Need moquery to find all the svi and routed subnets configure on L3out

danial.tahir19911 · ‎02-28-2024

Hi Guys,

I am gathering some info from one ACI Fabric, my end goal is to get the moqueries with grep filters to list out all the ip's configure on the l3outs. Rather it the routed interface or svi. Need Help

Marcel Zehnder · ‎03-06-2024

Hi

moquery -c l3extRsPathL3OutAtt -x rsp-subtree=full | grep addr | grep -v TC | awk '{print $3}' | sort | uniq

HTH

RedNectar · ‎03-28-2024

Hi @danial.tahir19911 ,

It seems to me that @Marcel Zehnder 's answer is correct - although I'll offer a refinement below, but first:

If your question has been answered, it is a great idea to mark the question as being answered. This helps:

others with a similar problem find the correct answer
people who look for "unanswered" questions to answer finding this
prevent your question from becoming a "dead thread"

I found @Marcel Zehnder suggestion gave me more than I needed:

admin@apic1:~> moquery -c l3extRsPathL3OutAtt -x rsp-subtree=full | grep addr | grep -v TC | awk '{print $3}' | sort | uniq
10.101.1.201/24
10.102.1.201/24
10.103.1.201/24
10.10.4.2/25
10.1.11.1/24
10.1.11.2
10.2.1.1/24

The 10.1.11.2 address is the address of a BGP peer that gets included in the output of moquery -c l3extRsPathL3OutAtt -x rsp-subtree=full

# bgp.PeerP
addr : 10.1.11.2

On closer inspection, I'm not quite sure why the -x rsp-subtree=full was included. I could only find IPs configured on the l3Outs under l3ext.RsPathL3OutAtt.addr

So my solution was to just simplify the moquery command to.

admin@apic1:~> moquery -c l3extRsPathL3OutAtt | grep addr | sort | uniq | awk '{print $3}'
10.101.1.201/24
10.102.1.201/24
10.103.1.201/24
10.10.4.2/25
10.1.11.1/24
10.2.1.1/24

But I actually found it more useful (for my purposes) to also include the VLAN used on each IP, (and I didn't care about sort order anyway - and I don't have any duplicates) so I modified it to

admin@apic1:~> moquery -c l3extRsPathL3OutAtt | egrep "addr |encap " | awk '{print $3}'
10.10.4.2/25
vlan-204
10.1.11.1/24
vlan-414
10.2.1.1/24
vlan-416
10.101.1.201/24
vlan-1411
10.102.1.201/24
vlan-1421
10.103.1.201/24
vlan-1431

What about icurl?

I know you asked for an moquery command, but I'm beginning to find that icurl is a better option, especially when combined with the power of the JSON query app - jq. I think the following is more useful and elegant than the moquery solution,

admin@apic1:~> icurl -s -k https://localhost/api/node/class/l3extRsPathL3OutAtt.json | jq '.imdata[].l3extRsPathL3OutAtt.attributes |.addr, .encap'
"10.10.4.2/25"
"vlan-204"
"10.1.11.1/24"
"vlan-414"
"10.2.1.1/24"
"vlan-416"
"10.101.1.201/24"
"vlan-1411"
"10.102.1.201/24"
"vlan-1421"
"10.103.1.201/24"
"vlan-1431"

Using jq, you can get really fancy

admin@apic1:~> icurl -s -k https://localhost/api/node/class/l3extRsPathL3OutAtt.json | jq '.imdata[].l3extRsPathL3OutAtt.attributes | {IP_addr: .addr, VLAN: .encap}'
{
  "IP_addr": "10.10.4.2/25",
  "VLAN": "vlan-204"
}
{
  "IP_addr": "10.1.11.1/24",
  "VLAN": "vlan-414"
}
{
  "IP_addr": "10.2.1.1/24",
  "VLAN": "vlan-416"
}
{
  "IP_addr": "10.101.1.201/24",
  "VLAN": "vlan-1411"
}
{
  "IP_addr": "10.102.1.201/24",
  "VLAN": "vlan-1421"
}
{
  "IP_addr": "10.103.1.201/24",
  "VLAN": "vlan-1431"
}

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

RedNectar · ‎05-17-2024

Hi @danial.tahir19911 ,

Sometimes you THINK you have answered a question, but then realise that the person who asked it must not have been satisfied with the answer,

So I'll try harder this time, and hope you can manage to mark this answer as correct!

