I'm having a trouble with ACI when receiving TCN BPDU. I have 2 VPC that is connecting ACI leafs to 2 VSS switch (using 2VPC). I understand that whenever I migrate servers from legacy switch to ACI leaf, legacy switch will generate TCN and ACI flushes all endpoint in it's database.
But I have checked the event logs, and it's seem that ACI has flushed 6 times for each time receiving TCN, 6 seconds interval between two continous flush. I didn't see any documents which described about that. Anyone know or face this issue?
Thanks for reading my post!
Hi @vietdd1910 ,
Wow! If you send a TCN every time you unplug a server from Legacy, the problem is not on ACI but on your Legacy network...
Keep in mind that the TCN also flushes the MAC table on Legacy switches every time, which has more or less the same effect.
The most probable reason is that your Legacy server ports are set as normal spanning-tree, meaning not with Portfast (or Edge), so every status change generates a TCN across the network. Change this setting and you will not have BD Endpoint flush.
Also, depending on your design, you could block any incoming BPDU on ACI if no STP is needed.
To be able to answer why is this happening, we would need more details about the problem:
How did you confirmed that ACI flushes the EP table 6 times?
What is the frequency of each EP table flush?
On which leaf switches is this happening?
Can you collect the following outputs:
From ACI leaf(s) where affected vlan is binded:
show mcp internal info vlan <encap-vlan>
From the legacy switches:
show spanning-tree vlan <encap-vlan> detail
What should we look for is the time of the last TCN. (if datetime is not in sync, then take the show clock from ACI leaf as well).
Please send the following APIC output with your relevant timestamps showing the problem:
show events start-time 2020-04-03Txx:xx:xx end-time 2020-04-03Txx:xx:xx detail
and following Leaf CLI output:
show mcp internal event-history trace detail | grep BPDU -B1
It sounds like you did not configured your interfaces where you have your servers connected as STP port type edge (port fast on catalyst). Alternatively, if you do not have a loop between legacy network - ACI interconnect, you can simply enable BPDU filter and avoid any BPDUs (along with TCNs) to be forwarded over ACI.