Check and fix invalid router groups before TAS 2.13
Article ID: 298443
Updated On:
Products
Issue/Introduction
Summary
Required Customer Action
Operators using TCP Router should upgrade to a version of TAS 2.7-2.12 with routing-release 0.214.0 or later and make sure their router groups are safe and make changes as necessary before TAS 2.13.0. See the list of invalid ports here.
Current Router Groups
- TAS 2.7-2.12 with routing-release 0.214.0 and later will log a warning message if existing router groups include ports that overlap with system components.
- TAS 2.13.0 will fail to deploy if there are existing router groups that include ports that overlap with system components.
Creating / Updating Router Groups
- All versions of TAS with routing-release 0.214.0 - 0.229.0 will immediately error if a user tries to update or create a router group that uses system component ports.
- We rolled back this breaking change to prevent breaking customers. All versions of TAS 2.7-2.12 with 0.230.0 or later will NOT error if a user tries to update or create a router group that uses system component ports. This will result in a warning log (see below) so customers can fix the issue and not break on the upgrade to TAS 2.13.0.
Cause
When a TCP Route is created using the same port as a system component, the TCP Router will silently fail. TCP Routes claim ports from router groups. Routing-release 0.214.0+ warns users when they have invalid router groups that overlap with system component ports. In TAS 2.13.0, invalid router groups will cause a deployment failure. VMware recommends using only ports 1024-2047 and 18000-32767 in router groups.
Environment
Product Version: Other
Resolution
Step 1 - Check the seeded router group value in OpsManager
Find the value "TCP routing ports" value in OpsManager. You can find it the Networking Tab -> TCP Routing -> TCP routing ports.
This "TCP routing ports" value is used to seed a router group on the very first deploy of TAS. It is not used after the initial deploy. However, the value provided cannot overlap with the "Reserved System Component Ports", which are located immediately below "TCP routing ports" in OpsManager.
Update the "TCP routing ports" property to not conflict with the "Reserved System Component Ports". Changing this value will not affect on the router groups in the platform.
Step 2 - Check the tcp router logs
Look at tcp router stdout logs and search for a log line that includes “router-group-port-checker”. The error message should explain what action needs to be taken. Here are some examples:
Success: nothing to do!
{
"timestamp": "2021-05-03T21:08:32.733453194Z",
"level": "info",
"source": "tcp-router",
"message": "tcp-router.router-group-port-checker-success: No conflicting router group ports.",
"data": {}
}
Failure: need to update router groups
{
"timestamp": "2021-05-03T20:59:43.127270911Z",
"level": "error",
"source": "tcp-router",
"message": "tcp-router.router-group-port-checker-error: WARNING! In the future this will cause a deploy failure.",
"data": {
"error": "The reserved ports for router group 'group-1' contains the following reserved system component port(s): '14726, 14727, 14821, 14822, 14823, 14824, 14829, 15821, 17002'. Please update your router group accordingly.\nThe reserved ports for router group 'group-2' contains the following reserved system component port(s): '40177'. Please update your router group accordingly."
}
}
Feedback
