Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2411
Views
0
Helpful
4
Replies

ACI leaf- Automating vsh -c 'clear system internal epm endpoint key vrf Prod:Prod ip 172.18.32.21'

Go to solution
ugochunw123
Level 1
Level 1

‎01-29-2019 07:23 AM - edited ‎03-01-2019 05:45 AM

Hi Everyone,

How can i program my ACI environment to always clear a particular endpoint entry every hour.

I'm looking for a temporary fix to an issue in my ACI environment. 

i hope you get what i mean.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Beau Poehls
Level 1
Level 1

‎01-29-2019 08:17 AM - edited ‎01-29-2019 08:18 AM

I don't believe there is a way to clear the endpoint from the leaf using the API currently, so you could take the approach of using a cron job on a server to remotely execute this command every hour. Something like -

 

$ crontab -e
0 * * * * ssh {ssh_user_account}@{your_leaf_ip} "vsh -c 'clear system internal epm endpoint key vrf Prod:Prod ip 172.18.32.21'"

Since this will be a job running the command, you'd probably want to setup SSH keys for access to the leaf and use those to authenticate the user.

 

Why do you want to clear the endpoint every hour? Can you provide some more detail here? This is very much a band-aid and it'd be best to resolve the root cause instead.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Beau Poehls
Level 1
Level 1

‎01-29-2019 08:17 AM - edited ‎01-29-2019 08:18 AM

I don't believe there is a way to clear the endpoint from the leaf using the API currently, so you could take the approach of using a cron job on a server to remotely execute this command every hour. Something like -

 

$ crontab -e
0 * * * * ssh {ssh_user_account}@{your_leaf_ip} "vsh -c 'clear system internal epm endpoint key vrf Prod:Prod ip 172.18.32.21'"

Since this will be a job running the command, you'd probably want to setup SSH keys for access to the leaf and use those to authenticate the user.

 

Why do you want to clear the endpoint every hour? Can you provide some more detail here? This is very much a band-aid and it'd be best to resolve the root cause instead.

0 Helpful

Go to solution
ugochunw123
Level 1
Level 1
In response to Beau Poehls

‎01-29-2019 08:50 AM

Since we deployed ACI and move the FTD's to the ACI leaf, the FTD-vFMC communication can barely stay up for 2 hours.

We have a layer 3 path and an OTV path between the FTD & FMC located in two separate data centers. The FMC follows the layer 3 path to reach the FTD but on the return path the FTD tries to go with the layer 2 OTV path but cannot find an entry for the mac address so it drops the frame.

 

But every time i clear the endpoint ip on the leaf for the FMC, it learns the mac address and regains communication. We are working on a permanent fix to move the FTD's outside the ACI but till then, i want to automate the process of clearing the EP entry on the leaf to keep the FMC - FTD communication

 

 

0 Helpful

Go to solution
Beau Poehls
Level 1
Level 1
In response to ugochunw123

‎01-29-2019 08:59 AM

With migrations between the DCs, it might be something related to remote endpoint learning, which would be disabled on the BD. Check this whitepaper out - https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html

 

There are a few "disable remote endpoint" use cases covered and based on what you've detailed, one of those might be a match.

 

 

0 Helpful

Go to solution
ugochunw123
Level 1
Level 1
In response to Beau Poehls

‎01-30-2019 07:34 AM

So i scheduled a cron job on Kiwi to execute the command every hour and its been up since yesterday. The approach was a bit different from yours but i got the idea. Thanks alot

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License