Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1613
Views
10
Helpful
4
Replies

Change TEP pool on ACI

goranje
Level 1
Level 1

‎05-30-2022 03:31 AM

Hi all,

 

We have interesting ACI installation:

2 SPINEs, 2 LEAFS and 1 APIC.

We have 2 new APICs to configure and extend the APIC cluster, but the situation appeared that TEP pool that was configured on day 0 is to small and not supported in process during adding new APIC.

 

In total the conclusion is that we have to change TEP pool.

Has anyone have some experience with changing TEP pool to share, and of course some  documentation?

 

Basically my understanding is that we have to:

1. Backup ACI configuration,

2. Wipe all switches (spines and leafs) and APIC,

3. Rebuild the ACI from zero (with 3 APICs and new TEP pool),

4. Restore the configuration.

 

 Is this correct or I am missing something ?

 

Best regards,

Goranje

Labels:
0 Helpful
4 Replies 4

Robert Burns
Cisco Employee
Cisco Employee

‎05-30-2022 04:45 AM

Officially, its not supported to change the TEP pool in any manner short of Wiping the Config and rebuilding it from scratch.   You can't restore the config from File as the TEP configuration is included.

My suggestion would be to just save your Tenant config (Right Click, Save As), then rebuild your fabric with the appropriate resource sizes, and then restore your tenant config.  It's still a bit of work as you'll have to recreate all your Access Policies etc, - that's why we explicitly document and warn you during setup that TEP pool should be sized correctly during install as it can't be changed afterwards.

Robert

 

goranje
Level 1
Level 1
In response to Robert Burns

‎05-30-2022 05:36 AM

Hello Robert,

 

That was exactly my latest concern is the TEP configuration backup in ACI backup file, now it is clear.

I know the warnings about the  of TEP pool during install, but this is situation that I found on already installed, working ACI. And it has to be fix.

 

Thanks on all information and suggestion.

 

BR,

Goranje 

 

 

 

 

0 Helpful

RedNectar
VIP
VIP

‎05-30-2022 02:26 PM

Hi @goranje ,

Couple of interesting things here. 

Firstly, your initial setup is an unsupported production configuration - having only a single spine.

Secondly, I'm curious as to how small you made the TEP - it doesn't look like you have a huge topology given only 2 leaves. ACI will support a TEP as small as /23 I believe.

Thirdly, you may find @Robert Burns ' suggestion (save all tenant config using Right-Click > Save As) and then just wiping everything is actually a great way to go, because that will give you a chance to iron out any of those naming inconsistencies (or even establish some better naming conventions), remove any duplicated policies (like Enable_CDP and CDP_Enable - which is a common one). And given you have only two leaf switches, this shouldn't be too hard.

BUT

Before you start, I'd suggest you DO make sure your naming conventions are established. If you want to read about my suggestions, make sure you include RedNectar in your Google search.

And finally, let me add a couple of bits that @Robert Burns left out.

When you right-click on a Tenant and choose Save-as - DO NOT ACCEPT THE DEFAULT VALUES

I've already suggested to Cisco that the defaults change, but no-one with sufficient sway or care has read this.

Anyway, I've cut-and-pasted from that post to show what you need to be careful of:

[And the other thing the @Robert Burns forgot was to tell you that to paste back your Tenant configurations that you saved, you have to right click and choose Post - again the except below should help you understand what you have to watch out for]

When you right-click on an object in the APIC GUI and choose Save As... the default options for saving are:

image.pngContent: All Properties
Scope: Self
Export Format: xml

 

 

Now, for most purposes, these defaults are USELESS - all you get it the base object with timestamps - and there's no way you can post the default format back.

The Default options SHOULD be:

image.pngContent: Only Configuration
Scope: Subtree
Export Format: xml or json (I prefer JSON, and anyone who is going to write python code would also probably prefer JSON)

 

If these become the defaults, then it will be MUCH easier to download configs and post them back - except for one more little annoyance that comes when you right-click on an object in the APIC GUI and choose Post

image.png

 

The Annoying part about this is that the default Parent DN is based on where the right-click was pressed - which almost NEVER where you want it to be pasted.

 

 

 

 

image.pngA default Parent DN of uni/ would be much more useful

 

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

goranje
Level 1
Level 1
In response to RedNectar

‎06-01-2022 12:29 AM

Hello RedNectar,

 

Thanks on your answer.

We are aware of all ACI limitation and warnings but this is situation that we inherit.

TEP pool is less than /23 and the main issue is that we cannot  expand the APIC cluster. This is small ACI installation and it seems that for functionality TEP pool is enough. But we can not add new APICs to the cluster because it not support that small size of TEP pool.

 

 

Best regards,

Goranje

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License