ALZ-Bicep icon indicating copy to clipboard operation
ALZ-Bicep copied to clipboard
verified publisher icon Azure

Public IP SKU does not support multi zone

Open jaredfholgate opened this issue 1 year ago • 5 comments

What happened? Provide a clear and concise description of the bug, including deployment details.

Ran the accelerator with a multi-zone in UK South and with hub networking option selected. The public IP creation fails due to the the SKU.

Please provide the correlation id associated with your error or bug.

xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

What was the expected outcome?

It works. :)

Relevant log output

| 'Hub-(Hub-and-Spoke)-Deployment-20240628T1606360764Z' failed with
     | error(s). Showing 1 out of 1 error(s). Status Message: Standard Public
     | IPs associated with VPN gateways with non-AZ VPN skus cannot have zones
     | configured. (Code:
     | RegionalVmssVpnGatewayPublicIpsMustNotHaveZonesConfigured)  
     | CorrelationId: 3fdbface-91db-469f-8d5e-138d32c7b02e

Check previous GitHub issues

  • [X] I have searched the issues for this item and found no duplicate

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

jaredfholgate avatar Jun 28 '24 17:06 jaredfholgate

Just out of curiosity @jaredfholgate: Did you also choose a VPN gateway SKU that is zone redundant? Something like VpnGw2AZ? The error message says that the public IPs are zone-configured, but the gateway is not.

cloudchristoph avatar Jul 02 '24 07:07 cloudchristoph

@cloudchristoph I am just running the Bicep accelerator with the default parameters. I am in the process of automating the accelerator to bring in line with Terraform and I saw this issue, so reported here. @oZakari is aware.

The issue only materialised when I added the multi-zone support back in and deployed in uksouth.

I am guessing the parameters for VPN Gateway SKU need updating for the accelerator?

jaredfholgate avatar Jul 03 '24 09:07 jaredfholgate

It may be the case that is needs to be handled here? https://github.com/Azure/ALZ-PowerShell-Module/blob/main/src/ALZ/Private/Config-Helpers/Add-AvailabilityZonesBicepParameters.ps1

jaredfholgate avatar Jul 03 '24 09:07 jaredfholgate

@oZakari I found some other parameter files for vwan and hub that have zone redundant configuration. I will target those ones in the new version of the accelerator instead. I'm not sure whether this issue impacts the current version, but I think it probably does since it doesn't appear to target the zone redundant parameters. I guess if no one is complaining about it, we can close this issue anyway as I believe I am unblocked now.

These are the parameter files:

  • https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/hubNetworking/parameters/hubNetworking.parameters.az.all.json
  • https://github.com/Azure/ALZ-Bicep/blob/main/infra-as-code/bicep/modules/vwanConnectivity/parameters/vwanConnectivity.parameters.az.all.json

jaredfholgate avatar Jul 08 '24 08:07 jaredfholgate

Reopening as I'll fix the existing Accelerator to include the correct sku in hub networking module by default.

oZakari avatar Jul 08 '24 20:07 oZakari