cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
759
Views
25
Helpful
2
Replies

ACI + 3750 TCP FLUSHES

IgorIceG
Level 1
Level 1

tocomm.jpg

 

Hi community!
We have an hardware LAN configured on two 3750 stacks, which are combined into a cluster via the HSRP protocol. On stacks of 3750, gateways are configured for all vlans inside the ACI. The ACI factory is connected to this LAN with two links - one main (active) and the second backup (disconnected from the 3750 side, cold link). Thus, we guarantee that there is no loop in the entire topology. The question is, when we turn off the active link and turn on the one that was cold, incomprehensible things happen - virtual machines in different vlans are available for a minute - then disappear for a minute. Some virtual machines cannot go outside of their L2 network. What could it be?  Can any old cache be saved?

2 Replies 2

Robert Burns
Cisco Employee
Cisco Employee

Are the ACI Bridge Domains configured to Flood (rather than default proxy)  mode for unknown unicast?  This may explain why there's an outage why your failover the links.

This design is not an optimal one.  You have a single active uplink which sounds to be a manual failover (enabling from the 3750 side).  An improvement to this would be to stack the 3750s (single logical device) then create a port channel between the stack and ACI.  This would require that the 3750s connecto a VPC pair of ACI leafs, so there may be some re-work involved.  Not only would this avoid any manual failing over, but you'd be able to utilize both links increasing your bandwidth also.  This would also eliminate the flooding & re-learning of HSRP MAC/IP owners.

Robert

As a side note, based on your diagram above, your APICs connectivity is something that could be a concern.  Typically when you upgrade a fabric you'll perform the switch upgrades in an Odd/Even manner.  This assumes that every other Leaf is in a VPC pair.  When combined with the practice of dual connecting your end hosts to a VPC pair whenever possible (Leaf1_2, Leaf3_4 etc), you ensure that one leaf will remain online during an upgrade.  The way you have your APICs connected doesn't follow this.  Should you upgrade "odd" Leafs according to above, you'd completely lose APIC1 during the process.  Though APIC2 & 3 would remain reachable in this case, I would advise a more resilient design and avoiding Cluster disruption if/when possible.  Of course, you could manually perform Leaf Upgrades in any order and make the above work, the most deterministic & common is the Odd/Even method - so just wanted to call this out. 

Robert

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License