Re: CLI to check leaf LPM table

Hongjun Ma · ‎05-23-2018

anyone knows the CLI to check leaf nodes LPM-GST and LPM-LST?

I tried the following command but the output doesn't make too much sense to me.

module-1# show platform internal ns lpm global
GST EGRESS-------
Printing for v4:
tcam_anchor for Index: 0
start: 3048 count 0
tcam_anchor for Index: 1
start: 3024 count 1
tcam_anchor for Index: 2
start: 3000 count 0
tcam_anchor for Index: 3

gbrait85 · ‎05-23-2018

Not sure what you are trying to troubleshoot, but variations of show endpoint are usually very good to take a quick look.

Anyway, here are the cli commands you would need.

(summary of all endpoint from the leaf perspective, Local and Remote)

Leaf-102-Int# show system internal epm endpoint all summary

----------------------------------------------------------

EPM Endpoint Summary

--------------------------------------------------------

Total number of local endpoints : 241

Total number of local MACs : 241

Total number of local IPv4 addresses : 294

Total number of local IPv6 addresses : 0

Total number of non-vPC endpoints : 14

Total number of vPC endpoints : 227

Total number of PL endpoints : 241

Total number of VL endpoints : 0

Total number of non-vPC on-peer endpoints : 6

Total number of remote endpoints : 44

Total number of remote MACs : 25

Total number of remote IPv4 addresses : 19

Total number of remote IPv6 addresses : 0

Total number of VTEPs : 0

Total number of loopback endpoints : 2

Total number of SVI endpoints : 50

Total number of static endpoints : 0

Total number of config endpoints : 52

Total number of cached endpoints : 0

Total number of MACs : 272

Total number of IPs : 371

(This command will actually show all the endpoint, if they are local or global, vrf and clan info)

Leaf-102-Int# show system internal epm endpoint all |more

VRF : common:Common-VRF ::: Context id : 9 ::: Vnid : 3047424

MAC : a89d.21c4.b530 ::: Num IPs : 0

Vlan id : 81 ::: Vlan vnid : 15466403 ::: VRF name : common:Common-VRF

BD vnid : 15466403 ::: VRF vnid : 3047424

Phy If : 0x1a004000 ::: Tunnel If : 0

Interface : Ethernet1/5

Flags : 0x80004804 ::: sclass : 10946 ::: Ref count : 4

EP Create Timestamp : 05/05/2018 13:02:48.392484

EP Update Timestamp : 05/23/2018 12:35:47.747543

EP Flags : local|MAC|sclass|timer|

::::

MAC : 2c5a.0f91.ae7e ::: Num IPs : 0

Vlan id : 94 ::: Vlan vnid : 14745599 ::: VRF name : common:Common-VRF

BD vnid : 14745599 ::: VRF vnid : 3047424

Phy If : 0x16000005 ::: Tunnel If : 0

Interface : port-channel6

Flags : 0x80004805 ::: sclass : 10946 ::: Ref count : 4

EP Create Timestamp : 05/05/2018 10:08:29.459318

EP Update Timestamp : 05/23/2018 12:35:47.750574

::::

MAC : 0000.c4fc.ff0a ::: Num IPs : 1

IP# 0 : 10.255.252.196 ::: IP# 0 flags :

Vlan id : 94 ::: Vlan vnid : 14745599 ::: VRF name : common:Common-VRF

BD vnid : 14745599 ::: VRF vnid : 3047424

Phy If : 0x901005e ::: Tunnel If : 0

Interface : Vlan94

Flags : 0x10404 ::: sclass : 0 ::: Ref count : 3

EP Create Timestamp : 05/05/2018 10:08:27.011378

EP Update Timestamp : 05/05/2018 10:08:27.012144

EP Flags : local|IP|esvi|

::::

MAC : 0000.c3fc.ff0a ::: Num IPs : 1

IP# 0 : 10.255.252.195 ::: IP# 0 flags :

Vlan id : 94 ::: Vlan vnid : 14745599 ::: VRF name : common:Common-VRF

BD vnid : 14745599 ::: VRF vnid : 3047424

Phy If : 0x901005e ::: Tunnel If : 0

Interface : Vlan94

Flags : 0x10404 ::: sclass : 0 ::: Ref count : 3

EP Create Timestamp : 05/05/2018 10:08:27.008358

EP Update Timestamp : 05/05/2018 10:08:27.012017

EP Flags : local|IP|esvi|

::::

