Solved: For Leaf LST, LET, RET, GST

TangoAlfa · ‎03-05-2023

Can any one please break my silly doubt?

Question-1: For Leaf switch Local Endpoint Table(LET) and Local Station Table(LST) is same or different?

Question-2: Does Leaf switch contain Global Station Table(GST)?

Question-3: If question 2 answer is Yes then For Leaf Switch Remote Endpoint Table(RET) and Global Station Table(GST) is Same or different?

Option 1: Now if Question 1 answer is "different" , Question 2 answer is Yes and Question 3: answer is "different", then each leaf switch contain Below 4 table

1.) LET 2.) LST 3.) GST 4.) RET

Option 2: Now if Question 1 answer is "Same" , Question 2 answer is NO and Question 3: answer is same, then each leaf switch contain Below 2 table

1.) LET/LST 2.) RET/GST

And if Local Station Table (LST) and Local Endpoint Table(LET) different the which table goes to spine and COOP DB update LST or LET. if not then each leaf sent LET/LST to Spine for COOP DB/GST/Proxy DB update.

Now Option-1 is correct or Option-2 is correct.

RedNectar · ‎03-05-2023

Hi @TangoAlfa ,

I'm not sure why the developers/educators used so many different terms for the same thing, although conceptually I suppose Local Station Table and Global Station Table may help understand the difference between locally attached stations and remote stations. And I must admit to being guily of using those terms, because that is how it was taught to me way back.

So today I'm going to tell you the TRUE story.

There is NO SUCH THING as a Local Station Table (LST) or Global Station Table (GST) in ACI.

Instead, each Leaf Switch has an endpoint table, (I guess you could call this a Local Endpoint Table - but I've never heard that term before) where endpoints can generally be identified as either local or vpc-attached or (confusingly) if not marked as either of those - it is remote. (I don't know why CIsco couldn't have added an extra letter in the legend to indicate remote - but the tunnel interface gives it away)

Here's my lab

And here's the endpoint table for each of the three leaves - I've added green comments to help identify the tunnels, which show remote endpoints. Note that since Leaf1201 and 1202 are in a VPC, ALL endpoints on either leaf are seen as local, irrespective of whether they are part of the VPC or not!

apic1# fabric 1201-1203 show endpoint vrf Tenant17:Production_VRF
----------------------------------------------------------------
 Node 1201 (Leaf1201)
----------------------------------------------------------------
Legend:
 S - static           s - arp              L - local            O - peer-attached
 V - vpc-attached     a - local-aged       p - peer-aged        M - span
 B - bounce           H - vtep             R - peer-attached-rl D - bounce-to-proxy
 E - shared-service   m - svc-mgr
+-----------------------------------+---------------+-----------------+--------------+-------------+
      VLAN/                           Encap           MAC Address       MAC Info/       Interface
      Domain                          VLAN            IP Address        IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
Tenant17:Production_VRF                                  10.117.11.25                       tunnel4 <-Leaf1203
27                                        vlan-1174    0050.569b.39b5 LpV                       po6
Tenant17:Production_VRF                   vlan-1174     10.117.12.200 LV                        po6
21/Tenant17:Production_VRF           vxlan-16613251    0050.56b8.041b p                     tunnel4 <-Leaf1203
23                                        vlan-1171    a036.9f61.8ee8 L                     eth1/27
Tenant17:Production_VRF                   vlan-1171      10.117.11.10 L                     eth1/27
28                                        vlan-1173    0050.569b.9c05 LV                        po6
Tenant17:Production_VRF                   vlan-1173     10.117.11.200 LV                        po6
26                                        vlan-1377    0050.56ac.ec21 L                 eth191/1/27
Tenant17:Production_VRF                   vlan-1377      10.117.11.11 L                 eth191/1/27
29                                        vlan-1371    0050.56ac.81a5 L                 eth191/1/27
Tenant17:Production_VRF                   vlan-1371      10.117.11.21 L                 eth191/1/27


----------------------------------------------------------------
 Node 1202 (Leaf1202)
----------------------------------------------------------------

