Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1408
Views
20
Helpful
5
Replies

Overlapping/Duplicate Subnets on L3outs

Ibrahim010
Level 1
Level 1

‎11-28-2022 04:12 AM

Hi Guys,

So i wonder if you guys know of a moquery command that i can use to find all the duplicate subnets in the fabric. This also goes for Overlapping subnets. I am planning for our fabric upgrade and one of the requirements is checking all the subnets in our fabric. An important issue here is if there are duplicates or overlapping subnets then this might create problems during the failover of nodes. If there is a command i would appreciate the help, otherwise this must be done manually.

Thanks/Kind regards.

Ib0.

Labels:
0 Helpful
5 Replies 5

ecsnnsls
Level 1
Level 1

‎11-28-2022 07:12 AM - edited ‎11-28-2022 07:13 AM

Hi @Ibrahim010 

The following faults should tell you if you have overlapping subnets in your fabric,

BD Subnets (F1425 subnet-overlap)

BD Subnets (F0469 duplicate-subnets-within-ctx)

You can also use the pre-upgrade validator from https://github.com/datacenter/ACI-Pre-Upgrade-Validation-Script to perform the basic checks.

Ibrahim010
Level 1
Level 1

‎11-29-2022 03:42 AM

Hi Ecs,

Thanks mate, that does help abit. We do however have overlapping subnets, yet the error code is not triggered. To name an example: we have a few /24 and /28 subnets under the same EPGs. Seeing that there is no error mentioned we have to go by hand and view every epg to make sure we dont run in to this problem.

0 Helpful

ecsnnsls
Level 1
Level 1
In response to Ibrahim010

‎11-29-2022 04:55 AM - edited ‎11-29-2022 05:03 AM

Hi @Ibrahim010 ,

Oh sorry to hear that. Maybe you can try the following,

  • Download the IPs from EPGs, BDs and L3out by polling the corresponding rest API. For example: GET request on https://APICIP/api/class/fvSubnet.xml save the IP values into a text file. Similarly, collate the information from other MOs into this text file.
  • Once you have the IP Addresses, you can run the list against ipconflict module in python using the command
ipconflict -f /ips.txt

This is the dirty way of achieving what you want. If you want a more polished way, you can write a script importing the ipconflict module.

source: https://pypi.org/project/ipconflict/

Sergiu.Daniluk
VIP Alumni
VIP Alumni
In response to Ibrahim010

‎11-29-2022 05:01 AM - edited ‎11-29-2022 05:09 AM

I suppose, based on the title of this thread, you are referring to ExternalEPGs (L3Outs) right? I am asking because what is mentioned above by @ecsnnsls  refers to BDs.

Anyway, what you can do, is get all the existing extsubnets and do the manual check:

 

moquery -c l3extSubnet | grep -B 10 import-security | grep dn | sort

 

You can as well use python if you have tens or hundreds of subnets do the checks, but that is something you need to build.

EDIT: Just want thing I want to add. There is nothing wrong in configuring overlapping prefixes in different ExtEPG, as long as you know what you are doing and following some best practices guidelines. The problem is having the same prefix present in different ExtEPGs. There is Fault0467 which should appear if you have the same exact prefix in multiple ExtEPGs. I think you even get a pop-up in newer version and you cannot configure duplicate prefixes as `external subnets for external epg`.

Cheers,

Sergiu

Ibrahim010
Level 1
Level 1

‎12-05-2022 05:21 AM

Thanks guys!

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License