cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
509
Views
1
Helpful
4
Replies

Ping new endpoint works for 5-6 packets and then stops

suneq
Level 1
Level 1

Hi,

I have a new endpoint in the Fabric, its IP and MAC addresses are learned correctly on the LEAF.

However, from the endpoint we cannot ping anything, even the default gateway on the Fabric.

Each time I clear the endpoint IP (clear system internal epm.. ) on the LEAF, from the endpoint we can ping for 5 or 6 packets and after that it does not work anymore.

Have you seen this issue before? Any advice will be highly appreciated, thanks. 

1 Accepted Solution

Accepted Solutions

suneq
Level 1
Level 1

Well, I finally fixed the issue.

The server is connected to a single Leaf with 2 ports in Port-channel. In the access policies, I configured a port range 1/1-2 for the Port Selectors. I removed that block (1/1-2) and configured 1/1 and 1/2 seperately in the Port Selector and the problem is solved. The server is now pingable.

I've never known that we cannot use port-range when configure a Port-Channel, should read the configuration guide again.

Thanks @Robert Burns for your help.

View solution in original post

4 Replies 4

Robert Burns
Cisco Employee
Cisco Employee

Have you checked the fabric for a duplicate of your IP? 

Robert

Robert Burns
Cisco Employee
Cisco Employee

Before & After this problem might also want to see what the fabric has for an EP entry for that IP.
1. Before you clear any endpoint entries, from the APIC issue (insert your leaf node IDs and the endpoints IP below):

fabric xxx-xxx show system internal epm endpo ip x.x.x.x

 2. Clear the endpoint IP on your target leaf, test ping and while it's working recheck the command above.

3. When it stops working, check it once more & compare outputs from the leafs

This should give you some clues as to what's happening.  I suspect its Dupe IP / Rogue Endpoint kicking in.

Robert

Hi Robert,

Thanks for your advice. 

Rogue EP control is currently deactivated in the Fabric.

Regarding the duplicate IP, I checked Fabric > Inventory > Duplicate IP Usage but did not find the IP

I followed your guide but as the ping works for a few seconds only after that I clear the endpoint IP, I am not sure if the output of 

fabric xxx-xxx show system internal epm endpo ip x.x.x.x

is correct because the command took a long time and I have to press Enter at least twice during the execution of the command (I hope you see what I mean).

My impression is that when the endpoint is not learned on the Leaf, ping works. As soon as "show endpoint ip..." shows the IP, the ping does not work anymore.

Below is the output of your command 

1. Before the clear
----------------------------------------------------------------
Node xxx (xxx)
----------------------------------------------------------------

MAC : xxxx.xxxx.xxxx ::: Num IPs : 1
IP# 0 : xxx.xxx.xxx.xxx ::: IP# 0 flags : ::: l3-sw-hit: No
Vlan id : 3 ::: Vlan vnid : 11612 ::: VRF name : common:xxx
BD vnid : 15925213 ::: VRF vnid : 2097153
Phy If : 0x16000001 ::: Tunnel If : 0
Interface : port-channel2
Flags : 0x80004c04 ::: sclass : 49211 ::: Ref count : 5
EP Create Timestamp : 07/05/2023 16:44:02.639771
EP Update Timestamp : 07/05/2023 16:58:39.904923
EP Flags : local|IP|MAC|sclass|timer|

 

2. After the clear when ping works (only for a few packets)

----------------------------------------------------------------
Node xxx (xxx)
----------------------------------------------------------------

and all blank

3. After the clear when ping does not work anymore


----------------------------------------------------------------
Node xxx (xxx)
----------------------------------------------------------------

MAC : xxxx.xxxx.xxxx ::: Num IPs : 1
IP# 0 : xxx.xxx.xxx.xxx ::: IP# 0 flags : ::: l3-sw-hit: No
Vlan id : 3 ::: Vlan vnid : 11612 ::: VRF name : common:xxx
BD vnid : 15925213 ::: VRF vnid : 2097153
Phy If : 0x16000001 ::: Tunnel If : 0
Interface : port-channel2
Flags : 0x80004c04 ::: sclass : 49211 ::: Ref count : 5
EP Create Timestamp : 07/05/2023 17:04:13.551393
EP Update Timestamp : 07/05/2023 17:04:52.778856
EP Flags : local|IP|MAC|sclass|timer|

suneq
Level 1
Level 1

Well, I finally fixed the issue.

The server is connected to a single Leaf with 2 ports in Port-channel. In the access policies, I configured a port range 1/1-2 for the Port Selectors. I removed that block (1/1-2) and configured 1/1 and 1/2 seperately in the Port Selector and the problem is solved. The server is now pingable.

I've never known that we cannot use port-range when configure a Port-Channel, should read the configuration guide again.

Thanks @Robert Burns for your help.

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License