Release v1.14.0

README.md

@@ -1,4 +1,4 @@
-# f5-cloud-failover
+# F5 BIG-IP Cloud Failover extension for AWS, Azure, and GCP
 [![Releases](https://img.shields.io/github/release/f5networks/f5-cloud-failover-extension.svg)](https://github.com/f5networks/f5-cloud-failover-extension/releases)
 [![Issues](https://img.shields.io/github/issues/f5networks/f5-cloud-failover-extension.svg)](https://github.com/f5networks/f5-cloud-failover-extension/issues)
 
@@ -8,7 +8,7 @@
 
 ## Introduction
 
-The F5 Cloud Failover Extension (CF) is an iControl LX extension that provides L3 failover functionality in cloud environments, effectively replacing Gratuitous ARP (GARP). Cloud Failover uses a declarative model, meaning you provide a JSON declaration using a single REST API call. The declaration represents the configuration that Cloud Failover is responsible for creating on a BIG-IP system.
+The F5 BIG-IP Cloud Failover Extension (CFE) for AWS, Azure, and GCP is an iControl LX extension that provides L3 failover functionality in cloud environments, effectively replacing Gratuitous ARP (GARP). Cloud Failover uses a declarative model, meaning you provide a JSON declaration using a single REST API call. The declaration represents the configuration that Cloud Failover is responsible for creating on a BIG-IP system.
 
 ### How does it work?
 

contributing/README.md

@@ -8,7 +8,7 @@ This is the top-level documentation which provides notes and information about c
 ---
 ## Overview
 
-The purpose of the F5 Cloud Failover (CF) iControl LX extension is to provide L3 failover functionality in cloud environments, effectively replacing Gratuitous ARP (GARP).  This requires moving/updating certain cloud resources during a failover event, as described below.
+The purpose of the F5 BIG-IP Cloud Failover (CF) iControl LX extension is to provide L3 failover functionality in cloud environments, effectively replacing Gratuitous ARP (GARP).  This requires moving/updating certain cloud resources during a failover event, as described below.
 
 - Failover IP(s) - Move Azure IP configuration(s) between NICs, update AWS EIP/private IP associations, and move GCP alias IP(s) between instances to point to a virtual address on the active BIG-IP device.
 - Failover Route(s) - Update Azure user-defined Routes (UDR), AWS route tables, and GCP forwarding rule targets to point to a self IP address of the active BIG-IP device.

docs/index.rst

@@ -1,7 +1,7 @@
-F5 Cloud Failover
-=================
+F5 BIG-IP Cloud Failover
+========================
 
-Welcome to the F5 Cloud Failover Extension User Guide.
+Welcome to the F5 BIG-IP Cloud Failover Extension User Guide.
 
 Use the following links, the navigation on the left, and/or the Next and Previous buttons to explore the documentation.
 

docs/revision-history.rst

@@ -11,6 +11,12 @@ Document Revision History
         - Description
         - Date
 
+      * - 2.2.6
+        - Improved performance of Azure failover provider.
+        - Fixed issue with logging of proxy server settings.
+        - Updated the documentation for Cloud Failover Extension v1.14.0 with the following changes: |br| • Updated documentation in :ref:`isolated-env`, :ref:`aws`, :ref:`aws-same-az`, :ref:`gcp`, and :ref:`azure`.
+        - 02-17-23
+
       * - 2.2.5
         - Fixed issue where failover does not correctly check traffic group status in recovery mode.
         - 7-26-22
@@ -80,7 +86,7 @@ Document Revision History
         - 01-23-20
 
       * - 1.0
-        - Documentation for the initial release of F5 Cloud Failover Extension
+        - Documentation for the initial release of F5 BIG-IP Cloud Failover Extension
         - 11-22-19
 
 

docs/userguide/aws-same-az.rst

@@ -410,8 +410,8 @@ Alternatively, for *Actions* that **do** allow resource level permissions, but t
 
 .. _aws-same-az-define-objects:
 
-Define AWS Network Infrastructure Objects
------------------------------------------
+Define AWS Infrastructure Objects
+---------------------------------
 
 Define or Tag your cloud resources with the keys and values that you configure in your CFE declaration.
 
