AVI Controller sending Traffic to APIPA IP 169.254.169.254
search cancel

AVI Controller sending Traffic to APIPA IP 169.254.169.254

book

Article ID: 379558

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

The customer noticed that the AVI controller was sending traffic to the APIPA IP: 169.254.169.254 and wanted to block the same 

Environment

ALL 

Cause

As part of the boot-up process, AVI  determines the deployment environment using a sequence of checks involving API Calls . These checks are designed to identify whether the system is running on AWS, GCP, Azure, OCI, or other environments, and they follow a standard multicloud mechanism.

 

Initially, the system queries the IP address 169.254.169.254 to access the cloud metadata service via API Call.

If this query is successful, the system registers the environment based on the returned metadata.

If the metadata service query fails, the system attempts to identify the environment through hypervisor-based mechanisms.

This includes detecting vCenter if running within a VMware environment.

In cases where no metadata is retrieved from the initial checks, the system resorts to additional discovery methods, such as accessing vApp settings in a vSphere environment.

Below is the API Call from AVI to APIPA IP 

 

metadata_signature = [('oci', ' http://169.254.169.254/opc/v1/instance/', ()),

                          ( 'openstack', ' http://169.254.169.254/openstack/latest/meta_data.json', () ),

                          ( 'azure', ' http://169.254.169.254/metadata/instance/compute/vmId?api-version=2017-04-02&format=text',

                           ('-H', 'Metadata:true')),

                          ( 'gcp', ' http://169.254.169.254/computeMetadata/v1/instance/hostname',

                           ('-H', 'Metadata-Flavor:Google')),

Resolution

These steps are a normal part of the boot-up process.No further action is required from customer, as this is an expected behavior and can be safely ignored.

We cannot block AVI Controller from sending traffic to the APIPA IP as this is hard coded