Using management NIC to connect to Cloud API #45
Comments
|
Hi, AUTOSDK-432 has been created to track this. Thanks! |
vvt137
changed the title
|
I have changed the title of this issue ticket as the issue also affects some Azure deployments, where it becomes necessary to add and maintain very large sets of static route as a workaround: |
|
In both AWS and Azure cases the F5-supported templates do implement default routes via both external and management interfaces. Yet, the CEF API calls use the external (TMM) interface unless more specific routes to API destinations are specified. This behaviour indicates that the root cause of the issue is that the process/application (curl?) used for generation this API traffic is executed by CFE without specifying "the source address or interface that the daemon uses to initiate traffic..." (see https://support.f5.com/csp/article/K10239). |
By default AWS in multi-NIC templates (e.g. https://github.com/F5Networks/f5-aws-cloudformation/tree/master/supported/failover/across-net/via-api/3nic/existing-stack/payg) cause CFE connectivity to AWS APIs to be established via External interface (eth1) rather than the Management interface (eth0). This leads to the following issues with CFE implementation:
It is not clear from the CFE documentation whether it is an inherent limitation of CFE that dictates using the external interface for API calls. If it is the case, please consider this an "enhancement request". If it is not the case, the CFE documentation should be updated to show additional steps required to use the management interface for this purpose.
The text was updated successfully, but these errors were encountered: