Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1393
Views
0
Helpful
2
Replies

Trace route behavior in ACI PBR one arm mode

Jaya_tv
Level 1
Level 1

‎04-13-2020 08:20 AM

Hello everyone,

 

we have PBR with one-arm mode.
Service Node [ Firewall ] is connected with Leaf 01 and 02.
Consumer EPG is with Leaf 03 and Provider EPG is with Leaf 04.
From Consumer I am able to Ping Provider.
Traceroute from consumer EPG to Provider EPG takes 5 hops.
Traffic is hitting a firewall and return to ACI without any issues.
I would like to understand why consumer to provider traffic is taking 5 hops?
I had gone thru one whitepaper whcih says traceroute is not best options to verify PBR traffic.

Labels:
0 Helpful
2 Replies 2

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎04-15-2020 03:05 AM

Hi @Jaya_tv ,

Could you share the output of the traceroute and indicate what each IP represents in the output? Also, is your firewall go-to or go-through?

 

Cheers,

Sergiu

0 Helpful

Gaurav Gambhir
Cisco Employee
Cisco Employee

‎04-22-2020 08:09 PM

Refer to traceroute consideration for PBR

 

https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html#_Toc522749020)

 

there was this bug which is fixed in 3.2x
CSCvh92923 ACI PBR does not decrement TTL
 
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License