+-----------------------------------+---------------+-----------------+--------------+-------------+
      VLAN/                           Encap           MAC Address       MAC Info/       Interface
      Domain                          VLAN            IP Address        IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
Tenant17:Production_VRF                                  10.117.11.25                       tunnel4 <-Leaf1203
4                                         vlan-1172    a036.9f61.8eeb L                 eth192/1/27
Tenant17:Production_VRF                   vlan-1172      10.117.12.10 L                 eth192/1/27
22                                        vlan-1174    0050.569b.39b5 LaV                       po6
Tenant17:Production_VRF                   vlan-1174     10.117.12.200 LV                        po6
6/Tenant17:Production_VRF            vxlan-16613251    0050.56b8.041b a                     tunnel4 <-Leaf1203
23                                        vlan-1173    0050.569b.9c05 LV                        po6
Tenant17:Production_VRF                   vlan-1173     10.117.11.200 LV                        po6

----------------------------------------------------------------
 Node 1203 (Leaf1203)
----------------------------------------------------------------

+-----------------------------------+---------------+-----------------+--------------+-------------+
      VLAN/                           Encap           MAC Address       MAC Info/       Interface
      Domain                          VLAN            IP Address        IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
Tenant17:Production_VRF                                  10.117.11.21                       tunnel3 <-Leaf1201
Tenant17:Production_VRF                                  10.117.11.10                       tunnel3 <-Leaf1201
Tenant17:Production_VRF                                  10.117.12.10                       tunnel1 <-Leaf1202
Tenant17:Production_VRF                                 10.117.12.200                       tunnel8 <-VPC Anycast
8/Tenant17:Production_VRF            vxlan-16613251    0050.56ac.81a5                       tunnel3 <-Leaf1201
8/Tenant17:Production_VRF            vxlan-16613251    a036.9f61.8ee8                       tunnel3 <-Leaf1201
13                                        vlan-1175    0050.56b8.041b L                     eth1/18
Tenant17:Production_VRF                   vlan-1175      10.117.11.25 L

So to answer your questions

Question-1: For Leaf switch Local Endpoint Table(LET) and Local Station Table(LST) is same or different?

Assuming you mean LET is the table seen when you issue the show endpoint command on a switch, the answer is "They are different". The concept of the LST is a sub-set of the "Local Endpoint Table" consisting of the stations that are L2 attached to the leaf.

Question-2: Does Leaf switch contain Global Station Table(GST)?

The concept of the GST is a sub-set of the "Local Endpoint Table" consisting of the stations that are attached to the other leaves that that have been learned via a tunnel interface to some other leaf.

Question-3: If question 2 answer is Yes then For Leaf Switch Remote Endpoint Table(RET) and Global Station Table(GST) is Same or different?

Again - I've never heard the term Remote Endpoint Table - but if you mean a table of all known endpoints that are on other leaves, then that is exactly the same concept as GST - so I'll say "Same" to this

Option 1: Now if Question 1 answer is "different" , Question 2 answer is Yes and Question 3: answer is "different", then each leaf switch contain Below 4 table
1.) LET 2.) LST 3.) GST 4.) RET

It's not option 1

Option 2: Now if Question 1 answer is "Same" , Question 2 answer is NO and Question 3: answer is same, then each leaf switch contain Below 2 table
1.) LET/LST 2.) RET/GST

And if Local Station Table (LST) and Local Endpoint Table(LET) different the which table goes to spine and COOP DB update LST or LET. if not then each leaf sent LET/LST to Spine for COOP DB/GST/Proxy DB update.

Now Option-1 is correct or Option-2 is correct.

It's not option 2 either. It's option 3

Option 3: Question 1 answer is "Different" , Question 2 answer is YES and Question 3: answer is same

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

RedNectar · ‎03-06-2023

Hi @TangoAlfa ,

I rushed my first answer. At that point in time my Tenant17 had more configuration than in the diagram - specifically, it had a L3Out to an external router that connects via interface Eth1/10. I removed that config to simplify things when I updated my answer, so it's not there in my updated post.

But to answer your question, when a L3Out is configured with an SVI, the leaf needs to create a VLAN to "hold" the SVI interface, so not only does it show a VXLAN allocated, it show an internal VLAN (24 in the now-deleted-example) and that is what you saw in that output!

I'm hoping to write a more detailed explanation of what all those things mean in the show ... output in a post on my blog sometime soon.

