Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1680
Views
110
Helpful
5
Replies

Is there an easy way to see the Proxy Anycast addresses from the APIC?

Go to solution
RedNectar
VIP Alumni
VIP Alumni

‎03-01-2022 12:39 PM

Hi folks,

OK. I know I can run the following command agains a leaf to find the Spine anycast proxy addresses,

apic1# fabric 2202 show isis dteps vrf overlay-1
----------------------------------------------------------------
 Node 2202 (Leaf2202)
----------------------------------------------------------------

IS-IS Dynamic Tunnel End Point (DTEP) database:
DTEP-Address       Role    Encapsulation   Type
10.2.16.65         SPINE   N/A             PHYSICAL
10.2.0.65          SPINE   N/A             PHYSICAL,PROXY-ACAST-V4
10.2.0.67          SPINE   N/A             PHYSICAL,PROXY-ACAST-MAC
10.2.0.66          SPINE   N/A             PHYSICAL,PROXY-ACAST-V6
10.2.16.64         LEAF    N/A             PHYSICAL
10.2.0.64          LEAF    N/A             PHYSICAL

And I know that I can visit the Fabric > Inventory >> Pod 1 > Leafxxxx > Interfaces > Tunnel Interfaces to see which tunnel interfaces have the Proxy as a target, THEN double click on each one to find the IP address...

image.png

BUT

both these methods are clumsy.

Ideally I'd like to query a spine rather than a leaf - it seems a bit silly to be asking a leaf about an address on a spine.  I would have thought that there would be a way of extracting this information from a spine. Asking a leaf is a bit like asking my wife for my phone number. You'll get the right answer, but it's one step removed from the source.

Anyhow - happy to hear any suggestions. Even other CLI commands that I could use - hopefully simpler and more elegant than

moquery -c tunnelIf | egrep "^type|^dest"

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
Labels:
2 Accepted Solutions

Accepted Solutions

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎03-02-2022 05:04 AM

Chris,

You'll be hard pressed to easily gathering these addresses from the UI.  Your best shot is the CLI/API.  

What about:

fabric [node] show ip interface vrf overlay-1 | egrep -A 1 "anycast"

See if that gets you any closer to your goal.

Robert

View solution in original post

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎03-02-2022 06:34 AM - edited ‎03-02-2022 06:36 AM

Hi Chris,

 

You can also play with moquery options to find the anycast IP:

apic3# moquery -c ipv4If -f 'ipv4.If.mode=="anycast-mac"' -x 'rsp-subtree=children' | egrep "addr" | grep dn
  dn               : topology/pod-1/node-101/sys/ipv4/inst/dom-overlay-1/if-[lo11]/addr-[10.0.168.64/32]

apic3# moquery -c ipv4If -f 'ipv4.If.mode=="anycast-v4"' -x 'rsp-subtree=children' | egrep "addr" | grep dn 
  dn               : topology/pod-1/node-101/sys/ipv4/inst/dom-overlay-1/if-[lo13]/addr-[10.0.168.66/32]

Not the most elegant command (compared with the `show ip interface`), but it works.

 

Stay safe,

Sergiu

View solution in original post

5 Replies 5

Go to solution
Robert Burns
Cisco Employee
Cisco Employee

‎03-02-2022 05:04 AM

Chris,

You'll be hard pressed to easily gathering these addresses from the UI.  Your best shot is the CLI/API.  

What about:

fabric [node] show ip interface vrf overlay-1 | egrep -A 1 "anycast"

See if that gets you any closer to your goal.

Robert

Go to solution
Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎03-02-2022 06:34 AM - edited ‎03-02-2022 06:36 AM

Hi Chris,

 

You can also play with moquery options to find the anycast IP:

apic3# moquery -c ipv4If -f 'ipv4.If.mode=="anycast-mac"' -x 'rsp-subtree=children' | egrep "addr" | grep dn
  dn               : topology/pod-1/node-101/sys/ipv4/inst/dom-overlay-1/if-[lo11]/addr-[10.0.168.64/32]

apic3# moquery -c ipv4If -f 'ipv4.If.mode=="anycast-v4"' -x 'rsp-subtree=children' | egrep "addr" | grep dn 
  dn               : topology/pod-1/node-101/sys/ipv4/inst/dom-overlay-1/if-[lo13]/addr-[10.0.168.66/32]

Not the most elegant command (compared with the `show ip interface`), but it works.

 

Stay safe,

Sergiu

Go to solution
RedNectar
VIP Alumni
VIP Alumni

‎03-02-2022 08:35 PM - edited ‎03-02-2022 08:35 PM

Hey - thanks so much to @Robert Burns and @Sergiu.Daniluk for your fantastic contributions!  I'm sure I've wasted half your day, and I'm pretty confident that after having such gurus as you two digging around the answer to 

Is there an easy way to see the Proxy Anycast addresses from the APIC?

is... It depends. If your internal geek-meter pitches either of the above suggestions at the "easy" level, then yes.

Unfortunately, even though I think I have a pretty extreme internal geek-meter, I reckon for something to be "easy", it needs to be

  1. displays what you require without too much additional information
  2. a command that doesn't require piping though grep, or
  3. can be found in the GUI

I doubt I'll get a better answer, so I'll have to concede that this is as good as I'm going to get. Might be a good starting point for a bit of a python programming challenge.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Go to solution
Robert Burns
Cisco Employee
Cisco Employee
In response to RedNectar

‎03-03-2022 04:56 AM

Out of curiosity, what's the use case for needing/using these IPs?  As these IPs wont really change once allocated, you would collect them once, and document/archive it.  Where I agree it could be easier, it's also information most customers will rarely use.  It's a balance of information overload vs. showing what's necessary/commonly used. 

Robert

Go to solution
RedNectar
VIP Alumni
VIP Alumni
In response to Robert Burns

‎03-03-2022 01:19 PM

Hi @Robert Burns ,

Well, I guess I'm a bit of an unusual user because I'm an instructor.

The time I wish that there was a more straightforward way is when I'm explaining the routing table.

apic1# fabric 2201 show ip route vrf Tenant01:Production_VRF
----------------------------------------------------------------
 Node 2201 (Leaf2201)
----------------------------------------------------------------
<snip>

10.200.0.5/32, ubest/mbest: 1/0, attached, direct, pervasive
    *via 10.2.0.65%overlay-1, [1/0], 2d13h, static, rwVnid: vxlan-2523136
10.201.11.0/24, ubest/mbest: 1/0, attached, direct, pervasive
    *via 10.2.0.65%overlay-1, [1/0], 2d14h, static, tag 4294967294
10.201.11.1/32, ubest/mbest: 1/0, attached, pervasive
    *via 10.201.11.1, vlan20, [0/0], 2d14h, local, local
10.201.12.0/24, ubest/mbest: 1/0, attached, direct, pervasive
    *via 10.2.0.65%overlay-1, [1/0], 2d14h, static, tag 4294967294

I use this table as a jumping point to explain that the "send to poxy" action is really just a routing decision. But to follow it up, I'd like a simple way of saying

See - the next hop of 10.2.0.65 is the IPv4 Anycast Proxy address as you can see here....

but following that statement with 

fabric 2201 show isis dteps vrf overlay-1

even if it gives the answer, just raises a whole lot of unwanted unrelated questions, 

"What's isis got to do with it?"

"What's a dtep?"

And inevitably

"Where can I see the Anycast addresses in the GUI?"

"Isn't there an easier way to see this?"

So my motivation is indeed entirely selfish.  But also I like to be able to paint Cisco in a positive light and give an answer to such questions, so I thought I'd ask here.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License