Bug ID 720001: Using custom default gateway in AWS makes instance metadata endpoint inaccessible.

Last Modified: Jan 20, 2023

Bug Tracker

Affected Product:  See more info
BIG-IP TMOS(all modules)

Known Affected Versions:
13.1.0,,,,,,,,, 13.1.1,,,,, 13.1.3,,,,,,, 13.1.4,, 13.1.5,, 14.0.0,,,,,, 14.0.1,, 14.1.0,,,,,, 14.1.2,,,,,,,,, 14.1.3,, 14.1.4,,,,,,, 14.1.5,,,, 15.0.0, 15.0.1,,,,

Opened: May 14, 2018
Severity: 3-Major
Related Article:


There are multiple symptoms that a BIG-IP system shows when affected by this issue: -- License fails on bootup with the following error : halGetDossier returned error (7): Dossier generation failed. -- Failover between BIG-IP instances fails abruptly with the following error: Unable to retrieve domain name from ec2 metadata.


- License inoperable after bootup. - Failover between BIG-IP systems does not complete successfully.


-- Both the licensing and Failover/HA in AWS depends on access to the instance metadata provided by the EC2 cloud via the http endpoint at -- The default gateway provided by AWS through DHCP ensures access to this metadata endpoint without any additional configuration. However, when using a custom default gateway, the access to the instance metadata endpoint might not work.


Configure a route for to get to the AWS subnet default gateway. And then run a startup script after mcpd is up to reload the license. The workaround has two parts. WORKAROUND: ---------- Before upgrade: Part 1: ------- On the BIG-IP system, create a management-route for the link-local destination 1) Set db key to allow route for link-local address: tmsh modify sys db config.allow.rfc3927 value enable 2) Create management-route for that points to the AWS-provided subnet default gateway: tmsh create sys management-route meta-endpoint network gateway <AWS subnet GW IP> 3) Save the config: tmsh save sys config 4) Create a qkview: qkview -f /var/tmp/before_upgrade PART 2 ------- Workaround: ---------- Reload the license by running a script once the system is up. (This process is fully documented in K11948: Configuring the BIG-IP system to run commands or scripts upon system startup :: https://support.f5.com/csp/article/K11948.)

Fix Information


Behavior Change