设备版本:/bootflash/aci-n9000-dk9.14.2.7g.bin
设备型号:Cisco C9516
问题描述:如下图,A访问B不通(任何协议),登到B上面,从B向A发起请求以后(任何协议,我们是ping),两端能够正常通讯
ping不通的时候,A和B上连的leaf交换机上面都能学到LOCAL endpoint信息,4台spine上面看coop表项正常。在APIC控制器上面都能搜到A,B的endpoint信息。
请各位专家帮忙分析问题原因及解决方法,多谢!
As shown in the figure below, A cannot access B (any protocol), and after logging in to B and initiating a request from B to A (any protocol, we are pinging), both ends can communicate normally
When the ping fails, the leaf switches connected to A and B can learn the LOCAL endpoint information, and the coop table entries on the four spine switches are normal. The endpoint information of A and B can be found on the APIC controller.
Please help analyze the causes and solutions to the problem, thank you!
1.Server B 向A发起请求后就能正常通讯,此时leaf 1应有Server B的remote EP表项,此时Server A 发起的流量到达Leaf1后查询到remote EP表象,直接抉择发给dst leaf。
2.有问题的时候,B没有发送请求,Leaf1应没有Server B的remote EP信息,此时流量需要进行spine proxy到达Spine进行查询抉择路径。
Because of spine proxy, Cisco ACI packet forwarding will work without remote endpoint learning.
Spine proxy enables leaf switches to forward traffic directly to the COOP database located on the spine switches.
所以我们需要进行ELAM抓包来判断流量到达Spine后是否正确的从Spine发送到egress Leaf。同时也需要进一步查看Spine LC/FM的表项以及转发情况。
建议您查看如下ACI forwarding的资料并以ACI设备的合同开Case来获得思科TAC部门专业的技术支持。
1 To use elam, you can check at:
https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/217995-troubleshoot-aci-intra-fabric-forwarding.html
2 Forwarding behavior depends on the relevant configurations within your ACI fabric. If spine proxy is enabled, there will be Glean ARP packets for processing. Detailed information on this can be found in the ACI Forwarding documentation.
- https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2023/pdf/BRKDCN-3900.pdf
If the traffic is terminating at the spine, more information is needed to verify the spine's status. Please collect on-demand techsupport and contact TAC for further assistance.
Collect on-demand techsupport:
For details on modular spine forwarding, it is necessary to review specific ELAM captures. ELAM needs to be performed not only on the LC but also on the FM, and it is also important to check the forwarding table entries on the spine.
However, before proceeding, it's essential to understand the basics of ACI forwarding, which can be found in the previously provided documentation.
For further detailed discussion and analysis, please reach out to TAC for confirmation.
Category | Typical Suffix | Useful for: | File Size |
Export | _1of3.tgz | Audit/Fault Logs | Small-Med |
Logs | _logs_3of3.tgz | Process Logs | Largest |
DB | _db_2of3.tgz | MO Dump | Small |
https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/214520-guide-to-collect-tech-support-and-tac-re.html
More detailed logs are required for TAC to conduct thorough troubleshooting, as there is no comprehensive documentation available. If you encounter issues, please contact TAC for assistance.