Solved: So I do see that as a

Claudia de Luna · ‎05-26-2017

Hi,

In re-configuring an L3Out for a Tenant in ACI (L3Out constructs in the specific tenant) I had expected the health score to reflect the downed adjacency. I started by removing the configuration on the router end. Note that this was a fully functional L3Out for the fabric via a routed interface but we are moving to an SVI based L3Out. Currently the working configuration on the ACI side is still there but the interface on the router has been set to its default state so we no longer have a routing adjacency and the healthscore for the tenant is 100. Even the L3Out Network EPG is at 100. We are running 2.1(1h).

router interface Te1/0/1 <--> ACI Fabric Leaf 101

Two questions:

1. Why is a downed adjacency not reflected (or if it is - where is it reflected - other than specifcially checking the adjacency via cli or protocols in the GUI)?

2. Can anyone point me to material that specifically describes how the health score is derived and what is included?

Thanks

Jason Williams · ‎05-26-2017

Hi Claudia,

The health score is typically lowered due to fault codes and each fault code will carry different weights.

Failure to form routing protocol adjacency does not raise a fault. You may see a fault raise if the interface is down or in L3 out .

Here is a guide which covers health score impact: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/Operating_ACI/guide/b_Cisco_Operating_ACI/b_Cisco_Operating_ACI_chapter_01010.pdf

EDIT: If you're interested in tracking adjacency events in the GUI, then go to Fabric -> Inventory -> Leaf (border leaf) -> Protocols -> OSPF/BGP -> VRF. In the right pane, go to History -> Events

Jason

View solution in original post

Jason Williams · ‎05-26-2017

Hi Claudia,

The health score is typically lowered due to fault codes and each fault code will carry different weights.

Failure to form routing protocol adjacency does not raise a fault. You may see a fault raise if the interface is down or in L3 out .

Here is a guide which covers health score impact: http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/Operating_ACI/guide/b_Cisco_Operating_ACI/b_Cisco_Operating_ACI_chapter_01010.pdf

EDIT: If you're interested in tracking adjacency events in the GUI, then go to Fabric -> Inventory -> Leaf (border leaf) -> Protocols -> OSPF/BGP -> VRF. In the right pane, go to History -> Events

Jason

Claudia de Luna · ‎05-26-2017

Got it! ...I figured an interface down would impact the Health Score but this was a "soft" failure. Thanks for the response and the link!

Any plans to allow for "monitoring" at this level. I always tell my clients that the Health score in ACI reflects all the network components that are required for that object and the L3 out for a tenant is a pretty key piece of that "health".

Thanks again!

Claudia

Jason Williams · ‎05-26-2017

I do not know the roadmap for the monitoring, but I believe there will be complexity when adding L3 adj to fault codes. Below is one of multiple hypothetical examples of why I believe this might not already be included in fault codes.

One example: An network engineer configures an OSPF L3 out using broadcast mode. 1 border leaf has 1 link going to a switch with 2 external routers on the other end as the border leaf's neighbors. Say if the network engineer either changes the IP of the external routers or simply wants to remove the 1 of the 2 neighbors permanently. ACI raises a fault because the 2nd neighbor adj is missing and fault will never clear out.

IIRC, you should be able to do syslog on events in the fabric. Since ACI logs routing protocol adjacencies under events, then you should be able to report those adj changes.

Jason

Claudia de Luna · ‎05-26-2017

So I do see that as a "misconfiguration" and I agree there could be corner cases but in such a scenario if you turn ignore acknowledged faults on you could get "rid" of those in the healthscore or in a perfect world that type of "monitoring" could be an option. You are 100% correct on the syslog note. Thanks again!

Loss of routing adjacency and Health Score