cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4922
Views
20
Helpful
10
Replies

How to see Anycast Proxy VTEP addresses on a Spine switch

RedNectar
VIP Alumni
VIP Alumni

This is driving me nuts.  Once upon a time, you could find the Spine Anycast Proxy VTEP addresses from Fabric > Inventory > Pod 1 > Spinennn > Protocols > IPv4 .... (As shown in figure 14 of this doc).

In fact, I seem to remember that you could also find these values under Fabric > Inventory > Pod 1 > Spinennn > Interfaces > Tunnel Interfaces - but I may be confusing that with Fabric > Inventory > Pod 1 > Leafnnn > Interfaces > Tunnel Interfaces where you can still see them today, just as you can with the show isis dteps vrf overlay-1 command on a leaf.

But being a stubborn sort of guy, I'd like to think that since the VTEP IP addresses actually reside on the SPINE then there should be a simple command to find the Proxy VTEP addresses on a Spine switch. In fact I'd be happy with an APIC command that showed the information.

In the meantime, I guess I can still use the other methods. But if someone can scratch my itch I'd be grateful.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
3 Accepted Solutions

Accepted Solutions

Jayesh Singh
Cisco Employee
Cisco Employee

Hi Chris,

 

The Spine Anycast Proxy VTEP addresses can still be seen from Fabric > Inventory > Pod 1 > Spinennn > Protocols > ISIS > IS-IS Domain - ISIS for VRF-overlay-1 > click on Discovered Tunnel Endpoints (shows details as mentioned in fig. 14 of design guide 2.3 version).

 

 

Regarding simple APIC CLI command to get that info, I have been searching for that one too... :P

 

Regards,

Jayesh

View solution in original post

a-spine1# show isis dteps vrf overlay-1

IS-IS Dynamic Tunnel End Point (DTEP) database:
DTEP-Address Role Encapsulation Type
10.0.72.64 LEAF N/A PHYSICAL
10.0.72.68 LEAF N/A PHYSICAL
10.0.116.64 LEAF N/A PHYSICAL
10.0.72.67 LEAF N/A PHYSICAL
10.0.64.64 SPINE N/A PHYSICAL
10.0.120.33 SPINE N/A PHYSICAL,PROXY-ACAST-MAC
10.0.120.34 SPINE N/A PHYSICAL,PROXY-ACAST-V4
10.0.120.32 SPINE N/A PHYSICAL,PROXY-ACAST-V6

a-spine1#

View solution in original post

Also not sure what version they fixed this in but you can find it in the GUI in 4.0(1h) as well:

 

Screen Shot 2018-11-30 at 7.20.42 PM.png

 

I also checked other labs closer to your version and it shows in 3.2(2o), 3.2(3i), and 3.2(4d). If it is just a problem on your version, open a TAC case and we can get a bug opened for you.

 

-Michael G.

View solution in original post

10 Replies 10

Jayesh Singh
Cisco Employee
Cisco Employee

Hi Chris,

 

The Spine Anycast Proxy VTEP addresses can still be seen from Fabric > Inventory > Pod 1 > Spinennn > Protocols > ISIS > IS-IS Domain - ISIS for VRF-overlay-1 > click on Discovered Tunnel Endpoints (shows details as mentioned in fig. 14 of design guide 2.3 version).

 

 

Regarding simple APIC CLI command to get that info, I have been searching for that one too... :P

 

Regards,

Jayesh

Yeah - I saw that one too, but in the Type field, it just says Physical Ep - I can't see which is the IPv4 Proxy, IPv6 Proxy or MAC Proxy.  But with a leaf of faith, I guess it does show the info.

Thanks

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

I checked on ACI version 2.3 and 3.2, I am able to see all three types of anycast and not just phy ep.

 

Unfortunately, can't share the screen shot here from my setup here due to restrictions.

 

Can you please verify at your end, it should show.

Curious. This is what I see on v3.2(3o). My lab has one APIC, two leaves and one Spine.

ISISDTE.jpg

Now it turns out those IPs are the IP addresses of Leaf101 (10.0.16.64), Leaf102 (10.0.16.66) and I have no idea where 10.0.144.67 fits in (perhaps a remnant from playing with AVE recently).

None of these reveal the AnyCast addresses.

