Re: error 400 invalid configuration : subnets with matching

liu_zhimin · ‎03-30-2022

Dear ALL,

When I configure CISCO ACI, create a new bd, and when vrf is selected, I cannot continue to submit, and the following error is reported
error 400 invalid configuration : subnets with matching ips cannot have diffierent scopes:
172.28.177.254/24
May I ask the experts what is the reason? How to solve it?

Thanks!

Robert Burns · ‎03-30-2022

What are the scope options you've set on the Subnet (Advertise Externally/Shared between VRFs)?

Where are you creating the IP subnet, under the BD or under the EPG?

Robert

liu_zhimin · ‎03-30-2022

Hi Robert ,

1、Advertise Externally

2、Creating the IP subnet under the EPG

Robert Burns · ‎03-30-2022

You likely have defined the same subnet under a Bridge domain. You can't define a subnet under both a BD and EPG with different scopes (Advertise Externally or Shared).

Robert

liu_zhimin · ‎03-30-2022

@Robert Burns @But confirmed that the same subnet has not been created for the time bein

RedNectar · ‎03-30-2022

Hi @liu_zhimin ,

This is a new feature in v4.2 (approx) to help avoid having different scopes defined for the same subnet when you have the subnet defined both under the BD AND an EPG that links to that BD

Remember, you only need subnets defined under an EPG if it is sharing that subnet between VRFs, so

Find the EPG that is defined under an EPG moquery -c fvSubnet | egrep ^dn
validate that the subnet really needs to be defined under the subnet (i.e. the EPG is providing a contract to another VRF/Tenant)
- if not, you probably should remove it OR
IF the subnet is indeed required under the EPG (because it IS providing a contract to another VRF), then
- if no other EPGs are using this subnet,
  - remove the subnet from the BD OR
  - make sure the scope is set to Shared between VRFs in both places
- else [other EPGs are using this subnet]
  - make sure the scope is set to Shared between VRFs in both places
- endif

Of course, your design MAY have subnets defied under the EPG everywhere, and none under the BDs - that is you choice, but not one I would recommend because it is not as flexible as defining Subnets under the BDs

I hope this helps.

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

liu_zhimin · ‎03-30-2022

Hi @RedNectar

I am use the ACI Version is 4.2

RedNectar · ‎03-30-2022

OK my approximation guess of v5.2 was out by a version. I'll edit it

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

liu_zhimin · ‎03-31-2022

But confirmed that the same subnet has not been created for the time bein

RedNectar · ‎03-31-2022

Hi @liu_zhimin ,

Can you please post the output of this command issued at the APIC CLI?

moquery -c fvSubnet | egrep ^dn

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

carlosormon · ‎07-19-2022

Hey Guys!!

I Have the same Behavior

Under the BD Configuring the Subnet! Clearly we don't have any subnet overlapping, we don't duplicate the subnet's

Our version is Version: 4.2(7r)

And a key note here is, we recently upgraded to this version.

Seems like a bug??

Robert Burns · ‎07-19-2022

Can you provide output of the command above from the APIC CLI? (moquery -c fvSubnet | egrep ^dn)

Robert

RedNectar · ‎07-19-2022

Hi @carlosormon ,

Firstly, trying to resurrect an old post is never gong to catch as many people likely to answer your question as posting a new one (that has a link back to the old one). I don't normally look at the notifications that begin with "Re:..." unless it's a post I recognise.

And another problem with trying to resurrect an old post is that even if you get the answer, you won't be able to mark it as correct (which helps the NEXT person find the answer quickly)

And the fact that LAST time I tried to answer this, I said

Can you please post the output of this command issued at the APIC CLI?

moquery -c fvSubnet | egrep ^dn

But never got a reply. I suspect @liu_zhimin actually found the answer when he did that, but never bothered coming back to mark the answer correct (or give us the wisdom of HOW he fixed it)

And now @Robert Burns is asking for the same output.

We await with bated breath for the output of the moquery command

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Robert Burns · ‎07-19-2022

It's complaining about the subnet 10.108.16.1/32. That /32 subnet is likely defined under an EPG with one scope, but then you also must have a BD subnet that is defined (likely larger subnet like /24 inclusive of that /32 address) with a different scope option. You can't add new subnets until you fix the existing conflicting one.

Robert

carlosormon · ‎07-21-2022

Hi Robert,

You Were Right

Looking under That EPG, there was configured a subnet on this field!!

So, We deleted this config, and now we can Configure New Subnet's

The issue is solved!!

Thank you very much for your Help!

Regards,

From Colombia!!