[Edit: For those reading this after the event, the ORIGINAL show endpoint output I posted is below, with the part referred to highlighted in purple]

apic1# fabric 1201-1203 show endpoint
----------------------------------------------------------------
 Node 1201 (Leaf1201)
----------------------------------------------------------------
Legend:
 S - static           s - arp              L - local            O - peer-attached
 V - vpc-attached     a - local-aged       p - peer-aged        M - span
 B - bounce           H - vtep             R - peer-attached-rl D - bounce-to-proxy
 E - shared-service   m - svc-mgr
+-----------------------------------+---------------+-----------------+--------------+-------------+
      VLAN/                           Encap           MAC Address       MAC Info/       Interface
      Domain                          VLAN            IP Address        IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
common:SharedServices_VRF                 vlan-1001        10.100.0.5 L                      eth1/9
Tenant17:Production_VRF                                  10.117.0.201 L                         lo4
11                                        vlan-1174    0050.569b.39b5 LV                        po6
Tenant17:Production_VRF                   vlan-1174     10.117.12.200 LV                        po6
23                                        vlan-1171    a036.9f61.8ee8 L                     eth1/27
Tenant17:Production_VRF                   vlan-1171      10.117.11.10 L                     eth1/27
22                                        vlan-1173    0050.569b.9c05 LV                        po6
Tenant17:Production_VRF                   vlan-1173     10.117.11.200 LV                        po6
24/Tenant17:Production_VRF           vxlan-14778357    380e.4d48.8df5 L                     eth1/10

----------------------------------------------------------------
 Node 1202 (Leaf1202)
----------------------------------------------------------------
Legend:
 S - static           s - arp              L - local            O - peer-attached
 V - vpc-attached     a - local-aged       p - peer-aged        M - span
 B - bounce           H - vtep             R - peer-attached-rl D - bounce-to-proxy
 E - shared-service   m - svc-mgr
+-----------------------------------+---------------+-----------------+--------------+-------------+
      VLAN/                           Encap           MAC Address       MAC Info/       Interface
      Domain                          VLAN            IP Address        IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
Tenant17:Production_VRF                   vlan-1174     10.117.12.200 LV                        po6
4                                         vlan-1172    a036.9f61.8eeb L                 eth192/1/27
Tenant17:Production_VRF                   vlan-1172      10.117.12.10 L                 eth192/1/27
9                                         vlan-1173    0050.569b.9c05 LV                        po6
Tenant17:Production_VRF                   vlan-1173     10.117.11.200 LV                        po6
overlay-1                                                 10.1.184.64 L                         lo0

,

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

RedNectar · ‎03-05-2023

Hi @TangoAlfa ,

I'm not sure why the developers/educators used so many different terms for the same thing, although conceptually I suppose Local Station Table and Global Station Table may help understand the difference between locally attached stations and remote stations. And I must admit to being guily of using those terms, because that is how it was taught to me way back.

So today I'm going to tell you the TRUE story.

There is NO SUCH THING as a Local Station Table (LST) or Global Station Table (GST) in ACI.

Instead, each Leaf Switch has an endpoint table, (I guess you could call this a Local Endpoint Table - but I've never heard that term before) where endpoints can generally be identified as either local or vpc-attached or (confusingly) if not marked as either of those - it is remote. (I don't know why CIsco couldn't have added an extra letter in the legend to indicate remote - but the tunnel interface gives it away)

Here's my lab

And here's the endpoint table for each of the three leaves - I've added green comments to help identify the tunnels, which show remote endpoints. Note that since Leaf1201 and 1202 are in a VPC, ALL endpoints on either leaf are seen as local, irrespective of whether they are part of the VPC or not!