--More--

For those of you that don't know, the next commands are run from vsh_lc

To see the actual GST and LST entries, you would need to run this command is you are running first gen leafs (NS asic). (I can't show the output of this because I don't have any first gen equipment handy)

show platform internal ns forwarding gst-l3

show platform internal ns forwarding gst-l2

show platform internal ns forwarding lst-l3

show platform internal ns forwarding lst-l2

If you are running newer hardware based on Tahoe asic, you would run this command for L2 entries (They are not separate in GST and LST, but XR will indicate remote)

module-1# show platform internal hal ep l2 all

LEGEND:

-------

BDId: BD Id BD Name: BD Name

T: EP Type (Pl: Physical Vl: Virtual Xr: Remote EP Mac: Mac

L2 IfId: L2 Interface L2 IfName: L2 IfName

FDId: FD Id FD Name: FD Name

S Class: S Class Age Intvl: Age Interval

P A: Packet Action (F: Forward, T: Trap to CPU,

L: Log & Forward, D: Drop, N: None)

S T: Static Ep S E: Secure EP

L D: Learn Disable B N D: Bind Notify Disable

E N D: Epg Notify Disable B E: Bounce Enable

I D L: IVxlan Dont Learn SPI: Source Policy Incomplete

DPI: Dest Policy Incomplete SPA: Source Policy Applied

DPA: Dest Policy Applied DSS: Dest Shared Service

IL: Is Local VUB: Vnid Use Bd

SO: SA Only

L2 EP Count: 321

======================================================================================================================

B E I S D S D D V

BD EP L2 L2 FD S Age P S S L N N B D P P P P S I U S

BdId Name T Mac IfId Ifname FDId Name Class Intvl A T E D D D E L I I A A S L B O

======================================================================================================================

28 BD-40 Pl 00:00:5e:00:00:82 1600000c Po13 9 FD-9 8016 29f F 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0

28 BD-40 Pl 00:0c:29:1b:4c:78 1600000c Po13 9 FD-9 8016 29f F 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0

21 BD-33 Pl 00:0c:29:1c:3a:f1 1a01e000 Eth1/31 24 FD-36 17 29f F 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0

28 BD-40 Pl 00:0c:29:48:a1:0d 1600000c Po13 9 FD-9 8016 29f F 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0

28 BD-40 Pl 00:0c:29:69:da:aa 1600000c Po13 9 FD-9 8016 29f F 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0

28 BD-40 Pl 00:0c:29:73:6c:b7 1600000c Po13 9 FD-9 8016 29f F 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0

21 BD-33 Pl 00:0c:29:b0:52:a5 1600000c Po13 24 FD-36 17 29f F 0 0 0 1 0 0 0 0 0 0 0 0 1 0 0

1f BD-31 Pl 00:22:bd:f8:19:ff 0 - 1f - 1 0 N 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0

62 BD-98 Pl 00:22:bd:f8:19:ff 0 - 62 - 1 0 N 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0

2f BD-47 Pl 00:22:bd:f8:19:ff 0 - 2f - 1 0 N 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0

37 BD-55 Pl 00:22:bd:f8:19:ff 0 - 37 - 1 0 N 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0

32 BD-50 Pl 00:22:bd:f8:19:ff 0 - 32 - 1 0 N 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0

a BD-10 Pl 00:22:bd:f8:19:ff 0 - a - 1 0 N 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0

1 BD-1 Pl 00:22:bd:f8:19:ff 0 - 1 - 1 0 N 1 0 0 1 0 0 1 1 0 0 0 0 1 1 0

5c BD-92 Pl 00:22:bd:f8:19:ff 0 - 5c - 1 0 N 1 0 0 1 0 0 1 1 0 0 0 0 1 0 0

(This is the same command but for the Layer 3 info)

module-1# show platform internal hal ep l3 all

LEGEND:

-------

VrfName: Vrf Name T: Type (Pl: Physical, Vl: Virtual, Xr: Remote)