Of course, if I go to a LEAF Fabric > Inventory > Pod 1 > Leafnnn > Protocols > ISIS > IS-IS Domain - ISIS for VRF-overlay-1 >  Discovered Tunnel Endpoints I can see the Proxy IPs, just as I can with the command show isis dteps vrf overlay-1 on a leaf.  But it irks me that I can't see this information on a SPINE :(

ISISDTE-leaf.png

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

micgarc2
Cisco Employee
Cisco Employee

If i remember correctly  Fabric > Inventory > Pod 1 > Spinennn > Interfaces > Tunnel Interfaces  showed you the ivxlan tunnels mapping back to the TEP address of apics, spines, and leafs.

 

show isis dteps vrf overlay-1 should work on the spines too if you want to see the proxy acast v4, mac and proxy acast v6.

 

Let me know if that is what you are looking for.

 

-Michael G

a-spine1# show isis dteps vrf overlay-1

IS-IS Dynamic Tunnel End Point (DTEP) database:
DTEP-Address Role Encapsulation Type
10.0.72.64 LEAF N/A PHYSICAL
10.0.72.68 LEAF N/A PHYSICAL
10.0.116.64 LEAF N/A PHYSICAL
10.0.72.67 LEAF N/A PHYSICAL
10.0.64.64 SPINE N/A PHYSICAL
10.0.120.33 SPINE N/A PHYSICAL,PROXY-ACAST-MAC
10.0.120.34 SPINE N/A PHYSICAL,PROXY-ACAST-V4
10.0.120.32 SPINE N/A PHYSICAL,PROXY-ACAST-V6

a-spine1#

Also not sure what version they fixed this in but you can find it in the GUI in 4.0(1h) as well:

 

Screen Shot 2018-11-30 at 7.20.42 PM.png

 

I also checked other labs closer to your version and it shows in 3.2(2o), 3.2(3i), and 3.2(4d). If it is just a problem on your version, open a TAC case and we can get a bug opened for you.

 

-Michael G.

Ah ha... your output is different to mine. But I think I know why.  I'm working on a lab kit with only one Spine. Since my lonely spine soesn't need any tunnels to other spines, it doesn't create any, so I don't see them.

 

However, there's still a part of me that thnks I should be able to see "teps" as well as "dteps" - and that's the problem.  The information you see in all these answers is REMOTE TEPs - none of them are "local" TEPs.

 

So since my case is non-standard, I'll accept that even though you can only see REMOTE TEPs, in normal circumstances (i.e. when you have 3 Spines) that is good enough.

 

FWIW, this is what I see:

 

apic1# fabric 201 show isis dteps vrf overlay-1
----------------------------------------------------------------
 Node 201 (Spine201)
----------------------------------------------------------------

IS-IS Dynamic Tunnel End Point (DTEP) database:
DTEP-Address       Role    Encapsulation   Type
10.0.16.64         LEAF    N/A             PHYSICAL
10.0.16.66         LEAF    N/A             PHYSICAL
10.0.192.67        LEAF    N/A             PHYSICAL


apic1#

Now, after a bit more playing I have found a command that will show me what I want, but it is messy, and I don't like it. Here it is:

 

show ip interface | egrep -A 1 anycast

Example:

 

 

Spine201# show ip interface | egrep -A 1 anycast
lo1, Interface status: protocol-up/link-up/admin-up, iod: 6, mode: anycast-mac
  IP address: 10.0.192.65, IP subnet: 10.0.192.65/32
--
lo3, Interface status: protocol-up/link-up/admin-up, iod: 8, mode: anycast-v4
  IP address: 10.0.192.66, IP subnet: 10.0.192.66/32
--
lo5, Interface status: protocol-up/link-up/admin-up, iod: 10, mode: anycast-v6
  IP address: 10.0.192.64, IP subnet: 10.0.192.64/32
--
lo7, Interface status: protocol-up/link-up/admin-up, iod: 12, mode: anycast-mac,external
  IP address: 10.0.0.33, IP subnet: 10.0.0.33/32
--
lo8, Interface status: protocol-up/link-up/admin-up, iod: 13, mode: anycast-v4,external
  IP address: 10.0.0.34, IP subnet: 10.0.0.34/32
--
lo9, Interface status: protocol-up/link-up/admin-up, iod: 14, mode: anycast-v6,external
  IP address: 10.0.0.35, IP subnet: 10.0.0.35/32
Spine201#

But that raises some interesting qestions too - like what are those 10.0.0.33 34 and 35 addresses?

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

External anycast ones are used for multipod, each POD get unique anycast addresses used as the next hop for forwarding.

Like I said in the question I asked "In fact, I seem to remember that you could also find these values under Fabric > Inventory > Pod 1 > Spinennn > Interfaces > Tunnel Interfaces" - we both have the same memories,
RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License