Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4978
Views
30
Helpful
5
Replies

Troubleshooting Traffic Flow in ACI

PatrickH1
Level 1
Level 1

‎09-07-2018 08:03 AM - edited ‎03-01-2019 05:38 AM

Hello Community,

 

If I've understood it correctly. In ACI Architecure we have Global Station Table and Local Station Table sepereated by Layer2 and Layer3. If i want to follow traffic flow in ACI, lets say i am on Leaf 1 and i will learn destiantio ip adress from Leaf 2. In that case the packet has to go to NorthStart ASIC from Leaf 1 -> Spine -> Leaf2. Is it correct to look at the Local Station Tabel for Layer2 on Leaf1?

Is there a possibility to acces the local or global Station tabe to do some "show"-command in case of Troubleshooting?

 

Kind Regards

 

Patrick

Labels:
0 Helpful
5 Replies 5

RedNectar
VIP Alumni
VIP Alumni

‎09-07-2018 11:38 PM - edited ‎08-23-2022 10:31 PM

Hi Patrick,

It's less than a day since I put out a plea for Cisco to add such commands to the CLI, but alas no such commands exist

However, you mentioned "traffic flow" - so maybe the command you are looking for is itraceroute - it has a rather convoluted syntax, because you specify the VRF AFTER the target IP. E.g.

Leaf101# itraceroute 192.168.92.10 vrf Tenant9:Production-VRF
Tenant traceroute to 192.168.92.10, tenant VRF Tenant9:Production-VRF, source encap vlan-2091, from [192.168.91.1], payload 56 bytes
. . .
Path 1   [ Complete ]   [ internal ]
+-----+------------+---------+------+-------------+-------+
| Hop |    TEP     |   ETEP  | Site |  Interface  |  Time |
+-----+------------+---------+------+-------------+-------+
|  1  | 10.0.16.65 | 0.0.0.0 |  0   |    eth1/1   | 0.004 |
|  2  | 10.0.16.66 | 0.0.0.0 |  0   | unspecified | 0.003 |
+-----+------------+---------+------+-------------+-------+

Note that you issue the itraceroute and iping commands on a LEAF rather than the APIC.

But if you want L2 & L3 endpoint information, then the show endpoint command issued on a leaf (which has a different output to the show endpoints command on the APIC) might be what you want.

E.g.

Leaf101# show endpoint 
Legend:
 s - arp              H - vtep             V - vpc-attached     p - peer-aged
 R - peer-attached-rl B - bounce           S - static           M - span
 D - bounce-to-proxy  O - peer-attached    a - local-aged       L - local
+-----------------------------------+---------------+-----------------+--------------+-------------+
      VLAN/                           Encap           MAC Address       MAC Info/       Interface
      Domain                          VLAN            IP Address        IP Info
+-----------------------------------+---------------+-----------------+--------------+-------------+
Tenant9:Production-VRF                                   192.168.91.1 L                      vlan29
Tenant9:Production-VRF                                   192.168.92.1 L                      vlan53
30                                        vlan-2091    a036.9f21.cbd6 L                     eth1/27
Tenant9:Production-VRF                    vlan-2091     192.168.91.10 L                     eth1/27
41                                        vlan-2198    0050.56a3.10b1 O                     tunnel6
Tenant9:Production-VRF                    vlan-2198     192.168.91.12 O                     tunnel6
41                                        vlan-2198    0050.56a3.0cfa L                     eth1/24
Tenant9:Production-VRF                    vlan-2198     192.168.91.11 L                     eth1/24
43                                        vlan-2093    0050.56b2.0f9e LV                        po9
Tenant9:Production-VRF                    vlan-2093    192.168.91.200 LV                        po9
54                                        vlan-2197    0050.56a3.7e7c L                     eth1/24
Tenant9:Production-VRF                    vlan-2197     192.168.92.11 L                     eth1/24
54                                        vlan-2197    0050.56a3.8a3a O                     tunnel6
Tenant9:Production-VRF                    vlan-2197     192.168.92.12 O                     tunnel6
42                                        vlan-2094    0050.56b2.3232 LV                        po9
Tenant9:Production-VRF                    vlan-2094    192.168.92.200 LV                        po9
<snip>

The show endpoint has some additional options (revealed by hitting <Esc><Esc>

Leaf101# show endpoint
 <CR>       Carriage return
 detail     Endpoint detailed information
 interface  Interface
 ip         IPv4/IPv6 address information
 mac        Mac address information
 summary    Endpoint summary information
 vlan       VLAN
 vrf        VRF

but as you see, restricting the output to just L2 or L3 or Local Station Table vs Global station table is not an option, for that you need to get creative using grep or egrep. E.g. to see just the Local Station Table entries for the Leaf, you could use:

Leaf101# show endpoint | grep " L"

and to see Global Station Table entries, use 

Leaf101# show endpoint | grep " O"

You can also use the over-convoluted command 

Leaf101# show system internal epm endpoint all

to get more endpoint info, but the output is messy.  So too is the output of 

Leaf101# moquery -c fvEp

 which dump endpoint information as well.

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

PatrickH1
Level 1
Level 1
In response to RedNectar

‎09-10-2018 08:03 AM

Hello Chris,

 

many Thanks, that is very helpful.

 

Kind Regards

 

Patrick

0 Helpful

Marcel Zehnder
Spotlight
Spotlight

‎09-10-2018 11:14 AM

Hi Patrick

 

See also the following document, some good information in there:

https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/213346-ex-hardware-aci-packet-forwarding-deep.html

 

HTH

0 Helpful

PatrickH1
Level 1
Level 1
In response to Marcel Zehnder

‎09-28-2018 02:44 AM

Hello Guys,

 

thanks for your feedback. I found another Command on Cisco website. Running "show platform internal ns forwarding lst-l2 ingress" from vsh_lc for Local Station Table for Layer2. I got the following error message:

 

module-1# show platform internal ns forwarding lst-l2 ingress
Err: Failed to read at address 0xe00000 Len:3 Ret:1122435117

 

Has anyone ever used this command before and it works for you?

 

Best Regards

 

Patrick

0 Helpful

Jayesh Singh
Cisco Employee
Cisco Employee
In response to PatrickH1

‎09-30-2018 10:31 PM

Hi Patrick,

 

Probably you are trying that on 2nd Generation Switches i.e. EX series or above.

 

GST and LST table were maintained in switches with broadcom ASICs, which were 1st generation switches e.g.N9K-C9372TX. That command works perfectly on these switches.

 

2nd Generation switches like N9K-93180YC-EX are based on Cisco Cloud scale ASIC, there is no GST/LST tables indeed there are FP tiles to store forwarding and policy information. Since there is no GST/LST table, it is not able to show any information regarding the same.

 

Hope that helps!

 

Regards,

Jayesh

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License