Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Is F5 CFE supported for AWS C2S isolated environments? #134

Open
TinyCloudNinja opened this issue Feb 21, 2024 · 2 comments
Open

Is F5 CFE supported for AWS C2S isolated environments? #134

TinyCloudNinja opened this issue Feb 21, 2024 · 2 comments

Comments

@TinyCloudNinja
Copy link

Do you already have an issue opened with F5 support?

Github Issues are consistently monitored by F5 staff, but should be considered as best effort only and you should not expect to receive the same level of response as provided by F5 Support. Please open an case with F5 if this is a critical issue.

Description

Describe the problem you're having or the enhancement you'd like to request.

Environment information

For bugs, enter the following information:

  • Cloud Failover Extension Version: 2.0.2
  • BIG-IP version: 16.1.4.2
  • Cloud provider: AWS

Severity Level

For bugs, enter the bug severity level. Do not set any labels.

Severity: 3

Severity level definitions:

  1. Severity 1 (Critical) : Defect is causing systems to be offline and/or nonfunctional. immediate attention is required.
  2. Severity 2 (High) : Defect is causing major obstruction of system operations.
  3. Severity 3 (Medium) : Defect is causing intermittent errors in system operations.
  4. Severity 4 (Low) : Defect is causing infrequent interuptions in system operations.
  5. Severity 5 (Trival) : Defect is not causing any interuptions to system operations, but none-the-less is a bug.

We have F5 CFE deployed within an AWS C2S isolated environment. When we attempt to declare or dry-run no API requests are made. We do see failed DNS Querys for the Commerical AWS endpoints. How does one-point F5 CFE at the AWS isolated API endpoints?
@mikeshimkus
Copy link
Contributor

Hi @TinyCloudNinja, CFE has not been tested in AWS C2S. We have guidance on isolated environments here: https://github.com/F5Networks/f5-aws-cloudformation-v2/blob/main/examples/DEPLOYMENT-TRAFFIC-FLOWS.md#creating-aws-vpc-endpoints-for-isolated-environments

I would check that the VPC endpoints are set up correctly and the BIG-IP is using AWS DNS that can resolve the commercial endpoints to the VPC endpoints.

@mikeshimkus
Copy link
Contributor

@TinyCloudNinja In v2.1.0, we added support for using the fully-qualified virtual host name of the S3 bucket for the external storage scopingName. Providing this in the config should force CFE to skip checking for the bucket region (because it's in the provided name) which is where the commercial endpoint lookups were happening.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mikeshimkus @TinyCloudNinja