12-10-2020 03:33 AM
Hello,
a strange issue is happening:
deployment has 2 VPC: 101 with leaf 101 and 102 and 106 with leaf 106 and 107.
Now I have to add another VPC Protection Group (104) for VPC between leaf 104 and 105.
The strange issue is the autogenerated virtual ip address is created with the same ip of VPC 101.
This issue interrupted services that were using vpc 101 obviously ....
Infact after the deletion of VPC 104 the services on VPC 101 were restored.
I double check and every time I create a new VPC Protection Group for leaf 104 and 105 the Virtual ip is the same of first VPC Protection Group.
How can I resolve the issue ?
had someone got the same issue ?
Thanks and regards
12-10-2020 05:51 AM - edited 12-10-2020 05:58 AM
Going to need more info - firstly which version are you running?
This definitely sounds like a bug, can you also provide the outputs of:
moquery -c dhcpPool | egrep 'className|dn|startIp|endIp'
moquery -c dhcpClient | egrep 'dn|ip|nodeRole'
Robert
12-10-2020 05:58 AM
12-10-2020 06:10 AM
and here the other information:
apic1# moquery -c dhcpClient | egrep 'dn|ip|nodeRole'
No handlers could be found for logger "root"
dn : client-[uni/fabric/macprotp-default/macexpg-default]
ip : 11.0.144.65/32
model : vip
nodeRole : vip
id : uni/fabric/ipv4protp-default/ipv4expg-default
dn : client-[uni/fabric/ipv4protp-default/ipv4expg-default]
ip : 11.0.144.66/32
model : vip
nodeRole : vip
rn : client-[uni/fabric/ipv4protp-default/ipv4expg-default]
id : uni/fabric/ipv6protp-default/ipv6expg-default
dn : client-[uni/fabric/ipv6protp-default/ipv6expg-default]
ip : 11.0.144.64/32
model : vip
nodeRole : vip
rn : client-[uni/fabric/ipv6protp-default/ipv6expg-default]
dn : client-[FDO2138253V]
ip : 11.0.128.64/32
nodeRole : leaf
dn : client-[FDO221719Y8]
ip : 11.0.128.65/32
nodeRole : spine
dn : client-[FDO22211Q8Z]
ip : 11.0.128.66/32
nodeRole : spine
dn : client-[FDO21400TAP]
ip : 11.0.128.71/32
nodeRole : leaf
dn : client-[FDO21422NT6]
ip : 11.0.128.69/32
nodeRole : leaf
dn : client-[FDO21422N6Q]
ip : 11.0.128.67/32
nodeRole : leaf
dn : client-[FDO21422P08]
ip : 11.0.128.70/32
nodeRole : leaf
dn : client-[FDO213826KH]
ip : 11.0.128.72/32
nodeRole : leaf
dn : client-[FDO21422NCF]
ip : 11.0.128.68/32
nodeRole : leaf
Thanks
12-10-2020 06:10 AM - edited 12-10-2020 06:11 AM
Also need the other output from the original response (moquery -c dhcpClient | egrep 'dn|ip|nodeRole'). From this output see if you have a dhcpClient record for the VPC TEP address assigned to 101_102 protection group.
What's likely happened is the original VPC TEP Address doesn't have a dhcpClient object record, so it's re-allocating that original VPC TEP Address. Simple fix is to remove the original VPC Protection Group for 101 and 102, wait 5mins, then re-create it. After you create it, we should see a dhcpClient record for that address (recheck previous command).
This is bug CSCvi66563.
Robert
12-10-2020 06:21 AM
Hello,
sorry for delay,
I sent the second command in my last email.
question:
Doing : "remove the original VPC Protection Group for 101 and 102" we will lost the vpc and any services using that ...
We will have also to redo all the static port association for any EPG using that vpc ... is it correct ?
thanks and regards
Guido
12-10-2020 06:41 AM
This will be disruptive - yes, I should have mentioned that. Do it during a maintenance period. Only devices using VPC Policy Groups on these VPC Pairs would be impacted, any single connected (non-VPC) Endpoints will not be impacted. You will not have to recreate any Static Paths, as this is independent of the switch VPC Policies.
Robert
12-10-2020 06:51 AM
12-10-2020 07:40 AM
What is the current VIP assigned to the VPC TEP for 101_102? Want to be sure the dhcpClient entry is indeed missing from the CLI outputs.
Robert
12-10-2020 09:39 AM
12-10-2020 10:06 AM
And if you re-run that command to look at dhcpClient records - do you see this address assigned?
Robert
12-10-2020 10:58 PM
Hello Robert,
do you mean:
I create a new pair it obtain 11.0.152.64/32 as 101 pair
and then re-run that command to look at dhcpClient records ?
If you need It will take a lot as I have to request a maintenance window.
else if I run now (without re-create a new pair) the command ,You can see it is not assigned:
apic1# moquery -c dhcpClient | egrep 'dn|ip|nodeRole'
No handlers could be found for logger "root"
dn : client-[uni/fabric/macprotp-default/macexpg-default]
ip : 11.0.144.65/32
model : vip
nodeRole : vip
id : uni/fabric/ipv4protp-default/ipv4expg-default
dn : client-[uni/fabric/ipv4protp-default/ipv4expg-default]
ip : 11.0.144.66/32
model : vip
nodeRole : vip
rn : client-[uni/fabric/ipv4protp-default/ipv4expg-default]
id : uni/fabric/ipv6protp-default/ipv6expg-default
dn : client-[uni/fabric/ipv6protp-default/ipv6expg-default]
ip : 11.0.144.64/32
model : vip
nodeRole : vip
rn : client-[uni/fabric/ipv6protp-default/ipv6expg-default]
dn : client-[FDO2138253V]
ip : 11.0.128.64/32
nodeRole : leaf
dn : client-[FDO221719Y8]
ip : 11.0.128.65/32
nodeRole : spine
dn : client-[FDO22211Q8Z]
ip : 11.0.128.66/32
nodeRole : spine
dn : client-[FDO21400TAP]
ip : 11.0.128.71/32
nodeRole : leaf
dn : client-[FDO21422NT6]
ip : 11.0.128.69/32
nodeRole : leaf
dn : client-[FDO21422N6Q]
ip : 11.0.128.67/32
nodeRole : leaf
dn : client-[FDO21422P08]
ip : 11.0.128.70/32
nodeRole : leaf
dn : client-[FDO213826KH]
ip : 11.0.128.72/32
nodeRole : leaf
dn : client-[FDO21422NCF]
ip : 11.0.128.68/32
nodeRole : leaf
apic1#
Thanks and regards
Guido
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide