Re: TCPDump on Leaf (ACI)

PatrickH1 · ‎08-23-2018

Hello Community,

I have a question about TCPdump on a leaf Switch (ACI). When I start a TCPdump for an IP address learned via an L3OUT on the Border Leaf, see the ping in the TCPdump. When I start a TCPdump for an IP address learned as EPG -> BD, I don't see the ping in the TCPDump. I am in any case pinging from an IP outside the fabric.

Why can't I see the ping?

Many greetings

Patrick

micgarc2 · ‎08-25-2018

That is expected that type of traffic is not punted to the CPU. Tcpdump will only work for packets punted from the ASIC to the CPU.

PatrickH1 · ‎08-27-2018

Hello Micgarc2,

thank you for Explanation, that makes sense. Which traffic type is punted to CPU in ACI Fabric?

Best Regards

Patrick

micgarc2 · ‎08-25-2018

If you source traffic from the BD SVI to a deployed EP within that BD you will see it in a tcpdump output. Same goes for sourcing traffic from an external SVI (L3 out interface) to an external EP.

tuanquangnguyen · ‎10-31-2022

Apologies for hijacking this old topic, but does this mean that traffic between endpoints (in either same or different EPGs) passing through the Leaf switches (with gateway on ACI) cannot be tcpdump'ed on the Leaf themselves?

Tuan

Sergiu.Daniluk · ‎10-31-2022

"If you source traffic from the BD SVI to a deployed EP within that BD you will see it in a tcpdump output" - meaning if you ping from leaf you will see the traffic in tcpdump.