F5Networks
Subnet docs are incorrect
Hi,
The subnet documentation for f5-existing-stack-across-az-cluster-byol-3nic-bigip.template is wrong:
| CFT Label | Parameter Name | Required | Description |
|---|---|---|---|
| Subnet1 AZ1 | subnet1Az1 | Yes | Public or External subnet ID for Availability Zone 1. |
| Subnet1 AZ1 | subnet1Az2 | Yes | Public or External subnet ID for Availability Zone 2. |
| Subnet2 AZ1 | subnet1Az1 | Yes | Public or External subnet ID for Availability Zone 1. |
| Subnet2 AZ1 | subnet1Az2 | Yes | Public or External subnet ID for Availability Zone 2. |
Should probably be:
| CFT Label | Parameter Name | Required | Description |
|---|---|---|---|
| Subnet1 AZ1 | subnet1Az1 | Yes | Public or External subnet ID for Availability Zone 1. |
| Subnet1 AZ2 | subnet1Az2 | Yes | Public or External subnet ID for Availability Zone 2. |
| Subnet2 AZ1 | subnet2Az1 | Yes | Public or External subnet ID for Availability Zone 1. |
| Subnet2 AZ2 | subnet2Az2 | Yes | Public or External subnet ID for Availability Zone 2. |
Also it's unclear what's the different between Subnet1 and Subnet2 in each AZ as they have the same description.
Thanks.
@ArtiomL Good catch on the parameter name column. I see the other one now too "Public or External subnet ID"
this documentation bit confusing, as it says eventually all 3 subnets needs to be public.
"An existing AWS VPC with two separate Availability Zones, each with two subnets: Management subnet (called Public in the AWS UI). The subnet for the management network requires a route and access to the Internet for the initial configuration to download the BIG-IP cloud library. External subnet (called Private in the AWS UI)." ----> Per this write up management subnet is public.
Then in parameter table description ( as shown in table) for rest subnets, its agains says "Public or External subnet ID for Availability Zone *"
| CFT Label | Parameter Name | Required | Description |
|---|---|---|---|
| Subnet1 AZ1 | subnet1Az1 | Yes | Public or External subnet ID for Availability Zone 1. |
| Subnet1 AZ2 | subnet1Az2 | Yes | Public or External subnet ID for Availability Zone 2. |
| Subnet2 AZ1 | subnet2Az1 | Yes | Public or External subnet ID for Availability Zone 1. |
| Subnet2 AZ2 | subnet2Az2 | Yes | Public or External subnet ID for Availability Zone 2. |
Also, in first snippets its says external means private ( so weird ) and in table description its says Public or External Subnet ID, here external means Public.
What is really true if anyone can clarify this?
Sorry for the confusion, we are updating these docs to fix a number of issues in the 3NIC failover templates. The table should look like:
| CFT Label | Parameter Name | Required | Description |
|---|---|---|---|
| Management Subnet AZ1 | managementSubnetAz1 | Yes | Management subnet ID for Availability Zone 1. |
| Management Subnet AZ2 | managementSubnetAz2 | Yes | Management subnet ID for Availability Zone 2. |
| Subnet1 AZ1 | subnet1Az1 | Yes | Public or External subnet ID for Availability Zone 1. |
| Subnet1 AZ2 | subnet1Az2 | Yes | Public or External subnet ID for Availability Zone 2. |
| Subnet2 AZ1 | subnet2Az1 | Yes | Private or Internal subnet ID for Availability Zone 1. |
| Subnet2 AZ1 | subnet2Az2 | Yes | Private or Internal subnet ID for Availability Zone 2. |
The description at the top should read: In a 3-NIC implementation, each BIG-IP VE has 3 network interfaces (NICs), one for management, one for external traffic, and one for internal traffic.
And the prerequisites should read:
- An existing AWS VPC with two separate Availability Zones, each with three subnets:
- A subnet for the BIG-IP management interface. The subnet for the management network requires a route and access to the Internet for the initial configuration to download the BIG-IP cloud library.
- A subnet for the BIG-IP external interface.
- A subnet for the BIG-IP internal interface.
We are considering an out of band update to update the documentation for this issue, rather than waiting for the next release. I'll update this issue when a decision is reached.
When the documentation is updated, it would be helpful to indicate which of these three need to have a path to the Internet. Originally, it was management, but in recent CFTs, it seems to require both management and external interfaces have a path to the Internet.
Also a comment that if either of those are private IPs, then the customer must provide a NAT gateway for access.
re-opening issue to have docs include additional notes suggested by @C0missar
thanks!
This enhancement to our documentation is now being tracked internally with ID ESECLDTPLT-2055.
Closing. These legacy templates are now in maintenance mode and are being replaced by our next-generation templates available in the Cloud Templates 2.0 GitHub repo.
Our documentation has been completely redone for V2.