01-29-2019 07:23 AM - edited 03-01-2019 05:45 AM
Hi Everyone,
How can i program my ACI environment to always clear a particular endpoint entry every hour.
I'm looking for a temporary fix to an issue in my ACI environment.
i hope you get what i mean.
Solved! Go to Solution.
01-29-2019 08:17 AM - edited 01-29-2019 08:18 AM
I don't believe there is a way to clear the endpoint from the leaf using the API currently, so you could take the approach of using a cron job on a server to remotely execute this command every hour. Something like -
$ crontab -e 0 * * * * ssh {ssh_user_account}@{your_leaf_ip} "vsh -c 'clear system internal epm endpoint key vrf Prod:Prod ip 172.18.32.21'"
Since this will be a job running the command, you'd probably want to setup SSH keys for access to the leaf and use those to authenticate the user.
Why do you want to clear the endpoint every hour? Can you provide some more detail here? This is very much a band-aid and it'd be best to resolve the root cause instead.
01-29-2019 08:17 AM - edited 01-29-2019 08:18 AM
I don't believe there is a way to clear the endpoint from the leaf using the API currently, so you could take the approach of using a cron job on a server to remotely execute this command every hour. Something like -
$ crontab -e 0 * * * * ssh {ssh_user_account}@{your_leaf_ip} "vsh -c 'clear system internal epm endpoint key vrf Prod:Prod ip 172.18.32.21'"
Since this will be a job running the command, you'd probably want to setup SSH keys for access to the leaf and use those to authenticate the user.
Why do you want to clear the endpoint every hour? Can you provide some more detail here? This is very much a band-aid and it'd be best to resolve the root cause instead.
01-29-2019 08:50 AM
Since we deployed ACI and move the FTD's to the ACI leaf, the FTD-vFMC communication can barely stay up for 2 hours.
We have a layer 3 path and an OTV path between the FTD & FMC located in two separate data centers. The FMC follows the layer 3 path to reach the FTD but on the return path the FTD tries to go with the layer 2 OTV path but cannot find an entry for the mac address so it drops the frame.
But every time i clear the endpoint ip on the leaf for the FMC, it learns the mac address and regains communication. We are working on a permanent fix to move the FTD's outside the ACI but till then, i want to automate the process of clearing the EP entry on the leaf to keep the FMC - FTD communication
01-29-2019 08:59 AM
With migrations between the DCs, it might be something related to remote endpoint learning, which would be disabled on the BD. Check this whitepaper out - https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html
There are a few "disable remote endpoint" use cases covered and based on what you've detailed, one of those might be a match.
01-30-2019 07:34 AM
So i scheduled a cron job on Kiwi to execute the command every hour and its been up since yesterday. The approach was a bit different from yours but i got the idea. Thanks alot
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide