Duplicate IP's allocated to different VIPs provisioned by Avi/Infoblox IPAM
search cancel

Duplicate IP's allocated to different VIPs provisioned by Avi/Infoblox IPAM

book

Article ID: 404399

calendar_today

Updated On:

Products

VMware Avi Load Balancer

Issue/Introduction

  • This issue with allocation of duplicate ip to different vip is noticed only when using Infoblox IPAM with Avi.
  • portal-webapp logs show a pattern where in a parallel create of VsVips causes a duplicate ip assignment  
    [2025-06-24 02:33:40,609] INFO [infoblox.create_a_record:2157] subnet[10.#.#.0/23] available_ip[10.#.#.140]
[2025-06-24 02:33:40,668] INFO [infoblox.create_a_record:2157] subnet[10.#.#.0/23] available_ip[10.#.#.140]
..........snip.........
[2025-06-24 02:33:40,839] INFO [infoblox.create_a_ptr_records:941] success req[https://ipam.test.net/wapi/v2.5/record:a, {'ipv4addr': '10.#.#.140', 'name': 'testapp.test.net', 'view': 'internal'}]
[2025-06-24 02:33:40,949] INFO [infoblox.create_a_ptr_records:941] success req[https://ipam.test.net/wapi/v2.5/record:a, {'ipv4addr': '10.#.#.140', 'name': 'testapp.test.net', 'view': 'internal'}]
  • when the below command is run against the nginx logs, we can see parallel POST calls to '/avi/vsvip'  
    zgrep 'api/vsvip' tech_node1.controller.local-<controller node ip>/node.tar.gz_extracted/var/log/nginx/portal.access.log* | grep 'POST' | cut -d ' ' -f 7 | sort | uniq -c | sort -k1,1nr

Environment

  • All releases earlier than v30.2.4 in the 30.2.x release branch
  • All releases earlier than v31.1.2 in the 31.1.x release branch

Cause

  • Duplicate Infoblox IP is obtained during a race condition when Host permission is denied by Infoblox. This can cause Duplicate VIPs with different FQDNs
  • This is a currently known issue on an Avi version 30.2.4 and below

Resolution

  • Workaround: Allow permissions for user to create host records on Infoblox, the expectation is Infoblox concurrency protection will avoid this duplicate ip allocation issue. So for 2 VsVips creates received at the same time, both of the APIs to Infoblox will get unique IPs.
  • The fix is scheduled for release in a future version beyond v30.2.4 on the 30.2.x release train, or in a version later than v31.1.1 on the 31.1.x release train.
Powered by Wolken Software