<!-- 
RSS generated by JIRA (9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66) at Wed Feb 07 21:41:00 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary append 'field=key&field=summary' to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>MongoDB Jira</title>
    <link>https://jira.mongodb.org</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>9.7.1</version>
        <build-number>970001</build-number>
        <build-date>13-04-2023</build-date>
    </build-info>


<item>
            <title>[CSHARP-1900] Intermittent loss of connectivity to Atlas instance from peered VPC</title>
                <link>https://jira.mongodb.org/browse/CSHARP-1900</link>
                <project id="10041" key="CSHARP">C# Driver</project>
                    <description>&lt;p&gt;.NET web application uses C# Driver 2.3.0 to access MongoDb.  App runs on an EC2 instance in my AWS account.  Instance is in a VPC that is peered to the Atlas VPC.  Network ACL allows all traffic to/from the ATlas VPC.  SEcurity group is wide open.&lt;/p&gt;

&lt;p&gt;IPs of my VPC are whitelisted in the Atlas security config.&lt;/p&gt;

&lt;p&gt;From my EC2 instance, I am able to connect to the Atlas instance from the mongo shell.  A PING of the Atlas hostname resolves to the correct IP.&lt;/p&gt;

&lt;p&gt;Applicatoin was working as expected earlier in the day.  No code or configuration changes occurred.  Application is now not able to connect to the instance.  Following error occurs:&lt;/p&gt;

&lt;p&gt;A timeout occured after 30000ms selecting a server using CompositeServerSelector{ Selectors = ReadPreferenceServerSelector{ ReadPreference = &lt;/p&gt;
{ Mode = Primary, TagSets = [] }
&lt;p&gt; }, LatencyLimitingServerSelector&lt;/p&gt;
{ AllowedLatencyRange = 00:00:00.0150000 }
&lt;p&gt; }. Client view of cluster state is { ClusterId : &quot;1&quot;, ConnectionMode : &quot;ReplicaSet&quot;, Type : &quot;ReplicaSet&quot;, State : &quot;Disconnected&quot;, Servers : [{ ServerId: &quot;&lt;/p&gt;
{ ClusterId : 1, EndPoint : &quot;Unspecified/sts-armor-01-shard-00-00-42ma8.mongodb.net:27017&quot; }
&lt;p&gt;&quot;, EndPoint: &quot;Unspecified/sts-armor-01-shard-00-00-42ma8.mongodb.net:27017&quot;, State: &quot;Disconnected&quot;, Type: &quot;Unknown&quot;, HeartbeatException: &quot;MongoDB.Driver.MongoConnectionException: An exception occurred while opening a connection to the server. ---&amp;gt; System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.&lt;/p&gt;</description>
                <environment>Windows 2012 instance in my VPC.  Peered Atlas VPC.</environment>
        <key id="347577">CSHARP-1900</key>
            <summary>Intermittent loss of connectivity to Atlas instance from peered VPC</summary>
                <type id="1" iconUrl="https://jira.mongodb.org/secure/viewavatar?size=xsmall&amp;avatarId=14703&amp;avatarType=issuetype">Bug</type>
                                            <priority id="3" iconUrl="https://jira.mongodb.org/images/icons/priorities/major.svg">Major - P3</priority>
                        <status id="6" iconUrl="https://jira.mongodb.org/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="success"/>
                                    <resolution id="9">Done</resolution>
                                        <assignee username="-1">Unassigned</assignee>
                                    <reporter username="support@santiamtech.com">Kyle Sullens</reporter>
                        <labels>
                    </labels>
                <created>Fri, 20 Jan 2017 21:36:51 +0000</created>
                <updated>Tue, 21 Mar 2017 17:55:00 +0000</updated>
                            <resolved>Tue, 21 Mar 2017 17:55:00 +0000</resolved>
                                    <version>2.4.1</version>
                                                    <component>Configuration</component>
                    <component>Connectivity</component>
                                        <votes>1</votes>
                                    <watches>2</watches>
                                                                                                                <comments>
                            <comment id="1496642" author="searob1@hotmail.com" created="Fri, 10 Feb 2017 04:41:28 +0000"  >&lt;p&gt;Are you sure about your Atlas VPC ID? ( vpc-284*4c )&lt;br/&gt;
Because that looks like it&apos;s possibly your own VPC ID (note the &quot;vpc&quot; prefix).&lt;br/&gt;
On the last line in the comment above &quot;vpc-284*4c&quot; is my VPC ID and &quot;pcx-e948*0&quot; is my Peering ID to Atlas (note the &quot;pcx&quot; prefix).&lt;/p&gt;</comment>
                            <comment id="1496638" author="searob1@hotmail.com" created="Fri, 10 Feb 2017 04:35:28 +0000"  >&lt;p&gt;I thought the 10.0 would be reserved for VPC Peering networks only.  It looks like we have similar setups.&lt;/p&gt;

