Value of "enable_ipv4" is set to false, preventing certain features, such as BFD, from being implemented #156
Description
TL;DR
Optional value of "enable_ipv4" defaults to false. We are trying to implement BFD on an existing active BGP peer in production. "enable_ipv4 = false", prevents this feature from being implemented.
According to TF documentation, "enable_ipv4" field is optional and defaults to true.
https://registry.terraform.io/providers/hashicorp/google/latest/docs/resources/compute_router_peer
Could you please help us understand where is this value of "enable_ip4" is applied from? How can we override it to set it to be true?
Expected behavior
No response
Observed behavior
The relevant section of "terraform plan -refresh-only"
# module.interconnect_attachment1_region1["vlan1"].google_compute_interconnect_attachment.attachment has changed
~ resource "google_compute_interconnect_attachment" "attachment" {
+ effective_labels = {}
id = "projects/<my-project>/regions/<my-region>/interconnectAttachments/<my-interconnect-attachment>"
+ ipsec_internal_addresses = []
+ label_fingerprint = "<my-fingerprint>"
+ labels = {}
name = "my-interconnect-attachment"
+ stack_type = "IPV4_ONLY"
+ terraform_labels = {}
# (24 unchanged attributes hidden)
}
# module.interconnect_attachment1_region1["vlan1"].module.interface[0].google_compute_router_peer.peers["<my-attachment-peer>"] has changed
# (moved from module.interconnect_attachment1_region1["vlan1"].module.interface.google_compute_router_peer.peers["<my-attachment-peer>"])
resource "google_compute_router_peer" "peers" {
+ advertised_groups = []
+ custom_learned_route_priority = 0
+ enable_ipv4 = false
+ enable_ipv6 = false
+ export_policies = []
id = "projects/<my-project>/regions/<my-region>/routers/<my-router>/<my-attachment-peer>"
+ import_policies = []
name = "<my-attachment-peer>"
Terraform apply output:
│ Error: Error updating RouterBgpPeer "projects/<my-project>/regions/<my-region>/routers/<my-router>/<my-attachment-peer>": googleapi: Error 400: Invalid value for field 'resource.bgpPeers[2].enableIpv4': 'false'. BGP Peer "<my-attachment-peer>" associated with an IPv4 interface "<my-attachment>" must not have IPv4 disabled., invalid
│
│ with module.interconnect_attachment2_region1["vlan2"].module.interface.google_compute_router_peer.peers["<my-attachment-peer>"],
│ on .terraform/modules/interconnect_attachment2_region1/modules/interface/main.tf line 27, in resource "google_compute_router_peer" "peers":
│ 27: resource "google_compute_router_peer" "peers" {
│
╵
Releasing state lock. This may take a few moments...
Terraform Configuration
main.tf
-------------
locals {
suffix1 = lookup(var.cloud_router_labels, "vlan_1", "cr1")
suffix2 = lookup(var.cloud_router_labels, "vlan_2", "cr2")
}
module "interconnect_attachment1_region1" {
source = "terraform-google-modules/cloud-router/google//modules/interconnect_attachment"
version = "~> 6.0.0"
for_each = var.vlancount
name = trimsuffix(substr(replace(join("-", [each.value, var.vpc_name, var.region1, local.suffix1]), "/[^a-zA-Z0-9-]/", ""), 0, 64), "-")
project = var.project_id
region = var.region1
router = var.region1_router1_name
bandwidth = var.bandwidth
interconnect = var.region1_interconnect1
candidate_subnets = var.region1_interconnect1_candidate_subnets
vlan_tag8021q = var.region1_interconnect1_vlan_tag8021q
interface = {
name = trimsuffix(substr(replace(join("-", [each.value, "if", var.vpc_name, var.region1, local.suffix1]), "/[^a-zA-Z0-9-]/", ""), 0, 64), "-")
}
peer = {
name = trimsuffix(substr(replace(join("-", [each.value, var.vpc_name, var.region1, local.suffix1, "peer"]), "/[^a-zA-Z0-9-]/", ""), 0, 64), "-")