@@ -460,8 +460,8 @@ Tag the Network Interfaces in AWS:
 
 .. _aws-same-az-define-storage:
 
-Define the Storage Account in AWS
-`````````````````````````````````
+Define Remote Storage for State File in AWS
+```````````````````````````````````````````
 
 .. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
 

docs/userguide/aws.rst

@@ -150,11 +150,11 @@ In order to successfully implement CFE in AWS, you need an AWS Identity and Acce
 
    |
 
-2. Assign an IAM role to each instance by navigating to **EC2 > Instances > Instance > Actions > Instance Settings > Attach/Replace IAM Role**.
+2. Assign an IAM role to each instance by navigating to **Actions > Security > Modify IAM Role**.
 
    For example:
 
-   .. image:: ../images/aws/AWSIAMRoleAssignedToInstance.png
+   .. image:: ../images/aws/AWSIAMRoleAssignedToInstance2.png
 
 |
 
@@ -402,8 +402,8 @@ Alternatively, for *Actions* that **do** allow resource level permissions, but t
 
 .. _aws-define-objects:
 
-Define AWS Network Infrastructure Objects
------------------------------------------
+Define AWS Infrastructure Objects
+---------------------------------
 
 Define or Tag your cloud resources with the keys and values that you configure in your CFE declaration.
 
@@ -440,8 +440,8 @@ Tag the Network Interfaces in AWS:
 
 .. _aws-define-storage:
 
-Define the Storage Account in AWS
-`````````````````````````````````
+Define Remote Storage for State File in AWS
+```````````````````````````````````````````
 .. sidebar:: :fonticon:`fa fa-info-circle fa-lg` Version Notice:
 
    - The property ``scopingName`` is available in Cloud Failover Extension v1.7.0 and later.

docs/userguide/azure.rst

@@ -99,6 +99,8 @@ Create and assign a Managed Service Identity (MSI)
 In order to successfully implement CFE in Azure, you need a system-assigned or user-managed identity with sufficient access. Your Managed Service Identity (MSI) should be limited to the resource groups that contain the BIG-IP instances, VNET, route tables, etc. that will be updated. Read more about managed identities |managed-identity|.
 To create and assign a Managed Service Identity (MSI) you must have a role of `User Access Administrator` or `Contributor access`. The following example shows a system-assigned MSI.
 
+.. IMPORTANT:: CFE supports only one Managed Service Identity assigned to each Azure Virtual Machine instance; failover will not work correctly when multiple identities are assigned. You must create a single identity with all of the permissions required by CFE, as well as any other necessary permissions. You can create a managed identity manually or using the F5 access template. See https://github.com/F5Networks/f5-azure-arm-templates-v2/tree/main/examples/modules/access for more information.
+
 #. Enable MSI for each VM: go to **Virtual Machine > Identity > System assigned** and set the status to ``On``.
 
    For example:
@@ -156,14 +158,15 @@ Below is an example Azure role definition with permissions required by CFE.
    - This example provides the minimum permissions required and serves as an illustration. You are responsible for following the provider's IAM best practices.
    - Certain resources such as the virtual network are commonly deployed in a separate resource group; ensure the correct scopes are applied to all applicable resource groups.
    - Certain resources such as route tables may be deployed in a separate subscription, ensure the assignable scopes applies to all relevant subscriptions.
+   - CFE supports only one Managed Service Identity assigned to each Azure Virtual Machine instance; failover will not function when multiple identities are assigned. You must create a single identity with all of the permissions listed above, as well as any other required permissions. You can create a managed identity manually, or by using the F5 access template. See https://github.com/F5Networks/f5-azure-arm-templates-v2/tree/main/examples/modules/access for more information.
 
 |
 
 
 .. _azure-define-objects:
 
-Define your Azure Network Infrastructure Objects
-------------------------------------------------
+Define your Azure Infrastructure Objects
+----------------------------------------
 
 Define or Tag your cloud resources with the keys and values that you configure in your CFE declaration.
 