Now I'm not going to use grep as you requested, but use jq, because think it give a nicer output. So here is a moquery that will give you a beautiful list of "all the ip's configure on the l3outs. Rather it the routed interface or svi."

apic1# moquery -c l3extRsPathL3OutAtt -o json | 
jq '.imdata[].l3extRsPathL3OutAtt |
{Tenant: .attributes.dn|values|capture("uni/tn-(?<T>.*)/out-").T,
L3Out: .attributes.dn|values|capture("/out-(?<L>.*)/lnodep-").L,
IP: .attributes.addr|values,
VLAN: .attributes.encap|values|capture("vlan-(?<V>.*)").V,
Type: .attributes.ifInstT}'

Show result seen in my lab. Note that the infra tenant has a sub-interface, while the other interfaces are SVIs

{
  "Tenant": "mgmt", 
  "L3Out": "CoreFab_L3Out",
  "IP": "10.10.5.2/25",
  "VLAN": "205", 
  "Type": "ext-svi"
}
{
  "Tenant": "Tenant18", 
  "L3Out": "ProductionVRF_OSPF.L3Out",
  "IP": "10.218.1.201/24",
  "VLAN": "2581", 
  "Type": "ext-svi"
}
{
  "Tenant": "Tenant17", 
  "L3Out": "ProductionVRF_OSPF.L3Out",
  "IP": "10.217.1.201/24",
  "VLAN": "2571", 
  "Type": "ext-svi"
}
{
  "Tenant": "infra", 
  "L3Out": "intersite",
  "IP": "10.3.2.2/24",
  "VLAN": "4", 
  "Type": "sub-interface"
}

Here's hoping you are satisfied with this answer!

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

chrisdale · ‎02-18-2025

Hi RedNectar,

When trying the

moquery -c l3extRsPathL3OutAtt -o json |

This goes into pipe> then the next line is pipe quote>

I add the "script", (displayed in pink/purple) but this displays no results. I am obviously missing something here. Can you kindly advise? As Im trying to learn ACI in depth, which the above seems to be a brilliant tool to find good information.

Additionally, the Icurl syntax, this errors saying port 80 is not enabled. Is port 80 needed with the fabric to be tenant specific?

Thanks in advance

Karol Farago · ‎03-04-2025

icurl port 80 error can be solved with:

changing:

icurl http://localhost/api/node/class/l3extRsPathL3OutAtt.json | jq '.imdata[].l3extRsPathL3OutAtt.attributes |.addr, .encap'

to

icurl -s -k https://localhost/api/node/class/l3extRsPathL3OutAtt.json | jq '.imdata[].l3extRsPathL3OutAtt.attributes | {IP_addr: .addr, VLAN: .encap}'

RedNectar · ‎03-04-2025

Hi @chrisdale ,

Missed this last week, sorry.

The idea is that you copy everything from moquery to ifInstT}' and paste it into your terminal session. If you are trying to type it in then the behaviour you describe ("This goes into pipe> then the next line is pipe quote>") is perfectly fine - the command will end up looking like this:

apic1# moquery -c l3extRsPathL3OutAtt -o json |
pipe> jq '.imdata[].l3extRsPathL3OutAtt |
pipe quote> {Tenant: .attributes.dn|values|capture("uni/tn-(?<T>.*)/out-").T,
pipe quote> L3Out: .attributes.dn|values|capture("/out-(?<L>.*)/lnodep-").L,
pipe quote> IP: .attributes.addr|values,
pipe quote> VLAN: .attributes.encap|values|capture("vlan-(?<V>.*)").V,
pipe quote> Type: .attributes.ifInstT}'

followed by the output.

As for the port 80 problem, big thanks to @Karol Farago for showing you how to fix that (and making me aware of my sloppiness for not using the -s -k https:// format of the icurl command - which I will now edit into my original answer. On my system I'd enabled port 80, which is NOT going to be the case on most production systems)
FYI - the -k flag of the icurl command is the one that prevents the port 80 error and allows you to use https://rather than http:// the -s "silences" the output to remove the % Total... etc output

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.