peer_asn = var.peer_asn
enable_ipv4 = local.enable_ipv4
bfd = {
session_initialization_mode = var.bfd_mode
min_tx_interval = var.bfd_tx_interval
min_rx_interval = var.bfd_rx_interval
multiplier = var.bfd_multiplier
}
}
}
module "interconnect_attachment2_region1" {
source = "terraform-google-modules/cloud-router/google//modules/interconnect_attachment"
version = "~> 6.0.0"
for_each = var.vlancount
name = trimsuffix(substr(replace(join("-", [each.value, var.vpc_name, var.region1, local.suffix2]), "/[^a-zA-Z0-9-]/", ""), 0, 64), "-")
project = var.project_id
region = var.region1
router = var.region1_router2_name
bandwidth = var.bandwidth
interconnect = var.region1_interconnect2
candidate_subnets = var.region1_interconnect2_candidate_subnets
vlan_tag8021q = var.region1_interconnect2_vlan_tag8021q
interface = {
name = trimsuffix(substr(replace(join("-", [each.value, "if", var.vpc_name, var.region1, local.suffix2]), "/[^a-zA-Z0-9-]/", ""), 0, 64), "-")
}
peer = {
name = trimsuffix(substr(replace(join("-", [each.value, var.vpc_name, var.region1, local.suffix2, "peer"]), "/[^a-zA-Z0-9-]/", ""), 0, 64), "-")
peer_asn = var.peer_asn
enable_ipv4 = local.enable_ipv4
bfd = {
session_initialization_mode = var.bfd_mode
min_tx_interval = var.bfd_tx_interval
min_rx_interval = var.bfd_rx_interval
multiplier = var.bfd_multiplier
}
}
}
variables.tf
---------
variable "vlancount" {
description = "Map of project names to configuration"
type = map(string)
default = {
}
}
variable "sa_file_name" {
default = {
}
}
variable "project_id" {
type = string
description = "The name of the project id where vlan attachment needs to be created."
}
variable "vpc_name" {
type = string
description = "Label to identify the VPC associated with shared VPC that will use the Interconnect."
}
variable "region1" {
type = string
description = "First subnet region. The Dedicated Interconnect module only configures two regions."
}
variable "peer_asn" {
type = number
description = "Peer BGP Autonomous System Number (ASN)."
}
variable "region1_interconnect1" {
type = string
description = "URL of the underlying Interconnect object that this attachment's traffic will traverse through."
}
variable "region1_interconnect2" {
type = string
description = "URL of the underlying Interconnect object that this attachment's traffic will traverse through."
}
variable "region1_router1_name" {
type = string
description = "Name of the Router 1 for Region 1 where the attachment resides."
}
variable "region1_router2_name" {
type = string
description = "Name of the Router 2 for Region 1 where the attachment resides."
}
variable "cloud_router_labels" {
type = map(string)
description = "A map of suffixes for labelling vlans with four entries like \"vlan_1\" => \"suffix1\" with keys from `vlan_1` to `vlan_4`."
default = {}
}
variable "region1_interconnect1_candidate_subnets" {
type = list(string)
description = "Up to 16 candidate prefixes that can be used to restrict the allocation of cloudRouterIpAddress and customerRouterIpAddress for this attachment."
default = null
}
variable "region1_interconnect2_candidate_subnets" {
type = list(string)
description = "Up to 16 candidate prefixes that can be used to restrict the allocation of cloudRouterIpAddress and customerRouterIpAddress for this attachment."
default = null
}
variable "region1_interconnect1_vlan_tag8021q" {
type = string
description = "The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094."
default = null
}
variable "region1_interconnect2_vlan_tag8021q" {
type = string
description = "The IEEE 802.1Q VLAN tag for this attachment, in the range 2-4094."
