Create a Post
Showing results for 
Search instead for 
Did you mean: 

Can you use a different Public IP for VIP than the one at deployment in a vSec Azure cluster?

We deployed a new vSec cluster in Azure a few days ago to upgrade our old one.  Support said we could use the old public IP addresses so we moved them from the old resource group.  They worked fine for the members, but in a failover, the API deletes "cluster-vip" and when it tries to recreate it on the new active member, it tries to find the original public IP at deployment, which has been moved to a different resource group.  If I could rename the Public IP for the VIP in Azure, I think everything would be fine. But we cant.

Any ideas on a work around for either renaming an IP in Azure, or how to adjust the config file?

Here is a lengthy description what we tried, I am using dummy names:

Original deployment a year ago named "YearAgovSec".  Members were named "YearAgovSec1", "YearAgovSec2".  Public IPs for members were named "YearAgovSec1", "YearAgovSec2". Public IP for VIP was named "YearAgovSec".  Resource group named "YearAgovSec"

New deployment this year named "ThisYearvSec".   Members were named "ThisYearvSec1", "ThisYearvSec2".  Public IPs for members were named "ThisYearvSec1", "ThisYearvSec2".  Public IP for VIP was named "ThisYearvSec".  Resource group named "ThisYearvSec"

We moved out the Public IP Address "ThisYearvSec" to another resource group, and moved in "YearAgovSec" Public IP Address into the "ThisYearvSec" resource group.

In failover, the routes would get re-written correctly, the "cluster-vip" would get removed from the failing member, then things would stop.  The "cluster-vip" would never get added to the active member.  If we added it manually, everything worked fine.

The error we would get is:
RequestException: HTTP/1.1 404 Not Found
{"error":{"code":"ResourceNotFound","message":"The Resource'Microsoft.Network/publicIPAddresses/ThisYearvSec' under resource group 'ThisYearvSec' was not found."}}

The azure-ha.json has these settings:
  "clusterName": "ThisYearvSec",
  "clusterNetworkInterfaces": {
    "eth0": [

We saw in it determines the public IP name with:
    public_ip_id = (conf['baseId'] +
                    'Microsoft.Network/publicIPAddresses/' + conf['clusterName'])

So we changed "ClusterName" in azure-ha.json from "ThisYearvSec" to "YearAgovSec"

When we test the config, now we get:

The hostname ThisYearvSec2 should be either 'YearAgovSec1' or 'YearAgovSec2'  because of this line in
conf['hostname'] = conf.get('hostname', socket.gethostname())
    cluster_name = conf['clusterName'].lower()
    if conf['hostname'] not in {cluster_name + '1', cluster_name + '2'}:
        raise Exception('The hostname %s should be either \'%s\' or \'%s\'' % (
            conf['hostname'], cluster_name + '1', cluster_name + '2'))

At this point, we gave up trying to trick it with the config file.

1 Reply

We figured it out with trial and error.  You need to change this section of the azure-ha.json file to have the name of the public IP address you are using.  The example below is using variables from my posted example.  If you were to add a different public IP, you would change "YearAgovSec" to the name of your new public IP.

 "proxy": "",
  "virtualNetwork": "{YOUR VNET}",
  "clusterName": "ThisYearvSec",
  "clusterNetworkInterfaces": {
    "eth0": [
  "lbName": "frontend-lb"


Epsum factorial non deposit quid pro quo hic escorol.