Why isn’t traffic reaching my VNF appliance with a public address range?

You can now create and use public address ranges in the Frankfurt and Madrid regions, if your account has been approved for access. To request access to Public Address Ranges for VPC, contact your IBM representative.

When using Public Address Ranges for VPC, traffic might fail to flow as expected due to issues in either the control path or the data path. These issues can manifest during the attachment of the public address range or during runtime routing of traffic to/from the VNF appliance.

You might notice that traffic intended for a VNF appliance does not reach its destination or response traffic is dropped. The problem typically presents in two ways:

If a control path issue, the lifecycle state is not stable, often showing Failed, Pending, or Updating status.
If a data path issue, the lifecycle state of the range is stable and appears correctly attached, but traffic is not routed or forwarded as expected.

Routing issues with a range can arise from improper lifecycle management (attach failure or misconfiguration) or misconfigured routing rules or next-hop appliances, even when the public address range appears successful.

Follow these steps to troubleshoot this issue:

Verify the public address range lifecycle state:
1. Check if the public address range is in a stable state using the IBM Cloud console or CLI.
2. If not in a stable state, it's a control path issue. Retry the attach process or check for configuration or IAM permission errors.
Validate the routing configuration:
1. If the public address range is stable, ensure that the route table correctly maps the public address range to the VNF appliance as the next hop.
2. Confirm that public ingress routing is set up properly and that the VNF is reachable.
Verify that the VNF appliance is correctly processing traffic, preserving source IPs on egress, and that firewall/security rules allow the traffic.
If this issue persists, gather logs and routing details and contact IBM Cloud support.