apic1# fabric 1201-1203 show endpoint vrf Tenant17:Production_VRF
----------------------------------------------------------------
 Node 1201 (Leaf1201)
----------------------------------------------------------------
Legend:
 S - static           s - arp              L - local            O - peer-attached
 V - vpc-attached     a - local-aged       p - peer-aged        M - span
 B - bounce           H - vtep             R - peer-attached-rl D - bounce-to-proxy
 E - shared-service   m - svc-mgr
+-----------------------------------+---------------+-----------------+--------------+-------------+
      VLAN/                           Encap           MAC Address       MAC Info/       Interface
      Domain                          VLAN            IP Address        IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
Tenant17:Production_VRF                                  10.117.11.25                       tunnel4 <-Leaf1203
27                                        vlan-1174    0050.569b.39b5 LpV                       po6
Tenant17:Production_VRF                   vlan-1174     10.117.12.200 LV                        po6
21/Tenant17:Production_VRF           vxlan-16613251    0050.56b8.041b p                     tunnel4 <-Leaf1203
23                                        vlan-1171    a036.9f61.8ee8 L                     eth1/27
Tenant17:Production_VRF                   vlan-1171      10.117.11.10 L                     eth1/27
28                                        vlan-1173    0050.569b.9c05 LV                        po6
Tenant17:Production_VRF                   vlan-1173     10.117.11.200 LV                        po6
26                                        vlan-1377    0050.56ac.ec21 L                 eth191/1/27
Tenant17:Production_VRF                   vlan-1377      10.117.11.11 L                 eth191/1/27
29                                        vlan-1371    0050.56ac.81a5 L                 eth191/1/27
Tenant17:Production_VRF                   vlan-1371      10.117.11.21 L                 eth191/1/27


----------------------------------------------------------------
 Node 1202 (Leaf1202)
----------------------------------------------------------------

+-----------------------------------+---------------+-----------------+--------------+-------------+
      VLAN/                           Encap           MAC Address       MAC Info/       Interface
      Domain                          VLAN            IP Address        IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
Tenant17:Production_VRF                                  10.117.11.25                       tunnel4 <-Leaf1203
4                                         vlan-1172    a036.9f61.8eeb L                 eth192/1/27
Tenant17:Production_VRF                   vlan-1172      10.117.12.10 L                 eth192/1/27
22                                        vlan-1174    0050.569b.39b5 LaV                       po6
Tenant17:Production_VRF                   vlan-1174     10.117.12.200 LV                        po6
6/Tenant17:Production_VRF            vxlan-16613251    0050.56b8.041b a                     tunnel4 <-Leaf1203
23                                        vlan-1173    0050.569b.9c05 LV                        po6
Tenant17:Production_VRF                   vlan-1173     10.117.11.200 LV                        po6

----------------------------------------------------------------
 Node 1203 (Leaf1203)
----------------------------------------------------------------

+-----------------------------------+---------------+-----------------+--------------+-------------+
      VLAN/                           Encap           MAC Address       MAC Info/       Interface
      Domain                          VLAN            IP Address        IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
Tenant17:Production_VRF                                  10.117.11.21                       tunnel3 <-Leaf1201
Tenant17:Production_VRF                                  10.117.11.10                       tunnel3 <-Leaf1201
Tenant17:Production_VRF                                  10.117.12.10                       tunnel1 <-Leaf1202
Tenant17:Production_VRF                                 10.117.12.200                       tunnel8 <-VPC Anycast
8/Tenant17:Production_VRF            vxlan-16613251    0050.56ac.81a5                       tunnel3 <-Leaf1201
8/Tenant17:Production_VRF            vxlan-16613251    a036.9f61.8ee8                       tunnel3 <-Leaf1201
13                                        vlan-1175    0050.56b8.041b L                     eth1/18
Tenant17:Production_VRF                   vlan-1175      10.117.11.25 L

So to answer your questions

Question-1: For Leaf switch Local Endpoint Table(LET) and Local Station Table(LST) is same or different?

Assuming you mean LET is the table seen when you issue the show endpoint command on a switch, the answer is "They are different". The concept of the LST is a sub-set of the "Local Endpoint Table" consisting of the stations that are L2 attached to the leaf.

Question-2: Does Leaf switch contain Global Station Table(GST)?

The concept of the GST is a sub-set of the "Local Endpoint Table" consisting of the stations that are attached to the other leaves that that have been learned via a tunnel interface to some other leaf.

Question-3: If question 2 answer is Yes then For Leaf Switch Remote Endpoint Table(RET) and Global Station Table(GST) is Same or different?

Again - I've never heard the term Remote Endpoint Table - but if you mean a table of all known endpoints that are on other leaves, then that is exactly the same concept as GST - so I'll say "Same" to this

Option 1: Now if Question 1 answer is "different" , Question 2 answer is Yes and Question 3: answer is "different", then each leaf switch contain Below 4 table
1.) LET 2.) LST 3.) GST 4.) RET

It's not option 1

Option 2: Now if Question 1 answer is "Same" , Question 2 answer is NO and Question 3: answer is same, then each leaf switch contain Below 2 table
1.) LET/LST 2.) RET/GST

And if Local Station Table (LST) and Local Endpoint Table(LET) different the which table goes to spine and COOP DB update LST or LET. if not then each leaf sent LET/LST to Spine for COOP DB/GST/Proxy DB update.