@@ -193,7 +196,7 @@ Add a storage account in Azure to your resource group for Cloud Failover to use.
    |
 
 
-   Alternatively, if you are using the Discovery via Tag option, tag the S3 bucket with your custom key:values in the `externalStorage.scopingTags` section of the CFE declaration.
+   Alternatively, if you are using the Discovery via Tag option, tag the Azure Storage Account with your custom key:values in the `externalStorage.scopingTags` section of the CFE declaration.
 
    .. code-block:: json
 

docs/userguide/configuration.rst

@@ -492,8 +492,6 @@ Endpoints
 
 - `declare <https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/apidocs.html#tag/Configuration>`_: user this endpoint to configure CFE
 
-- `declare <https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/apidocs.html#tag/Configuration>`_: user this endpoint to configure CFE.
-
 - `info <https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/apidocs.html#tag/Information>`_: use this endpoint to get information on CFE, such as the version number.
 
 - `inspect <https://clouddocs.f5.com/products/extensions/f5-cloud-failover/latest/userguide/apidocs.html#tag/Information/paths/~1inspect/get>`_: use this endpoint to list associated cloud objects.

docs/userguide/gcp.rst

@@ -150,8 +150,8 @@ In order to successfully implement CFE in GCP, you need to have a GCP Identity a
 
 .. _gcp-define-objects:
 
-Define your Google Cloud Network Infrastructure Objects
--------------------------------------------------------
+Define your Google Cloud Infrastructure Objects
+-----------------------------------------------
 
 Define your infrastructure with the the keys and values that you will send in your CFE declaration. 
 
@@ -164,8 +164,8 @@ Define your infrastructure with the the keys and values that you will send in yo
 
 .. _gcp-define-storage:
 
-Define the Storage Account in GCP
-`````````````````````````````````
+Define Remote Storage for State File in GCP
+```````````````````````````````````````````
 
 1. Create a `storage bucket in GCP <https://cloud.google.com/storage/docs/creating-buckets>`_ for Cloud Failover Extension cluster-wide file(s).
 
@@ -558,7 +558,7 @@ To see how to run CFE on GCP when BIG-IP instances have no route to public inter
 
 .. |github| raw:: html
 
-   <a href="https://github.com/F5networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/existing-stack/payg" target="_blank">F5 Cloud Failover Extension site on GitHub</a>
+   <a href="https://github.com/F5networks/f5-google-gdm-templates/tree/master/supported/failover/same-net/via-api/3nic/existing-stack/payg" target="_blank">F5 BIG-IP Cloud Failover Extension site on GitHub</a>
 
 .. |gdmtemplate| raw:: html
 

docs/userguide/installation.rst

@@ -135,7 +135,7 @@ When F5 releases a new version of Cloud Failover Extension, use the same procedu
 
 .. |github| raw:: html
 
-   <a href="https://github.com/F5Networks/f5-cloud-failover-extension" target="_blank">F5 Cloud Failover Extension site on GitHub</a>
+   <a href="https://github.com/F5Networks/f5-cloud-failover-extension" target="_blank">F5 BIG-IP Cloud Failover Extension site on GitHub</a>
 
 .. |release| raw:: html
 

docs/userguide/overview.rst

@@ -3,7 +3,7 @@
 Cloud Failover Extension Overview
 =================================
 
-The F5 Cloud Failover Extension (CFE) is an iControl LX extension that provides L3 failover functionality in cloud environments, effectively replacing Gratuitous ARP (GARP). CFE uses a declarative model, meaning you provide a JSON declaration using a single REST API call rather than a set of imperative commands. The declaration then configures the BIG-IP system with all the required settings for cloud failover. At a high level, to use CFE, you will `download the RPM from GitHub <https://github.com/F5Networks/f5-cloud-failover-extension>`_, upload the RPM to BIG-IP, tag or label your cloud resources, and then Post your declaration.
+The F5 BIG-IP Cloud Failover Extension (CFE) is an iControl LX extension that provides L3 failover functionality in cloud environments, effectively replacing Gratuitous ARP (GARP). CFE uses a declarative model, meaning you provide a JSON declaration using a single REST API call rather than a set of imperative commands. The declaration then configures the BIG-IP system with all the required settings for cloud failover. At a high level, to use CFE, you will `download the RPM from GitHub <https://github.com/F5Networks/f5-cloud-failover-extension>`_, upload the RPM to BIG-IP, tag or label your cloud resources, and then Post your declaration.
 