&lt;p&gt;My setup:&lt;br/&gt;
VPC CIDR Block: 172.**.0.0/16&lt;br/&gt;
Atlas CIDR Block: 10.0.0.0/16&lt;br/&gt;
Atlas VPC ID: pcx-e948*0&lt;/p&gt;

&lt;p&gt;Route table:&lt;br/&gt;
172.**.0.0/16  local&lt;br/&gt;
0.0.0.0/0  igw-7c8*18&lt;br/&gt;
10.0.0.0/16  pcx-e948*0&lt;/p&gt;

&lt;p&gt;In Atlas, I have this as my IP Whitelist: 172.**.0.0/16 which corresponds to the private CIDR of my VPC.&lt;br/&gt;
On my Atlas Peering tab, I have:  vpc-284*4c - Available - pcx-e948*0 - 172.**.0.0/16 - button (Terminate)&lt;/p&gt;</comment>
                            <comment id="1496275" author="support@santiamtech.com" created="Thu, 9 Feb 2017 19:27:35 +0000"  >&lt;p&gt;Very exciting that you are up and running.&lt;/p&gt;

&lt;p&gt;I&apos;m confused about your CIDR scheme.  Here is my setup:&lt;br/&gt;
VPC CIDR Block: 10.28.0.0/16&lt;br/&gt;
Atlas CIDR Block: 192.168.248.0/21&lt;br/&gt;
Atlas VPC ID: vpc-dbb60dbc&lt;/p&gt;

&lt;p&gt;The route table on my VPC contains the following:&lt;br/&gt;
10.28.0.0/16              local&lt;br/&gt;
0.0.0.0/0                    igw-e80d448c (internet gateway)&lt;br/&gt;
192.168.248.0/21      pcx-1ce86975&lt;/p&gt;

&lt;p&gt;In Atlas, I have the following range in the IP Whitelist: 10.28.0.0/16, which corresponds to the private CIDR of my VPC&lt;/p&gt;

&lt;p&gt;The only way for me to get DB connection from the server is to open the ACL for all traffic to/from 0.0.0.0/0 for the subnet that contains my EC2 instance.  This tells me that the DB traffic is using the public network and not the peered connection.&lt;/p&gt;

&lt;p&gt;Let me know if you see anything in my setup that is suspect.  Maybe an Atlas tech will chime in here?......&lt;/p&gt;</comment>
                            <comment id="1496189" author="searob1@hotmail.com" created="Thu, 9 Feb 2017 18:23:13 +0000"  >&lt;p&gt;Actually, I didn&apos;t see that. I was just using the step through guide on the Peering setup page (which I thought contained all the necessary instructions), which doesn&apos;t have that step.&lt;/p&gt;

