Creating/Updating a nlb leads sometimes to: Listener IP and port combination already used by Network Load Balancer

[salyh]

Description

Creating/Updating a nlb and forwarding rules sometimes lead to

 | error creating network loadbalancer: 422 Unprocessable Entity {
 |   "httpStatus" : 422,
 |   "messages" : [ {
 |     "errorCode" : "371",
 |     "message" : "[(root).properties.listenerIp] Listener IP and port combination 212.132.xxx.xxx:443 already used by Network Load Balancer."
 |   } ]
 | }

This is weird because when I see such an error everything looks fine in the DCD

Expected behavior

No error

Environment

Terraform version:

OpenTofu v1.7.2

Provider version:

v6.4.18

OS:

n/a

Configuration Files

resource "ionoscloud_networkloadbalancer" "XXX" {
  datacenter_id = ionoscloud_datacenter.XXX.id
  name          = "nlb-${var.ZZZ_uuid}"
  listener_lan  = ionoscloud_lan.XXX_lan_a_public.id
  target_lan    = ionoscloud_lan.XXX_lan_b_private.id
  ips = [ionoscloud_ipblock.XXX.ips[0]]
}

resource "ionoscloud_networkloadbalancer_forwardingrule" "XXX" {
  datacenter_id          = ionoscloud_datacenter.XXX.id
  networkloadbalancer_id = ionoscloud_networkloadbalancer.XXX.id
  name                   = "fwr1"
  algorithm              = "ROUND_ROBIN"
  protocol               = "TCP"
  listener_ip            = ionoscloud_ipblock.XXX.ips[0]
  listener_port          = "443"

  health_check {
    client_timeout = 50000
    connect_timeout = 2000
    target_timeout = 2000
    retries = 1
  }

  dynamic "targets" {
    for_each = local.lan_b_ips
    content {
      ip =  targets.value
      port           = "30443"
      weight         = "1"
      proxy_protocol = "v2"
      //proxy_protocol = "none"
      health_check {
        check          = true
        check_interval = 1000
      }
    }
  }
}

resource "ionoscloud_networkloadbalancer_forwardingrule" "adminapi" {
  datacenter_id          = ionoscloud_datacenter.XXX.id
  networkloadbalancer_id = ionoscloud_networkloadbalancer.XXX.id
  name                   = "fwr2"
  algorithm              = "ROUND_ROBIN"
  protocol               = "TCP"
  listener_ip            = ionoscloud_ipblock.XXX.ips[0]
  listener_port          = "8443"

  health_check {
    client_timeout = 50000
    connect_timeout = 2000
    target_timeout = 2000
    retries = 1
  }

  dynamic "targets" {
    for_each = local.lan_b_ips
    content {
      ip =  targets.value
      port           = "31443"
      weight         = "1"
      proxy_protocol = "none"
      health_check {
        check          = true
        check_interval = 1000
      }
    }
  }

Error and Debug Output

See internal ticket 207171781

[adeatcu-ionos]

Hello! Did you receive a 422 - Validation error response during creation or update process? If it was during the creation, it means that the resource wasn't created properly and that makes this sentence: "This is weird because when I see such an error everything looks fine in the DCD" confusing.

What do you mean by: looks fine in the DCD? Do you mean that even though you received a 422, the resource it's still created and visible in the DCD?

The 422 - Validation error happens when an invalid combination of params is sent to the API.

**Expected behavior: ** no error

The Terraform provider extracts the information from the tf configuration file and sends it inside a POST request (for creation) or PATCH request (for update). If the API is responding with a 422 - Validation error it means that the combination of parameters used in the tf file is invalid.

I would normally suggest to check again that the information in the tf configuration file is correct but until then I'm waiting clarifications for this sentence: "This is weird because when I see such an error everything looks fine in the DCD".

[salyh]

Hello! Did you receive a 422 - Validation error response during creation or update process? If it was during the creation, it means that the resource wasn't created properly and that makes this sentence: "This is weird because when I see such an error everything looks fine in the DCD" confusing.

During update

What do you mean by: looks fine in the DCD? Do you mean that even though you received a 422, the resource it's still created and visible in the DCD?

Yes

The 422 - Validation error happens when an invalid combination of params is sent to the API.

**Expected behavior: ** no error

The Terraform provider extracts the information from the tf configuration file and sends it inside a POST request (for creation) or PATCH request (for update). If the API is responding with a 422 - Validation error it means that the combination of parameters used in the tf file is invalid.

I would normally suggest to check again that the information in the tf configuration file is correct but until then I'm waiting clarifications for this sentence: "This is weird because when I see such an error everything looks fine in the DCD".

The tf file is valid because sometimes it works and sometimes not. Looks for me like a race condition or timing issue.

"This is weird because when I see such an error everything looks fine in the DCD" means that the proper IP Address is assigned to the correct NLB. Please see internal ticket 207171781 for more details (I can not disclose all information in the public for legal reasons)

[adeatcu-ionos]

@salyh thank you for the answers but I have few more questions in order to be able to clarify this:

From your answers I understand that you successfully created the resource and then you tried to update it. I assume that you try to update it using the configuration presented in the description of the issue, and then you received a 422 - Validation error, is this assumption correct?

Also, by looks fine in the DCD do you mean that the updates that you tried to do are reflected in the DCD, even though you receive a 422? Or do you mean that you can see the resource with the initial configuration (which is normal, since the initial creation finished successfully) ?

The tf file is valid because sometimes it works and sometimes not you mean that sometimes the update works and sometimes it doesn't?

Thank you!

[salyh]

@salyh thank you for the answers but I have few more questions in order to be able to clarify this:

From your answers I understand that you successfully created the resource and then you tried to update it. I assume that you try to update it using the configuration presented in the description of the issue, and then you received a 422 - Validation error, is this assumption correct?

Yes, correct

Also, by looks fine in the DCD do you mean that the updates that you tried to do are reflected in the DCD, even though you receive a 422? Or do you mean that you can see the resource with the initial configuration (which is normal, since the initial creation finished successfully) ?

I don't know but I assume the initial configuration. I am also not sure what has triggered the update (The only that really needs to be updated for a NLB are the forwarding rules).

The tf file is valid because sometimes it works and sometimes not you mean that sometimes the update works and sometimes it doesn't?

Yes

Thank you!

[cristiGuranIonos]

If it's a race condition maybe setting -parallelism=1 might help as it will run all requests sequentially.