 .. image:: /images/extension-steps.png
   :width: 800

docs/userguide/performance-sizing.rst

@@ -59,27 +59,46 @@ GCP
 Azure
 -----
 
-.. table:: CFE performance with Azure
+.. table:: CFE performance with Azure (without Azure Fast Path enabled)
 
    ================================ ==================== ==============================================================
    Number of Failover IP addresses  Number of Routes     Time to Successfully Failover All Objects
    ================================ ==================== ==============================================================
-   None                             50 routes            95 seconds
+   None                             50 routes            40 seconds
    -------------------------------- -------------------- --------------------------------------------------------------
-   None                             100 routes           155 seconds
+   None                             100 routes           60 seconds
    -------------------------------- -------------------- --------------------------------------------------------------
-   None                             200 routes           175 seconds   *API rate throttling observed*
+   None                             200 routes           50 seconds
    -------------------------------- -------------------- --------------------------------------------------------------
-   25 addresses                     None                 65 seconds
+   25 addresses                     None                 60 seconds
    -------------------------------- -------------------- --------------------------------------------------------------
-   25 addresses                     25 routes            125 seconds
+   25 addresses                     25 routes            55 seconds
    -------------------------------- -------------------- --------------------------------------------------------------
-   25 addresses                     50 routes            125 seconds
+   25 addresses                     50 routes            85 seconds
    -------------------------------- -------------------- --------------------------------------------------------------
-   25 addresses                     100 routes           155 seconds
+   25 addresses                     100 routes           60 seconds
+   ================================ ==================== ==============================================================
+
+.. table:: CFE performance with Azure (with Azure Fast Path enabled)
+
+   ================================ ==================== ==============================================================
+   Number of Failover IP addresses  Number of Routes     Time to Successfully Failover All Objects
+   ================================ ==================== ==============================================================
+   None                             50 routes            6 seconds
+   -------------------------------- -------------------- --------------------------------------------------------------
+   None                             100 routes           7 seconds
+   -------------------------------- -------------------- --------------------------------------------------------------
+   None                             200 routes           7 seconds
+   -------------------------------- -------------------- --------------------------------------------------------------
+   25 addresses                     None                 7 seconds
+   -------------------------------- -------------------- --------------------------------------------------------------
+   25 addresses                     25 routes            6 seconds
+   -------------------------------- -------------------- --------------------------------------------------------------
+   25 addresses                     50 routes            7 seconds
+   -------------------------------- -------------------- --------------------------------------------------------------
+   25 addresses                     100 routes           7 seconds
    ================================ ==================== ==============================================================
 
-.. Note:: You can produce faster results with other methods that use upstream load balancers. Please consult the following `Microsoft documentation <https://docs.microsoft.com/en-us/azure/load-balancer/tutorial-load-balancer-ip-backend-portal>`_.
 
 |
 
@@ -90,6 +109,7 @@ Azure
 
 *TESTING NOTES:* 
 
+- Failover times listed in the **CFE performance with Azure (without Azure Fast Path enabled)** table indicate when the Azure network resource provisioning state is "Succeeded", and do not reflect the time required for updates to propagate through the legacy Azure control plane. **Resources created with Azure Fast Path enabled are able to pass traffic through the BIG-IP instance(s) almost immediately after the update operation completes.**
 - **API rate throttling observed**. At these levels, we observed the provider rate limiting requests. CFE implements clientside retries in these cases.
 - Max objects tested were dictated by our default account quotas or limits. Quotas and limits can potentially be increased. See your provider for more details:
 

docs/userguide/quickstart.rst

@@ -129,7 +129,7 @@ Here is a simple example declaration for AWS. NOTE: This example declaration req
 
 .. |github| raw:: html
 
-   <a href="https://github.com/F5Networks/f5-cloud-failover-extension/releases" target="_blank">F5 Cloud Failover Extension site on GitHub</a>
+   <a href="https://github.com/F5Networks/f5-cloud-failover-extension/releases" target="_blank">F5 BIG-IP Cloud Failover Extension site on GitHub</a>
 
    
 .. |known-issues| raw:: html