Skip to content
This repository has been archived by the owner on Apr 17, 2020. It is now read-only.

DCHP default route does not catch Azure metadata 169.254.169.254 traffic: ECONNREFUSED #21

Closed
JeffGiroux opened this issue Mar 19, 2020 · 5 comments
Labels
documentation Improvements or additions to documentation

Comments

@JeffGiroux
Copy link

JeffGiroux commented Mar 19, 2020

A default route created by Azure DHCP does not catch traffic going to Azure metadata service as required by the CFE pre-reqs which is 169.254.169.254. If I hit certain API URLs for CFE then I get ECONNREFUSED.

Example endpoint = /reset
Hitting above endpoint without 169.254.169.254 specifically configured as a route will result in unreachable.

My Azure deployment creates DHCP routes like this...

sys management-route default {
description configured-by-dhcp
gateway 10.90.1.1
network default
}
sys management-route dhclient_route1 {
description configured-by-dhcp
gateway 10.90.1.1
network 168.63.129.16/32
}

The note in documentation states this...
"Certain BIG-IP versions and/or topologies may use DHCP to create the management routes (for example: dhclient_route1), if that is the case the below steps are not required."

However, my dhclient_route1 does not contain the network address required by CFE. Therefore, I have to manually add an additional route according to CFE documentation. My example...

tmsh modify sys db config.allow.rfc3927 value enable
tmsh create sys management-route metadata-route network 169.254.169.254/32 gateway 10.90.1.1

If you do not add the config.allow.rfc3927 ahead of time, then F5 will not allow you to add the 169.x.x.x route. Error = 01020062:3: IP Address 169.254.169.254 is invalid, link-local address not allowed.

Can you validate and/or update documentation if needed.

@shyawnkarim
Copy link

Internal bug ID AUTOSDK-236 created for this.

@alaari-f5
Copy link
Collaborator

Hi Jeff,

We already state in clouddocs documentation the steps to take, if the route is not created, on how to add a route on BIG-IP to talk to Azure’s Instance Metadata Services using either TMSH or DO.

Clouddocs link:
https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/azure.html#azure-ims

Is there some documentation aspects that need to be further clarified?

@JeffGiroux
Copy link
Author

JeffGiroux commented Mar 23, 2020

Yes, I realize that. But the docs currently state this...
"Certain BIG-IP versions and/or topologies may use DHCP to create the management routes (for example: dhclient_route1), if that is the case the below steps are not required."

And that is not true. In Azure, the default route does not catch the 169.254.169.254 address prefix. So...either you need to add extra clarification around the Azure use case. Or...I would recommend not stating for sure that the default route will make the "below steps not required". Instead, it should be suggested that cloud providers install a dhcp route, but in some providers that route does not catch all address prefixes. Azure is one of those examples.

@mikeoleary
Copy link

To echo what JeffGiroux experienced, I was walking through the same document and was unsure if my dhcp routes created by Azure meant that running those commands were required or not. Turns out, like Jeff, I did have a management route called "dhclient_route1" but I am still required to run the commands to set up a mgmt route for 169.254.169.254/32

In my case, I ran the command without first editing the default gw to my eth0 gw, so I pointed that route at 192.0.2.1 like in the documentation. I realized my issue and removed and re-added the mgmt route, but I don't think it's very clear for a novice user following the instructions. Could you update the instructions to say "replace 192.0.2.1 with your eth0 gw" or words to that effect?

@alaari-f5
Copy link
Collaborator

Closing this issue

As of release CFE 1.2 we moved this CFE repo under F5Networks. Your issue was recreated there. To follow-up on this issue visit:

F5Networks/f5-cloud-failover-extension#6

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
documentation Improvements or additions to documentation
Projects
None yet
Development

No branches or pull requests

4 participants