-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Network] Support active-active VNet gateways #2751
Conversation
Codecov Report
@@ Coverage Diff @@
## master #2751 +/- ##
==========================================
- Coverage 62.86% 62.86% -0.01%
==========================================
Files 480 480
Lines 25855 25886 +31
Branches 3915 3923 +8
==========================================
+ Hits 16254 16273 +19
- Misses 8589 8603 +14
+ Partials 1012 1010 -2
Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Code looks good to me.
Can you include help output also?
The relevant text for update is the same. |
@tjprescott Looking at the help for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Added 1 q.
@derekbekoe good point. It used to say space-separated. I'll add that back in. |
* Start active-active test scenario. * Add active-active parameter. * Active-active scenario test 1 (cross premise) * Add second active-active scenario (vnet-to-vnet) * Refine active-active gateway configuration. * Pylint... * Code review feedback
Travis – I was OOF last week so couldn’t respond earlier. A few things to take care of when you implement Active-Active support. Maybe you have already taken care of some/all of them
1. SKU: this is only supported on HighPerformance SKU. Please add this check.
2. In PS there is a separate active-active parameter which has to be specified for enabling active-active config. I don’t see this flag in CLI. Unlike normal GWs where BGP is not enabled when creating the Gateway, in the case of active-active, BGP is enabled on the Gateway when it is setup for active-active. So this flag is important. Looks like the underlying NRP has a setting for this too. When BGP gets enabled an ASN and 2 BGP peering address (one for each gateway) automatically get assigned
3. We don’t need bgp-peering-address. We had discussed this for normal Gateway too. It gets assigned automatically. Looks like that fix has not been made. Can you remove that param?
4. Active-active supports 2 scenarios when connecting to on-prem
a. Both Azure GWs connect to a single on-prem GW. So two connections. There is a single local network gateway and when adding a connection to this local network GW both these are automatically added.
b. The two azure GWs connect to 2 on-prem GWs. So 4 connections. There are 2 local network GWs in this case and a connection is added to each of them to get 4 connections in total
I think you don’t have to worry about this because it should all be handled in the layers below NRP but please check and ensure there are no checks at the NRP level
5. In the case of VNET-VNET active-active connections the steps differ for the connection addition. A connection is added from VNET1 to VNET2 and another from VNET2 to VNET1. At the end of these two steps you will have 4 connections, 1 each between each of the two GWs in the 2 VNETs
6. The output JSON should be modified accordingly to show the two public IPs, the two BGP peering IPs etc.
|
4-5. I'll take a second look at the scenario tests and update accordingly.
|
* Enable delay-load of descriptions for commands (speed up az) * Update find indexing commands to accept callables for description. * Command load time in progress * - Moved previously dead command filter from parser to application configuration. - Removed unused configuration object/argv on application create. * Remove unused argument (pylint) * Remove dummy parameter * Fix for python 2.7 * Fix yet incorrect passage of parameters * Fix up additional pylint complaints * Update tests * Update tests * Fix up more tests * Fix up more core tests * Enable delay-load of descriptions for commands (speed up az) * Update find indexing commands to accept callables for description. * [Network] Remove nulls from VPN connection show/list output (#2748) * Fix #1615. * Code review feedback. * Update test docs for running individual test and all tests in mod (#2763) * Update test docs for running individual test and all tests in mod * Made feedback changes * Make argument parameters match up. (#2717) Make lock command parameter aliases match up with resource commands. * [DevTestLabs] Adding scenario test to create simple Linux + Windows VM in lab (#2767) * WIP create linux + Windows vm in lab * Adding recording * Add some more error checking/handling. (#2768) Add more validation to resolve "lock level" for lock commands. * Fix doc references to azure.cli.commands (#2740) * Fix doc references to azure.cli.commands This module has moved to azure.cli.core.commands * Fix PyLint * Add clearer guidelines on modifying changelog (#2739) * Add clearer guidelines on modifying changelog * A few smaller changes * another small format change * Code review changes * [DevTestLabs] Exposing commands to manage secrets in the lab (#2691) * ACS Update: nulling out the windows profile so that there isn't a validation fail… (#2764) * nulling out the windows profile so that there isn't a valdiation failure for missing password ACS doesn't return a password on GET. az acs scale command does a GET then PUT, but since ACS doesn't return the password the verification is failing before the PUT is sent to ACS. There is a bug in ACS this exposes. So this shouldn't be merged until after the ACS rollout finishes. Should be about start of next week. * updating history * updating version in history * removing white space added by editor * [Compute] Fix issues with VMSS and VM availability set update. (#2773) * Fix issues with VMSS and VM availability set update. * Update help. Fix #2762. * Error out if you try to list resources for a group that doesn't exist. (#2769) * Minor text fixes (#2776) * Add docs for az lock update. (#2702) * [DevTestLab] Explicitly enable usage of saved secrets while lab vm creation (#2686) * Explicitly enable usage of saved secrets for vm creation * Better error message with not overriding competing paramters * Adding export-artifacts commands on formula (#2707) * core: apply configured defaults on optional arg (#2770) * Core:apply configured defaults on optional argument * add a test * add tests * update history doc * address review feedback * [Network] Support active-active VNet gateways (#2751) * Start active-active test scenario. * Add active-active parameter. * Active-active scenario test 1 (cross premise) * Add second active-active scenario (vnet-to-vnet) * Refine active-active gateway configuration. * Pylint... * Code review feedback * Packaged release notes and changes for 0.2.4 (#2735) * Modify HISTORY.md * Update Dockerfile * Update debian also * Add pip dependencies also * Command load time in progress * - Moved previously dead command filter from parser to application configuration. - Removed unused configuration object/argv on application create. * Remove unused argument (pylint) * Remove dummy parameter * Fix for python 2.7 * Fix yet incorrect passage of parameters * Fix up additional pylint complaints * Update tests * Update tests * Fix up more tests * Fix up more core tests * Improve load time of custom.py for profile, find and configure (speeds up raw az command) * Pylint + flake8 fixes * Fix new vm tests that failed due to perf refactoring * Update redis tests that was broken due to perf refactoring * Delay-load msrest for command executions that don't need it * Fix flake8 issues * Fixing/improving detection of pageable class * flake8 fixes * Fix broken merge from upstream/master * Fix broken merge (again) * flake8 fixes * Fix up even more merge errors from last upstream merge * Flake8 fixes (wrong number of newlines) * Fix delay load of storage assembly for az * Update history to reference improved performance
1. I don’t know what the current design is. Where do the checks happens? At Swagger and above or at NRP/GW and errors bubble up? You can decide accordingly
2. Using 1 vs. 2 public IPs to differentiate between A-A and other scenarios is a good idea but from a customer experience point of view it is better to provide a separate param. It is precisely for this reason that we added a separate param in PS too. Also, NRP has a separate param. Do you translate 2 IPs to setting that param then?