default = null
}
variable "bandwidth" {
type = string
description = "The VLAN attachment bandwidth size"
default = null
}
variable "bfd_mode" {
description = "BFD mode for the interconnect attachment. Can be either 'DISABLED', 'ACTIVE' or 'PASSIVE'."
type = string
}
variable "bfd_tx_interval" {
description = "The minimum interval between BFD control packets transmitted to a BGP peer. Must be between 1000 ms and 30000 ms."
type = number
}
variable "bfd_rx_interval" {
description = "The minimum interval between BFD control packets received from a BGP peer. Must be between 1000 ms and 30000 ms."
type = number
}
variable "bfd_multiplier" {
description = "The number of consecutive BFD control packets that must be missed before BFD declares that a peer is unavailable. Must be between 5 packets and 16 packets"
type = number
}
variable "enable_ipv4" {
type = bool
default = true
}
auto.tfvars
-----------
sa_file_name = "<my-path-to-secret-file>"
project_id = "<my-project-id>"
vpc_name = "<my-vpc>"
region1 = "<my-region>"
region1_router1_name = "<my-cloudrouter1>"
region1_router2_name = "<my-cloudrouter2>"
region1_interconnect1 = "<my-interconnect1>"
region1_interconnect2 = "<my-interconnect2>"
peer_asn = "<my-peer-asn>"
bandwidth = "<my-bw>"
cloud_router_labels = {
vlan_1 = "ic1-attachment"
vlan_2 = "ic2-attachment"
}
vlancount = {
vlan1 = "vl-01"
vlan2 = "vl-02"
}
bfd_mode = "PASSIVE"
bfd_tx_interval = "1000"
bfd_rx_interval = "1000"
bfd_multiplier = "5"
versions.tf
-----------
provider "google" {
credentials = file(var.sa_file_name)
}
terraform {
required_version = ">= 0.13"
required_providers {
google = {
source = "hashicorp/google"
version = ">= 3.50"
}
google-beta = {
source = "hashicorp/google-beta"
version = ">= 3.50"
}
}
provider_meta "google" {
module_name = "blueprints/terraform/terraform-example-foundation:dedicated_interconnect/v1.0.0"
}
provider_meta "google-beta" {
module_name = "blueprints/terraform/terraform-example-foundation:dedicated_interconnect/v1.0.0"
}
}Terraform Version
Terraform v1.12.1
on darwin_arm64
+ provider registry.terraform.io/hashicorp/google v6.39.0
+ provider registry.terraform.io/hashicorp/google-beta v6.39.0Terraform Provider Versions
terraform providers
Providers required by configuration:
.
├── provider[registry.terraform.io/hashicorp/google] >= 3.50.0
├── provider[registry.terraform.io/hashicorp/google-beta] >= 3.50.0
├── module.interconnect_attachment1_region1
│ ├── provider[registry.terraform.io/hashicorp/google] >= 4.27.0, < 7.0.0
│ └── module.interface
│ └── provider[registry.terraform.io/hashicorp/google] >= 5.12.0, < 7.0.0
└── module.interconnect_attachment2_region1
├── provider[registry.terraform.io/hashicorp/google] >= 4.27.0, < 7.0.0
└── module.interface
└── provider[registry.terraform.io/hashicorp/google] >= 5.12.0, < 7.0.0
Providers required by state:
provider[registry.terraform.io/hashicorp/google]Additional information
- We tried setting 'enable_ipv4" = true:
- In main.tf in the interconnect_attachment/main.tf file, peers section here:
- As a variable of type bool here: interconnect_attachment/variables.tf
- In the "google_compute_router_peer" resource in interface/main.tf section here:
- As a variable of type bool here: interface/variables.tf
-
We have tried module versions 6.0.0, 6.3.0, 7.0.0
-
Directory structure:
ls -a
total 48
.terraform
.
.terraform.lock.hcl
main.tf
variables.tf
resource_var.auto.tfvars
backend.tf
..
versions.tf
tree
.
├── backend.tf
├── main.tf
├── resource_var.auto.tfvars
├── variables.tf
└── versions.tf
1 directory, 5 files