Re: Get all IP addresses associated with a device from Cisco ACI API

zo3 · ‎07-24-2024

Hiya

I'm interested in an API endpoint for Cisco ACI for getting all IP addresses associated with a leaf or spine node (i.e. if for example, Netflow was set up such as outlined in these instructions https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_Cisco_APIC_and_NetFlow.html)

When looking on the sandbox, I saw that if you go to physical interfaces there is a section where IP address shows up - but it seems like the IP address of whatever device it may be connected to on that interface instead of the exporter IP that gets sent with the flow when sent to a Netflow collector

Any pointers would be great!

Note: I've also referenced this document for setting up the flow record/monitor policy/exporter policy and the profiles. It doesn't seem to be on a per interface level

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKACI-2271.pdf

zo3 · ‎07-24-2024

Is the only way to get the exporter IP associated with the device via the source IP from the Netflow monitor policy and replacing the mask with the node ID for the device?

RedNectar · ‎07-24-2024

Hi @zo3 ,

Is this what you are looking for?

admin@apic1:~> moquery -c fvSubnet | grep "ip "

Click to expand

ip           : 10.200.0.1/24
ip           : 10.200.0.5/32
ip           : 10.10.3.1/24
ip           : 10.210.11.1/24
ip           : 10.210.12.1/24
ip           : 10.209.11.1/24
ip           : 10.204.11.1/24
ip           : 10.209.12.1/24
ip           : 10.202.11.1/24
ip           : 10.202.12.1/24
ip           : 10.204.12.1/24
ip           : 10.203.11.1/24
ip           : 10.203.12.1/24
ip           : 10.207.11.1/24
ip           : 10.207.12.1/24
ip           : 10.208.11.1/24
ip           : 10.208.12.1/24
ip           : 10.206.11.1/24
ip           : 10.206.12.1/24
ip           : 10.218.11.1/24
ip           : 10.218.12.1/24

Or perhaps

admin@apic1:~> icurl -s "http://localhost/api/node/class/fvSubnet.json" | 
jq '.imdata[].fvSubnet | 
{Tenant: .attributes.dn|values|capture("uni/tn-(?<T>.*)/BD-").T, 
BD: .attributes.dn|values|capture("/BD-(?<B>.*)/subnet-").B,
IP: .attributes.ip|values}'

Click to expand

{
  "Tenant": "common",
  "BD": "SharedServices_BD",
  "IP": "10.200.0.1/24"
}
{
  "Tenant": "mgmt",
  "BD": "inb",
  "IP": "10.10.3.1/24"
}
{
  "Tenant": "T10",
  "BD": "App_BD",
  "IP": "10.210.11.1/24"
}
{
  "Tenant": "T10",
  "BD": "Web_BD",
  "IP": "10.210.12.1/24"
}
{
  "Tenant": "T09",
  "BD": "App_BD",
  "IP": "10.209.11.1/24"
}
{
  "Tenant": "Tenant04",
  "BD": "App_BD",
  "IP": "10.204.11.1/24"
}
{
  "Tenant": "T09",
  "BD": "Web_BD",
  "IP": "10.209.12.1/24"
}
{
  "Tenant": "Tenant02",
  "BD": "App_BD",
  "IP": "10.202.11.1/24"
}
{
  "Tenant": "Tenant02",
  "BD": "Web_BD",
  "IP": "10.202.12.1/24"
}
{
  "Tenant": "Tenant04",
  "BD": "Web_BD",
  "IP": "10.204.12.1/24"
}
{
  "Tenant": "Tenant03",
  "BD": "App_BD",
  "IP": "10.203.11.1/24"
}
{
  "Tenant": "Tenant03",
  "BD": "Web_BD",
  "IP": "10.203.12.1/24"
}
{
  "Tenant": "Tenant07",
  "BD": "App_BD",
  "IP": "10.207.11.1/24"
}
{
  "Tenant": "Tenant07",
  "BD": "Web_BD",
  "IP": "10.207.12.1/24"
}
{
  "Tenant": "Tenant08",
  "BD": "App_BD",
  "IP": "10.208.11.1/24"
}
{
  "Tenant": "Tenant08",
  "BD": "Web_BD",
  "IP": "10.208.12.1/24"
}
{
  "Tenant": "Tenant06",
  "BD": "App_BD",
  "IP": "10.206.11.1/24"
}
{
  "Tenant": "Tenant06",
  "BD": "Web_BD",
  "IP": "10.206.12.1/24"
}
{
  "Tenant": "Tenant18",
  "BD": "App_BD",
  "IP": "10.218.11.1/24"
}
{
  "Tenant": "Tenant18",
  "BD": "Web_BD",
  "IP": "10.218.12.1/24"
}

