f5-declarative-onboarding
f5-declarative-onboarding copied to clipboard
Published
20 hours ago •
F5Networks
F5Networks
DO does not configure MAC_Masquerade and HaOrder!
Environment
- Declarative Onboarding Version: 1.39.0
- BIG-IP Version: 17.1.0.1
- DO was performed on TenantOS v17.1.0.1 running on LTMr2000-series (F5OS-A v1.5.0).
Summary
We are trying to onboard a device that has been device-group already configured. But DO does not configure Traffic-groups parameters, especially MacMasquerading + HaOrder.
The impact is that we cannot add MacMasquerading successfully.
"MacMasquerading": {
"class": "MAC_Masquerade",
"source": {
"interface": "1.3"
},
"trafficGroup": "traffic-group-1"
},
"traffic-group-1": {
"class": "TrafficGroup",
"autoFailbackEnabled": false,
"haOrder": [
"none"
],
"autoFailbackTime": 60,
"failoverMethod": "ha-order",
"haLoadFactor": 1
},
"traffic-group-local-only": {
"class": "TrafficGroup",
"autoFailbackEnabled": false,
"haOrder": [
"none"
],
"autoFailbackTime": 60,
"failoverMethod": "ha-order",
"haLoadFactor": 1
},
Steps To Reproduce
Steps to reproduce the behavior:
- Submit the following declaration:
{
"schemaVersion": "1.38.0",
"class": "Device",
"async": true,
"label": "Onboard BIG-IP into an DSC cluster",
"controls": {
"class": "Controls",
"dryRun": false,
"trace": true,
"traceResponse": false
},
"Common": {
"class": "Tenant",
"myDbVariables": {
"class": "DbVariables",
"provision.extramb": 500
},
"MacMasquerading": {
"class": "MAC_Masquerade",
"source": {
"interface": "1.3"
},
"trafficGroup": "traffic-group-1"
},
"traffic-group-1": {
"class": "TrafficGroup",
"autoFailbackEnabled": false,
"haOrder": [
"none"
]
},
"traffic-group-local-only": {
"class": "TrafficGroup",
"autoFailbackEnabled": false,
"haOrder": [
"none"
]
},
"VLAN501-SelfIPv4": {
"class": "SelfIp",
"address": "172.5.1.88/24",
"vlan": "VLAN501",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN501-FloatingIPv4": {
"class": "SelfIp",
"address": "172.5.1.86/24",
"vlan": "VLAN501",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN501-SelfIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f5::88/64",
"vlan": "VLAN501",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN501-FloatingIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f5::86/64",
"vlan": "VLAN501",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN502-SelfIPv4": {
"class": "SelfIp",
"address": "172.5.2.88/24",
"vlan": "VLAN502",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN502-FloatingIPv4": {
"class": "SelfIp",
"address": "172.5.2.86/24",
"vlan": "VLAN502",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN502-SelfIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f6::88/64",
"vlan": "VLAN502",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN502-FloatingIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f6::86/64",
"vlan": "VLAN502",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN503-SelfIPv4": {
"class": "SelfIp",
"address": "172.5.3.88/24",
"vlan": "VLAN503",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN503-FloatingIPv4": {
"class": "SelfIp",
"address": "172.5.3.86/24",
"vlan": "VLAN503",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN503-SelfIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f7::88/64",
"vlan": "VLAN503",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN503-FloatingIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f7::86/64",
"vlan": "VLAN503",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN504-SelfIPv4": {
"class": "SelfIp",
"address": "172.5.4.88%10/24",
"vlan": "VLAN504",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN504-FloatingIPv4": {
"class": "SelfIp",
"address": "172.5.4.86%10/24",
"vlan": "VLAN504",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN504-SelfIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f8::88%10/64",
"vlan": "VLAN504",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN504-FloatingIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f8::86%10/64",
"vlan": "VLAN504",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"HA-01": {
"class": "SelfIp",
"address": "1.1.1.2/24",
"vlan": "RD_000_VLAN_SYN_4090",
"allowService": "default",
"trafficGroup": "traffic-group-local-only"
},
"HA-02": {
"class": "SelfIp",
"address": "2.2.2.2/24",
"vlan": "RD_000_VLAN_SYN_4091",
"allowService": "default",
"trafficGroup": "traffic-group-local-only"
},
"RouteDomain-10": {
"class": "RouteDomain",
"id": 10,
"vlans": [
"VLAN504"
]
},
"failoverUnicastMgmt": {
"class": "FailoverUnicast",
"addressPorts": [
{
"address": "/Common/HA-01/address"
},
{
"address": "/Common/HA-02/address"
}
]
},
"ConfigSync": {
"class": "ConfigSync",
"configsyncIp": "/Common/HA-01/address"
},
"myMirror": {
"class": "MirrorIp",
"primaryIp": "1.1.1.2",
"secondaryIp": "2.2.2.2"
}
}
}
- Observe the following response:
{
"id": "4840065d-68e2-4845-8c0c-91718e8eb9e5",
"selfLink": "https://localhost/mgmt/shared/declarative-onboarding/task/4840065d-68e2-4845-8c0c-91718e8eb9e5",
"code": 500,
"status": "ERROR",
"message": "invalid config - rolled back",
"errors": [
"Cannot find MAC for given interface",