&lt;p&gt;The problem with this guide is that the CIDR blocks are reversed. They shouldn&apos;t be that way.  My VPC CIDR block is 172.**.0.0/16 and my Atlas CIDR block is 10.0.0.0/16&lt;br/&gt;
&lt;a href=&quot;https://www.mongodb.com/blog/post/introducing-vpc-peering-for-mongodb-atlas&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://www.mongodb.com/blog/post/introducing-vpc-peering-for-mongodb-atlas&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;I enabled the DNS, it seems to get a private IP address, but now my web servers can&apos;t ping the MongoDB servers.&lt;br/&gt;
ping zlor1-shard-00-00-bonqv.mongodb.net&lt;br/&gt;
Pinging ec2-52-42-*****.us-west-2.compute.amazonaws.com &lt;span class=&quot;error&quot;&gt;&amp;#91;10.0.***.150&amp;#93;&lt;/span&gt; with 32 bytes of data:&lt;br/&gt;
Request timed out.&lt;br/&gt;
Request timed out.&lt;br/&gt;
Request timed out.&lt;br/&gt;
Request timed out.&lt;br/&gt;
Ping statistics for 10.0.***.150:&lt;br/&gt;
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)&lt;/p&gt;

&lt;p&gt;I looked at my route tables and suspected that I misread the documentation or the step that I took were wrong.  For the peering connection in my route table, I had 172.*&lt;b&gt;.0.0/16 as my Destination and pcx-e948&lt;/b&gt;*&lt;b&gt;0 for Target (in addition to 172.&lt;/b&gt;*.0.0/16 that mapped to local). After I changed the Destination to 10.0.0.0/16, my pings were successful again.&lt;/p&gt;

&lt;p&gt;I removed the open IP block 0.0.0.0/0 from my cluster whitelist, and my pings and app were still successful.  However, I found that I still needed 172.**.0.0/16 in my whitelist, which is ok since that&apos;s my VPC CIDR block.&lt;/p&gt;

&lt;p&gt;Now everything is working great and much faster!&lt;/p&gt;</comment>
                            <comment id="1495993" author="support@santiamtech.com" created="Thu, 9 Feb 2017 15:59:09 +0000"  >&lt;p&gt;Robert -&lt;/p&gt;

&lt;p&gt;Assuming you&apos;ve reviewed this tutorial:&lt;br/&gt;
&lt;a href=&quot;https://www.mongodb.com/blog/post/introducing-vpc-peering-for-mongodb-atlas&quot; class=&quot;external-link&quot; target=&quot;_blank&quot; rel=&quot;nofollow noopener&quot;&gt;https://www.mongodb.com/blog/post/introducing-vpc-peering-for-mongodb-atlas&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;Check out step #6 &quot;Enable DNS Hostnames&quot;.  This may be the cause of your server&apos;s inability to resolve the host name to the private IP.&lt;/p&gt;</comment>
                            <comment id="1494671" author="searob1@hotmail.com" created="Wed, 8 Feb 2017 08:15:38 +0000"  >&lt;p&gt;I&apos;m using one of the servers in my cluster connection string.  I can also ping this from my home computer and get the same IP address.  However, tracert fails from my home computer, but I&apos;m not sure why.&lt;/p&gt;

&lt;p&gt;ping zlor1-shard-00-00-bonqv.mongodb.net&lt;br/&gt;
Pinging ec2-52-42-162-38.us-west-2.compute.amazonaws.com &lt;span class=&quot;error&quot;&gt;&amp;#91;52.42.162.38&amp;#93;&lt;/span&gt; with 32 bytes of data:&lt;br/&gt;
Reply from 52.42.162.38: bytes=32 time=34ms TTL=42&lt;br/&gt;
Reply from 52.42.162.38: bytes=32 time=19ms TTL=42&lt;br/&gt;
Reply from 52.42.162.38: bytes=32 time=21ms TTL=42&lt;br/&gt;
Reply from 52.42.162.38: bytes=32 time=23ms TTL=42&lt;br/&gt;
Ping statistics for 52.42.162.38:&lt;br/&gt;
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),&lt;br/&gt;
Approximate round trip times in milli-seconds:&lt;br/&gt;
    Minimum = 19ms, Maximum = 34ms, Average = 24ms&lt;/p&gt;

