Solved: ACI ping node from spine

JPC11 · ‎12-14-2022

Hi,

I am trying to ping from a spine switch to either a node or interface on a leaf switch, and despite much googling I'm not having any success and would be grateful for any help.

The Leaf switch lists the interface I am trying to ping as up

L101-DC# show ip interface brief

Interface Address Interface Status
vlan18 66.66.66.66/24 protocol-up/link-up/admin-up

The node is also up

L101-DC# show endpoint

+-----------------------------------+---------------+-----------------+--------------+-------------+
VLAN/ Encap MAC Address MAC Info/ Interface
Domain VLAN IP Address IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+

PRODUCTION:PRODUCTION_VRF vlan-666 66.66.66.1 L eth1/6

I can ping both the node and interface from another leaf switch.

L102-PH# iping -V PRODUCTION:PRODUCTION_VRF 66.66.66.1
64 bytes from 66.66.66.1: icmp_seq=0 ttl=128 time=2.368 ms

L102-PH# iping -V PRODUCTION:PRODUCTION_VRF 66.66.66.66
64 bytes from 66.66.66.66: icmp_seq=0 ttl=65 time=0.315 ms

I can also see both IP address from a spine switch

S201-DC# show coop internal info ip-db

IP address : 66.66.66.1
Vrf : 2654209

IP address : 66.66.66.66
Vrf : 2654209

Yet from a spine switch ping fails.

S201-DC# iping -V overlay-1 66.66.66.1
PING 66.66.66.1 (66.66.66.1): 56 data bytes
Request 0 timed out

S201-DC# iping -V overlay-1 66.66.66.66
PING 66.66.66.66 (66.66.66.66): 56 data bytes
Request 0 timed out

Many thanks,

Jonathan

Robert Burns · ‎12-14-2022

I'd ask what you're trying to accomplish. The Leafs have the respective VRFs & BDs deployed on them, the Spine would not have anything but the overlay & mgmt VRFs deployed on it. Though the spine has the endpoint (COOP) database, it's not going to have user-space SVIs to be able to test endpoint connectivity like this. For that you'd need to initiate from a leaf or another endpoint. Advise what you're trying to do and we'll tell you some possible options (ie. looking at routing tables etc instead).

Robert

View solution in original post

Robert Burns · ‎12-14-2022

I'd ask what you're trying to accomplish. The Leafs have the respective VRFs & BDs deployed on them, the Spine would not have anything but the overlay & mgmt VRFs deployed on it. Though the spine has the endpoint (COOP) database, it's not going to have user-space SVIs to be able to test endpoint connectivity like this. For that you'd need to initiate from a leaf or another endpoint. Advise what you're trying to do and we'll tell you some possible options (ie. looking at routing tables etc instead).

Robert

JPC11 · ‎12-14-2022

Hi Robert,

Thank you for your reply. I have been working on a small ACI install and as the install is not in production and I don't really spend any time on the ACI cli I thought I'd take the opportunity whist I can to have a poke around on the cli. I just wondered if it was possible to ping a node from a SPINE switch and thought that if I could see the host IP listed then I'd be able to ping it.

Many thanks,

Jonathan

RedNectar · ‎12-14-2022

Hi @JPC11 ,

You can't ping an endpoint from a spine switch

Think of your spine as being a service provider switch, and your endpoints are your customer devices. As you would expect, the service provider has no access to the customer devices.

ACI is designed using VXLAN overlays to achieve exactly the same result as the same topology would by deployed in a Service Provider's backbone, so you shouldn't expect to be able to ping endpoints or any devices in an ACI Tenant VRF, including the switch IPs that are in that Tenant VRF

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

JPC11 · ‎12-15-2022

Many thanks.