"Cannot find MAC for given interface"
],
"result": {
"class": "Result",
"code": 500,
"status": "ERROR",
"dryRun": false,
"message": "invalid config - rolled back",
"errors": [
"Cannot find MAC for given interface",
"Cannot find MAC for given interface"
]
},
"declaration": {
"schemaVersion": "1.38.0",
"class": "Device",
"async": true,
"label": "Onboard BIG-IP into an DSC cluster",
"controls": {
"class": "Controls",
"dryRun": false,
"trace": true,
"traceResponse": false
},
"Common": {
"class": "Tenant",
"myDbVariables": {
"class": "DbVariables",
"provision.extramb": 500
},
"MacMasquerading": {
"class": "MAC_Masquerade",
"source": {
"interface": "1.3"
},
"trafficGroup": "traffic-group-1"
},
"traffic-group-1": {
"class": "TrafficGroup",
"autoFailbackEnabled": false,
"haOrder": [
"none"
],
"autoFailbackTime": 60,
"failoverMethod": "ha-order",
"haLoadFactor": 1
},
"traffic-group-local-only": {
"class": "TrafficGroup",
"autoFailbackEnabled": false,
"haOrder": [
"none"
],
"autoFailbackTime": 60,
"failoverMethod": "ha-order",
"haLoadFactor": 1
},
"VLAN501-SelfIPv4": {
"class": "SelfIp",
"address": "172.5.1.88/24",
"vlan": "VLAN501",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN501-FloatingIPv4": {
"class": "SelfIp",
"address": "172.5.1.86/24",
"vlan": "VLAN501",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN501-SelfIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f5::88/64",
"vlan": "VLAN501",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN501-FloatingIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f5::86/64",
"vlan": "VLAN501",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN502-SelfIPv4": {
"class": "SelfIp",
"address": "172.5.2.88/24",
"vlan": "VLAN502",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN502-FloatingIPv4": {
"class": "SelfIp",
"address": "172.5.2.86/24",
"vlan": "VLAN502",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN502-SelfIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f6::88/64",
"vlan": "VLAN502",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN502-FloatingIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f6::86/64",
"vlan": "VLAN502",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN503-SelfIPv4": {
"class": "SelfIp",
"address": "172.5.3.88/24",
"vlan": "VLAN503",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN503-FloatingIPv4": {
"class": "SelfIp",
"address": "172.5.3.86/24",
"vlan": "VLAN503",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN503-SelfIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f7::88/64",
"vlan": "VLAN503",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN503-FloatingIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f7::86/64",
"vlan": "VLAN503",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN504-SelfIPv4": {
"class": "SelfIp",
"address": "172.5.4.88%10/24",
"vlan": "VLAN504",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN504-FloatingIPv4": {
"class": "SelfIp",
"address": "172.5.4.86%10/24",
"vlan": "VLAN504",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"VLAN504-SelfIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f8::88%10/64",
"vlan": "VLAN504",
"allowService": "none",
"trafficGroup": "traffic-group-local-only"
},
"VLAN504-FloatingIPv6": {
"class": "SelfIp",
"address": "2001:6f8:1ce1:21f8::86%10/64",
"vlan": "VLAN504",
"allowService": "none",
"trafficGroup": "traffic-group-1"
},
"HA-01": {
"class": "SelfIp",
"address": "1.1.1.2/24",
"vlan": "RD_000_VLAN_SYN_4090",
"allowService": "default",
"trafficGroup": "traffic-group-local-only"
},
"HA-02": {
"class": "SelfIp",
"address": "2.2.2.2/24",
"vlan": "RD_000_VLAN_SYN_4091",
"allowService": "default",
"trafficGroup": "traffic-group-local-only"
},
"RouteDomain-10": {
"class": "RouteDomain",
"id": 10,
"vlans": [
"VLAN504"
],
"connectionLimit": 0,
"strict": true
},
"failoverUnicastMgmt": {
"class": "FailoverUnicast",
"addressPorts": [
{
"address": "/Common/HA-01/address",
"port": 1026
},
{
"address": "/Common/HA-02/address",
"port": 1026
}
]
},
"ConfigSync": {
"class": "ConfigSync",
"configsyncIp": "/Common/HA-01/address"
},
"myMirror": {
"class": "MirrorIp",
"primaryIp": "1.1.1.2",
"secondaryIp": "2.2.2.2"
}
}
}
}
Expected Behavior
The traffic-groups should be configured correctly (with MAC-Masquarding and any HA-order should be set to none).
cm traffic-group traffic-group-1 {
default-device <name-of-one-LB>
ha-order none
mac 16:a9:d0:30:b8:8c
unit-id 1
}
cm traffic-group traffic-group-local-only {
description "static failover objects"
ha-order none
is-floating false
}
Actual Behavior
The traffic-groups is not configured correctly.
cm traffic-group traffic-group-1 {
default-device <name-of-one-LB>
unit-id 1
}
cm traffic-group traffic-group-local-only {
description "static failover objects"
is-floating false
}
Thank you for your feedback. It looks like DO is unable to find a MAC address associated with the 1.3 interface. Can you provide the output from a GET request to <big-ip-host>/mgmt/tm/sys/mac-address? Feel free to redact the output, I am just checking to see if there is an address that has an objectId that matches the requested interface.
