1459388 – F5 ocp router fails when being deployed against v11 BIG-IP

Bug 1459388 - F5 ocp router fails when being deployed against v11 BIG-IP

Summary: F5 ocp router fails when being deployed against v11 BIG-IP

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Networking
Sub Component:
Version:	3.5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Rajat Chopra
QA Contact:	Meng Bo
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-06-07 02:49 UTC by Ryan Howe
Modified:	2017-06-19 14:46 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-06-19 14:45:26 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Ryan Howe 2017-06-07 02:49:02 UTC

Description of problem:

We get http 400 errors with v11 when the overlay address is created or being created due to invalid  json pair is \"addressSource\":\"from-user\"."

https://github.com/openshift/origin/blob/release-1.5/pkg/router/f5/f5.go#L532

Version-Release number of selected component (if applicable): OCP 3.5 and BIG-IP 11.6.1


How reproducible:
100%

Steps to Reproduce:
1. Deploy f5 router 

or

2. Test will curl command

# curl -v -u USER:PASSWORD -H "Content-Type:=application/json" -k -X POST  https://10.123.4.5/mgmt/tm/net/self -d '{"Name":"10.1.2.3/14","Partition":"Common","Address":"10.1.2.3/14","AddressSource":"from-user","Floating":"disabled","InheritedTrafficGroup":"false","TrafficGroup":"/Common/traffic-group-local-only","Unit":"0","Vlan":"/Common/vxlan5000","AllowService":"all"}'


Actual results:

W0530 16:37:25.385310       1 f5.go:262] Strict certificate verification is *DISABLED*
error: Encountered an error on POST request to URL https://10.123.4.5/mgmt/tm/net/self: HTTP code: 400; error from F5: Found unexpected json pair at configuration item /net/self/~Common~10.1.2.3~14. The json pair is "addressSource":"from-user".

Expected results:

To skip on 400 error not just 409 error if its already added
or
To configure the overlay address 


Additional info:

AddressSource might be a v12 Big-IP value that is not present in v11


http://clouddocs.f5.com/containers/v1/openshift/kctlr-use-bigip-openshift.html#assign-an-openshift-overlay-address-to-the-big-ip-device

Comment 1 Hongan Li 2017-06-07 05:33:26 UTC

BIG-IP v11.6 is not supporting native VxLAN integration. 
If using OCP3.5 and F5 v12.1.x, the tunnel vxlan5000 and self IP (--external-host-vxlan-gw) will be created when starting F5 router pod.

Comment 2 Ryan Howe 2017-06-07 15:54:17 UTC

If this is the case then this is more of a docs bug where we should explain that F5 Native Integration can only be used with a BIP-IP 12.1.x appliance. 

https://docs.openshift.com/container-platform/3.5/install_config/router/f5_router.html#setting-up-f5-native-integration-with-openshift

For BIG-IP 11.6 a ramp node is needed.

Comment 3 Rajat Chopra 2017-06-14 19:18:46 UTC

Fixed with https://github.com/openshift/openshift-docs/pull/4581

Comment 4 Eric Paris 2017-06-19 14:45:26 UTC

closing as the docs PR has merged.

Note You need to log in before you can comment on or make changes to this bug.