Last Modified: Mar 21, 2019
See more info
Known Affected Versions:
13.1.0, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 13.1.1, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 14.0.0, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 14.1.0, 220.127.116.11, 18.104.22.168, 22.214.171.124
Opened: Sep 24, 2018
Instance failover breaks with the following messages in /var/log/ltm: /usr/libexec/aws/aws-failover-tgactive.sh (traffic-group-1): Instance sanity check failed with error: /usr/libexec/aws/aws-failover-tgactive.sh (traffic-group-1): ('Connection aborted.', error(111, 'Connection refused'))
As moving the elastic-ip between the Active and Stand-by instances breaks, the failover can't complete and the new Active instance can't takeover the BIG-IP operations.
- BIG-IP is deployed in AWS with multiple NICs. - Also, the BIG-IP is part of a failover group. - The Failover/HA in AWS depends on access to the instance metadata provided by the EC2 cloud via the http endpoint at 169.254.169.254. - The default gateway provided by AWS through DHCP ensures access to this metadata endpoint without any additional configuration. However, when using a custom default gateway, the access to the instance metadata endpoint might not work.
Add the ip rule for the link local address 169.254.169.254 as following: ip rule add to 169.254.169.254 lookup 245