, 30 Jan 2020 05:26:42 GMT - info: [f5-cloud-failover] Performing Failover - update Thu, 30 Jan 2020 05:26:48 GMT - info: [f5-cloud-failover] Disassociate NICs successful. Thu, 30 Jan 2020 05:26:50 GMT - severe: [f5-cloud-failover] failover.execute() error: https://www.googleapis.com/compute/v1/projects/f5-4136-mspteam-dev/global/routes/ status code 400, status message Bad Request, body: {"error":{"errors":[{"domain":"global","reason":"invalid","message":"Invalid value for field 'resource.nextHopIp': '10.1.10.35'. 10.1.10.35 must lie within the address spaces of (10.1.20.0/24)."}],"code":400,"message":"Invalid value for field 'resource.nextHopIp': '10.1.10.35'. 10.1.10.35 must lie within the address spaces of (10.1.20.0/24)."}} Error: https://www.googleapis.com/compute/v1/projects/f5-4136-mspteam-dev/global/routes/ status code 400, status message Bad Request, body: {"error":{"errors":[{"domain":"global","reason":"invalid","message":"Invalid value for field 'resource.nextHopIp': '10.1.10.35'. 10.1.10.35 must lie within the address spaces of (10.1.20.0/24)."}],"code":400,"message":"Invalid value for field 'resource.nextHopIp': '10.1.10.35'. 10.1.10.35 must lie within the address spaces of (10.1.20.0/24)."}} at IncomingMessage.response.on (/var/config/rest/iapps/f5-cloud-failover/node_modules/@f5devcentral/f5-cloud-libs/lib/httpUtil.js:175:45) at emitNone (events.js:111:20) at IncomingMessage.emit (events.js:208:7) at endReadableNT (_stream_readable.js:1064:12) at _combinedTickCallback (internal/process/next_tick.js:138:11) at process._tickCallback (internal/process/next_tick.js:180:9) Thu, 30 Jan 2020 05:26:53 GMT - info: [f5-cloud-failover] Associate NICs successful. Thu, 30 Jan 2020 05:27:12 GMT - info: [f5-cloud-failover] Updated forwarding rules successfully