6. I agree. The object should automatically get updated.
|
If you use the update command and change this, it will issue an info (visible with --verbose) that it is switching the gateway mode to active-standby or active-active accordingly. Also, the CLI handles the creation of the IP configs automatically so it cuts that step out of the PS scenario. |
Hi az network vnet-gateway update --name Internal-VPN --resource-group TestRG2 --public-ip-addresses Internal-ip Thanks |
+Ali
From: blackhu269 [mailto:notifications@github.com]
Sent: Wednesday, December 20, 2017 8:08 PM
To: Azure/azure-cli <azure-cli@noreply.github.com>
Cc: Aanand Ramachandran <aanandr@microsoft.com>; Review requested <review_requested@noreply.github.com>
Subject: Re: [Azure/azure-cli] [Network] Support active-active VNet gateways (#2751)
Hi
when modify the VPN GW from active-active to active-standby with the “az network vnet-gateway update“ there are the errors below, any suggestion about that ?
az network vnet-gateway update --name Internal-VPN --resource-group TestRG2 --public-ip-addresses Internal-ip
init() got multiple values for argument 'private_ip_allocation_method'
Traceback (most recent call last):
File "/opt/az/lib/python3.6/site-packages/azure/cli/main.py", line 36, in main
cmd_result = APPLICATION.execute(args)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/application.py", line 216, in execute
result = expanded_arg.func(params)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/init.py", line 381, in call
return self.handler(*args, **kwargs)
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/arm.py", line 341, in handler
raise ex
File "/opt/az/lib/python3.6/site-packages/azure/cli/core/commands/arm.py", line 296, in handler
instance = custom_function(instance, **custom_func_args)
File "/opt/az/lib/python3.6/site-packages/azure/cli/command_modules/network/custom.py", line 2081, in update_vnet_gateway
private_ip_allocation_method='Dynamic', name='vnetGatewayConfig{}'.format(i))
TypeError: init() got multiple values for argument 'private_ip_allocation_method'
Thanks
—
You are receiving this because your review was requested.
Reply to this email directly, view it on GitHub<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FAzure%2Fazure-cli%2Fpull%2F2751%23issuecomment-353253304&data=02%7C01%7Caanandr%40microsoft.com%7C77710df1ed914964db0408d548286299%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636494260650267693&sdata=ADeJDytEApRKxm%2BTBci%2Bk2R%2FAjdD4cIv8MldjZOHTpI%3D&reserved=0>, or mute the thread<https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAV3chQjZipxEjplp_Qpm3dLckql4RZ_Cks5tCdmOgaJpZM4MzMgN&data=02%7C01%7Caanandr%40microsoft.com%7C77710df1ed914964db0408d548286299%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636494260650267693&sdata=kWxtwnXV1TnqkPjJdtP1QSYCDaoeWP%2FOxTwHSOu26Eg%3D&reserved=0>.
|
@blackhu269 Can you please post the exact command that you used? Also, are you able to set it to active-active using the portal or PowerShell? We'll check the CLI and post the results. |
|
Did you try to set it to active-standby using the portal or PowerShell? and what was the result? I am trying to isolate the issue and this would help narrow it. |
Seems like powershell is the only way to successfully change the mode of the gateway https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell#a-name-aaupdateapart-4---update-existing-gateway-between-active-active-and-active-standby . We are looking into the issues wit CLI and the portal. |
@anzaman |
Closes #2050.
Adds support for active-active VNet gateways according to: https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-activeactive-rm-powershell
Essentially these scenarios all boil down to the number of public IP addresses associated with the gateway. Active-standby gateways have only one, while active-active gateways have 2. So the CLI will accept 1 or 2 public IP addresses on create or update and enables or disables active-active mode accordingly. This simplifies the scenarios as they exist in Powershell with minimal expansion of the CLI command's surface area.
This checklist is used to make sure that common guidelines for a pull request are followed.
General Guidelines
Command Guidelines
(see Authoring Command Modules)