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

zo3 · ‎07-25-2024

Hi @RedNectar thanks so much for the reply!

This is a useful endpoint/command, it seems like these are the IP addresses of associated tenants' for devices. This seems useful for a portion of it, but curious if you know if there's anyway to easily grab the IP addresses when Netflow is enabled as another aspect or any other endpoints to grab the information.

I know there's a class/object that shows the netflowExporterPol that shows the src IP address mask which can be replaced with the node ID but wondering if there's some way to get the src IP address mask with the nodes that have it enabled to get the possible exporter IP addresses to expect for the devices?

RedNectar · ‎07-25-2024

Hi @zo3 ,

thanks so much for the reply!

No problem

This is a useful endpoint/command,

Actually, the output has nothing to do with ENDPOINTs, other than listing the default gateway IPs for endpoints in those Tenant + BD's

it seems like these are the IP addresses of associated tenants' for devices.

Yes, the 2nd format of the command:

icurl -s "http://localhost/api/node/class/fvSubnet.json"

shows the API call "http://localhost/api/node/class/fvSubnet.json" that you could use to extract all the IPs that MIGHT be used as source addresses sending information from a leaf.

This seems useful for a portion of it, but curious if you know if there's anyway to easily grab the IP addresses when Netflow is enabled as another aspect or any other endpoints to grab the information.

I know there's a class/object that shows the netflowExporterPol that shows the src IP address mask which can be replaced with the node ID

Correct, the following...

apic1# moquery -c netflowExporterPol

...should show you the IP address/mask used as the source IP for netflow as well as the destination IP. But I don't have Netflow configured, so I have no sample output.

but wondering if there's some way to get the src IP address mask with the nodes that have it enabled to get the possible exporter IP addresses to expect for the devices?

Well, I guess it depends on how Netflow is configured. If it is configured via Tenant policies, then the source leaves are dynamic, so pretty hard to determine which leaf sends a particular netflow packet.

If Netflow is configured via Fabric > Access Policies, then you get four choices of source IP address. (As per your original reference)

Custom Src IP: When the source IP address type is Custom Src IP, the property is used similar to a tag to distinguish flows from different sections or nodes in the fabric. The address will be a prefix with at least 12 host bits. That is, the mask must be less than or equal to 20 for IPv4, or less than or equal to 116 for IPv6. The switch uses the configured prefix and host bits to populate the source IP address in the Netflow packet. The host portion will be equal to the node-id of the leaf sending the packet.
Inband Management IP: The source IP address in the NetFlow packets will be the configured switch inband management IP address.
OutOfband Management IP: The source IP address in the NetFlow packets will be the configured switch out-of-band management IP address.
PTEP address: The source IP address in the NetFlow packets will be the physical TEP (tunnel endpoint) address of the leaf switch.

I'm guessing from your earlier comments that you are using Custom Src IP where the source IP gets changed based on the ID of the leaf switch sending it.

And you'd like to know which leaves MIGHT send a netflow packet, and therefore what IP address us used as the source

Well, the answer to that is that ANY leaf COULD potentially send a packet - this is inherit to the dynamic nature of ACI. With some sleuthing, you would probably be able to figure out which one are currently sending Netflow, but that could change with the addition of an extra interface to an EPG for instance.

If you know the source IP configured and the IDs of the nodes, you'll be able to figure out what the possible range of IPs to be used is. Eg, if the source Netflow IP is 1.1.1.1 you have switch IDs 201-299, the IPs will range from 1.1.0.201 to 1.1.1.43 (calculated by replacing the last 12 bits of the IP with the node ID - 1.1.0.0 + 201 through to 1.1.0.0 + 299)

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.