Now Option-1 is correct or Option-2 is correct.

It's not option 2 either. It's option 3

Option 3: Question 1 answer is "Different" , Question 2 answer is YES and Question 3: answer is same

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

TangoAlfa · ‎03-05-2023

Hi Chris,

You really break my doubt and I appreciate your brief explanation each time. and yes your comment "I'm not sure why the developers/educators used so many different terms for the same thing" is right because in multiple document during research found multiple terminology for the same stuff.

But I have one quick question on your command "fabric 1201-1203 show endpoint"output in last row " vxlan-14778357 380e.4d48.8df5 L eth1/10" its locally learned in the interface eth1/10 and showing Local then why its showing VXLAN encap ? is it any virtual device like AVS but in that case also it will show tunnel. if possible please let me know.

Thanks

RedNectar · ‎03-06-2023

Hi @TangoAlfa ,

I rushed my first answer. At that point in time my Tenant17 had more configuration than in the diagram - specifically, it had a L3Out to an external router that connects via interface Eth1/10. I removed that config to simplify things when I updated my answer, so it's not there in my updated post.

But to answer your question, when a L3Out is configured with an SVI, the leaf needs to create a VLAN to "hold" the SVI interface, so not only does it show a VXLAN allocated, it show an internal VLAN (24 in the now-deleted-example) and that is what you saw in that output!

I'm hoping to write a more detailed explanation of what all those things mean in the show ... output in a post on my blog sometime soon.

[Edit: For those reading this after the event, the ORIGINAL show endpoint output I posted is below, with the part referred to highlighted in purple]

apic1# fabric 1201-1203 show endpoint
----------------------------------------------------------------
 Node 1201 (Leaf1201)
----------------------------------------------------------------
Legend:
 S - static           s - arp              L - local            O - peer-attached
 V - vpc-attached     a - local-aged       p - peer-aged        M - span
 B - bounce           H - vtep             R - peer-attached-rl D - bounce-to-proxy
 E - shared-service   m - svc-mgr
+-----------------------------------+---------------+-----------------+--------------+-------------+
      VLAN/                           Encap           MAC Address       MAC Info/       Interface
      Domain                          VLAN            IP Address        IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
common:SharedServices_VRF                 vlan-1001        10.100.0.5 L                      eth1/9
Tenant17:Production_VRF                                  10.117.0.201 L                         lo4
11                                        vlan-1174    0050.569b.39b5 LV                        po6
Tenant17:Production_VRF                   vlan-1174     10.117.12.200 LV                        po6
23                                        vlan-1171    a036.9f61.8ee8 L                     eth1/27
Tenant17:Production_VRF                   vlan-1171      10.117.11.10 L                     eth1/27
22                                        vlan-1173    0050.569b.9c05 LV                        po6
Tenant17:Production_VRF                   vlan-1173     10.117.11.200 LV                        po6
24/Tenant17:Production_VRF           vxlan-14778357    380e.4d48.8df5 L                     eth1/10

----------------------------------------------------------------
 Node 1202 (Leaf1202)
----------------------------------------------------------------
Legend:
 S - static           s - arp              L - local            O - peer-attached
 V - vpc-attached     a - local-aged       p - peer-aged        M - span
 B - bounce           H - vtep             R - peer-attached-rl D - bounce-to-proxy
 E - shared-service   m - svc-mgr
+-----------------------------------+---------------+-----------------+--------------+-------------+
      VLAN/                           Encap           MAC Address       MAC Info/       Interface
      Domain                          VLAN            IP Address        IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
Tenant17:Production_VRF                   vlan-1174     10.117.12.200 LV                        po6
4                                         vlan-1172    a036.9f61.8eeb L                 eth192/1/27
Tenant17:Production_VRF                   vlan-1172      10.117.12.10 L                 eth192/1/27
9                                         vlan-1173    0050.569b.9c05 LV                        po6
Tenant17:Production_VRF                   vlan-1173     10.117.11.200 LV                        po6
overlay-1                                                 10.1.184.64 L                         lo0

,

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

TangoAlfa · ‎03-05-2023

Perfect