EP IP: Endpoint IP

S Class: S Class Age Intvl: Age Interval

S T: Static Ep S E: Secure EP

L D: Learn Disable B N D: Bind Notify Disable

E N D: Epg Notify Disable B E: Bounce Enable

I D L: IVxlan Dont Learn SPI: Source Policy Incomplete

DPI: Dest Policy Incomplete SPA: Source Policy Applied

DPA: Dest Policy Applied DSS: Dest Shared Service

IL: Is Local VUB: Vnid Use Bd

SO: SA Only EP NH L3IfName: EP Next Hop L3 If Name

NHT: Next Hop Type (L2: L2 Entry L3: L3 Next Hop) BD Name: L2 NH BD Name

EP Mac: EP Mac L3 IfName: L3 NH If Name

L2 IfName: L2 If Name FD Name: L2 Entry FD Name

IP: L3 NH IP

L3 EP Count: 629

===========================================================================================================================================================================================

B E I S D S D D V EP-NH N |

Vrf EP S Age S S L N N B D P P P P S I U S L3 H | BD EP L3 L2 FD

Name T IP Class Intvl T E D D D E L I I A A S L B O IfName T | Name Mac IfName Ifname Name IP

===========================================================================================================================================================================================

common*on-VRF Pl 0.0.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

XXXXXXXXX-VRF Pl 0.0.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

common*on-VRF Pl 10.0.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

XXXXXXXXX-VRF Pl 10.0.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

XXXXXXXXX-VRF Pl 10.0.99.44 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

common*on-VRF Pl 10.0.99.44 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

common*on-VRF Pl 10.0.99.48 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

XXXXXXXXX-VRF Pl 10.0.99.48 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

XXXXXXXXX-VRF Pl 10.1.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

common*on-VRF Pl 10.1.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

XXXXXXXXX-VRF Pl 10.2.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

common*on-VRF Pl 10.2.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

common*on-VRF Pl 10.3.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

XXXXXXXXX-VRF Pl 10.3.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

XXXXXXXXXVRF Pl 10.4.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

common*on-VRF Pl 10.4.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

common*on-VRF Pl 10.5.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

XXXXXXXXXVRF Pl 10.5.0.0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 - - - - - - - -

Hongjun Ma · ‎05-23-2018

thank you. I'm trying to track down the packet lookup path from one local EP to external route learned through L3route.

the local EP send packet to leaf GW MAC and my understanding is that LPM global table should be checked. But I can't find the LPM global table show commands at leaf or LC(gen-1).

gbrait85 · ‎05-24-2018

Did you try show platform internal ns forwarding gst-l3 ? That should show you the GST L3 entires.

However in your scenario, LST/GST are not checked. When the Leaf receives the packet it will do a lookup on the routing table. This endpoint are not part of the GST/LST, that is why external routes are redistributed via BGP inside of the fabric, so all Leafs know how to get to it.

Hongjun Ma · ‎05-24-2018

that's the part I'm trying to dig in.

If GST/LST is not used for external routes, then which command will show us the LPM table so we know how leaf nodes make decision to send the packet to the nearest VTEP next to the external router?

gbrait85 · ‎05-24-2018

If you check the routing table you would find that. Basically, you would have a BGP entry, with a next hop pointing to the Leaf where the L3out is physically connected.

If the L3out is using two Leafs (VPC to a FW for example), you would see two next hops. Keep in mind the next hop is the VTEP ip assigned to the Leaf.

See the example below

Leaf-103# show ip route vrf Prod:Prod-VRF |more

IP Route Table for VRF "Prod:Prod-VRF"

'*' denotes best ucast next-hop

'**' denotes best mcast next-hop

'[x/y]' denotes [preference/metric]

'%<string>' in via output denotes VRF <string>

0.0.0.0/0, ubest/mbest: 2/0

*via 100.64.40.92%overlay-1, [200/1], 02w18d, bgp-64512, internal, tag 64512

*via 100.64.40.95%overlay-1, [200/1], 02w18d, bgp-64512, internal, tag 64512

10.0.0.0/16, ubest/mbest: 1/0

*via 100.64.40.92%overlay-1, [200/768], 02w18d, bgp-64512, internal, tag 64512

10.1.2.4/30, ubest/mbest: 1/0

*via 100.64.40.92%overlay-1, [200/3072], 02w18d, bgp-64512, internal, tag 64512

Hongjun Ma · ‎05-24-2018

yes, I always see an IBGP route for external default route.

I guess my confusion is from this term "External LPM table" on ACI leaf, I thought this is a different table derived from routing table. I feel from your replies that "external LPM table = routing table"?