shyawnkarim
commented
4 years ago Internal bug ID AUTOSDK-236 created for this.
Closed JeffGiroux closed 4 years ago
shyawnkarim
commented
4 years ago Internal bug ID AUTOSDK-236 created for this.
alaari-f5
commented
4 years ago Hi Jeff,
We already state in clouddocs documentation the steps to take, if the route is not created, on how to add a route on BIG-IP to talk to Azure’s Instance Metadata Services using either TMSH or DO.
Clouddocs link: https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/azure.html#azure-ims
Is there some documentation aspects that need to be further clarified?
JeffGiroux
commented
4 years ago Yes, I realize that. But the docs currently state this... "Certain BIG-IP versions and/or topologies may use DHCP to create the management routes (for example: dhclient_route1), if that is the case the below steps are not required."
And that is not true. In Azure, the default route does not catch the 169.254.169.254 address prefix. So...either you need to add extra clarification around the Azure use case. Or...I would recommend not stating for sure that the default route will make the "below steps not required". Instead, it should be suggested that cloud providers install a dhcp route, but in some providers that route does not catch all address prefixes. Azure is one of those examples.
mikeoleary
commented
4 years ago To echo what JeffGiroux experienced, I was walking through the same document and was unsure if my dhcp routes created by Azure meant that running those commands were required or not. Turns out, like Jeff, I did have a management route called "dhclient_route1" but I am still required to run the commands to set up a mgmt route for 169.254.169.254/32
In my case, I ran the command without first editing the default gw to my eth0 gw, so I pointed that route at 192.0.2.1 like in the documentation. I realized my issue and removed and re-added the mgmt route, but I don't think it's very clear for a novice user following the instructions. Could you update the instructions to say "replace 192.0.2.1 with your eth0 gw" or words to that effect?
alaari-f5
commented
4 years ago Closing this issue
As of release CFE 1.2 we moved this CFE repo under F5Networks. Your issue was recreated there. To follow-up on this issue visit:
https://github.com/F5Networks/f5-cloud-failover-extension/issues/6
A default route created by Azure DHCP does not catch traffic going to Azure metadata service as required by the CFE pre-reqs which is 169.254.169.254. If I hit certain API URLs for CFE then I get ECONNREFUSED.
Example endpoint = /reset Hitting above endpoint without 169.254.169.254 specifically configured as a route will result in unreachable.
My Azure deployment creates DHCP routes like this...
sys management-route default { description configured-by-dhcp gateway 10.90.1.1 network default } sys management-route dhclient_route1 { description configured-by-dhcp gateway 10.90.1.1 network 168.63.129.16/32 }
The note in documentation states this... "Certain BIG-IP versions and/or topologies may use DHCP to create the management routes (for example: dhclient_route1), if that is the case the below steps are not required."
However, my dhclient_route1 does not contain the network address required by CFE. Therefore, I have to manually add an additional route according to CFE documentation. My example...
tmsh modify sys db config.allow.rfc3927 value enable tmsh create sys management-route metadata-route network 169.254.169.254/32 gateway 10.90.1.1
If you do not add the config.allow.rfc3927 ahead of time, then F5 will not allow you to add the 169.x.x.x route. Error = 01020062:3: IP Address 169.254.169.254 is invalid, link-local address not allowed.
Can you validate and/or update documentation if needed.