&lt;p&gt;The tracert from my EC2 instance in my VPC does not resolve a private IP address.&lt;/p&gt;</comment>
                            <comment id="1494633" author="support@santiamtech.com" created="Wed, 8 Feb 2017 05:35:07 +0000"  >&lt;p&gt;Screenshot from WireShark:&lt;/p&gt;


&lt;p&gt;&lt;span class=&quot;image-wrap&quot; style=&quot;&quot;&gt;&lt;img src=&quot;http://auctionbiz.com/images/mongo.png&quot; style=&quot;border: 0px solid black&quot; /&gt;&lt;/span&gt;&lt;/p&gt;</comment>
                            <comment id="1494615" author="support@santiamtech.com" created="Wed, 8 Feb 2017 04:25:00 +0000"  >&lt;p&gt;Robert -&lt;/p&gt;

&lt;p&gt;I want to replicate your test to confirm i&apos;m seeing the same issue.  Where did you get the address ec2-52-42-162-38.us-west-2.compute.amazonaws.com?  I assume this is the address of your Atlas instance and you are showing the tracert from your application server on EC2.  Where did you find the address for your atlas instance?  I didn&apos;t see it published anywhere on the atlas dashboard.&lt;/p&gt;

&lt;p&gt;When I run a tracert from my EC2 instance using xxxx-xxxx-xxx-shard-00-00-42ma8.mongodb.net (my Atlas instance), it responds with the correct private (192.168.x.x) IP. &lt;/p&gt;

&lt;p&gt;My IP whitelist in Atlas is set to only allow traffic from my EC2 (peered) VPC.  However, in my VPC, I have the ACL set to allow all traffic in and out (wide open security).  In this configuration, my app can communicate with the Atlas instance. &lt;/p&gt;

&lt;p&gt;When I secure the ACL by removing the ALL TRAFFIC rules and allowing only traffic to/from the 192.168.x.x/x (CIDR of the Atlas VPC), my application is not able to connect to the Atlas server.  This tells me the communication is not occurring over the peered network, but over the public internet, as you indicate. &lt;/p&gt;</comment>
                            <comment id="1493629" author="searob1@hotmail.com" created="Tue, 7 Feb 2017 06:59:43 +0000"  >&lt;p&gt;I think the problem is that the connection string that we have is using public domains. These aren&apos;t reachable by private networks.  When I ping the one of the servers, it shows a public IP address, not a private one. Here are the results of my tracert:&lt;br/&gt;
Tracing route to ec2-52-42-162-38.us-west-2.compute.amazonaws.com &lt;span class=&quot;error&quot;&gt;&amp;#91;52.42.162.38&amp;#93;&lt;/span&gt;&lt;br/&gt;
over a maximum of 30 hops:&lt;br/&gt;
  1     *        *        *     Request timed out.&lt;br/&gt;
  2    &amp;lt;1 ms    &amp;lt;1 ms    &amp;lt;1 ms  ec2-52-42-162-38.us-west-2.compute.amazonaws.com &lt;span class=&quot;error&quot;&gt;&amp;#91;52.42.162.38&amp;#93;&lt;/span&gt;&lt;/p&gt;

&lt;p&gt;I think the first represents the connection to the private network, and the second represents the connection to public network.  When I open IP whitelist to anyone (public), then I&apos;m able to connect to my servers from my web server.&lt;/p&gt;

&lt;p&gt;Is there a different connection string we should use to connect via the private network (peering connection)?&lt;/p&gt;</comment>
                            <comment id="1493628" author="searob1@hotmail.com" created="Tue, 7 Feb 2017 06:49:49 +0000"  >&lt;p&gt;Having the exact same issue. .NET web application uses the latest C# Driver 2.4.2 to access MongoDb.&lt;/p&gt;</comment>
                    </comments>
                    <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_15850" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummary">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_12550" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>2|hsu08v:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10558" key="com.pyxis.greenhopper.jira:gh-global-rank">
                        <customfieldname>Rank (Obsolete)</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>9223372036854775807</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            </customfields>
    </item>
</channel>
</rss>