Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8360
Views
5
Helpful
6
Replies

Cisco ACI IP address assignment default

Go to solution
Prakin
Level 1
Level 1

‎02-17-2019 01:15 AM - edited ‎03-01-2019 05:46 AM

Hi,

After providing the VTEP pool /16 assignment to apic, by default what interfaces are created, as i can see l0, l1, l1023?

Also how do i check the loopback 0 and loopback 1 IP address of leaf switches from APIC CLI ?.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
gkumark
Cisco Employee
Cisco Employee
In response to Prakin

‎02-18-2019 07:38 PM

Hi,

 

I believe you are referring to how to identify a remote endpoint and find where it is learned from. 

 

As you are already aware, fist this is to find out the tunnel by running "show endpoint" command. Once you have the tunnel number, you can use the command "show interface tunnelX" where X is the tunnel number. Once you know the tunnel destination IP, you can run the command "acidiag fnvread" to get the destination leaf node ID.

 

Now if your endpoint is learned through vPC, then your tunnel destination would point to vPC IP, instead of leaf TEP IP. so, fnvread command wouldn't give you the actual leaf where it learned. So, you can run below command to know which leaf has that vPC IP.

 

apic1# bash

admin@apic1:~> apic1moquery -c vpcDom | egrep "virtualIp|dn|#"

 

Or you cane even check these IP's from the APIC GUI under Fabric -> Access Policies -> Policies -> Switch -> Virtual Port Channel Default and refer to "Virtual IP" column. 

 

Hope this helps. 

 

Cheers

GK

 

View solution in original post

0 Helpful
6 Replies 6

Go to solution
RedNectar
VIP
VIP

‎02-17-2019 02:14 AM - edited ‎02-17-2019 02:15 AM

Hi Prakin,

 Also how do i check the loopback 0 and loopback 1 IP address of leaf switches from APIC CLI ?.

The simplest way to check IP addresses of the leaves/spines and APICs is from the CLI of the APIC.

Use the command acidag fnvread to check the IPs assigned to the switches, and acidag avread to check the IP addresses of the APICs - which will be the first IP addresses of the VTEP address range allocated during installation (ie 10.0.0.1; 10.0.0.2 and 10.0.0.3 if the deafult 10.0.0.0/16 VTEP range is chosen). And the command aciadiag hwcheck will ping each switch and APIC for you.

Also, since each device is a Linux box, you can also use the quintessential ifconfig command if you really want to see the specific IP address of a spefic loopback address.

You can also see some of this information in the GUI. Fabric > Inventory > Fabric Membership is a good place to start. 

After providing the VTEP pool /16 assignment to apic, by default what interfaces are created, as i can see l0, l1, l1023?

You got it! l0, l1, l1023 is correct. Also check out Fabric > Inventory > Podx > Leafxxx > Tunnel Interfaces

Bottom Line

Generally you don't need to know any of these VTEP addresses. The fabric looks after itself and all you need to worry about is making sure your Access Policy Chains are complete, and your Tenant configuration is sound.

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Go to solution
Prakin
Level 1
Level 1
In response to RedNectar

‎02-17-2019 09:22 PM

Hi, 

First thanks for your reply. 

 

Yes "acidiag fvnread" displays the vtep address assigned to fabrics, but it's a loopback 0 IP address only displayed, i believe its not showing loopback 1 IP address, so how to check that one?

 

The reason why i came up with this, when you check endpoint address from leaf1 and it shows it reachable via tunnel10, at this point i don't know which endpoint leaf switch it is. The VXLAN tunnel is built between leaf switches that's fine. On leaf1 execute "show interface tunnel10", the tunnel destination IP address is x.x.x.x. Sure this x.x.x.x belongs to some leaf switch, here how do i get the leaf switch details ? either from leaf 1 and apic ?. as i said earlier "acidiag" displays only the loopback 0 IP address. In my infra VXLAN tunnel is built btw leaf1 (lo) and leaf2 (l1) what i see.

0 Helpful

Go to solution
RedNectar
VIP
VIP
In response to Prakin

‎02-18-2019 12:43 PM - edited ‎02-18-2019 03:12 PM

Ok - I should have begun by asking WHY you want to know.

Firstly, to see the IP addresses of lo1 and lo1023 on a leaf, issue the show ip interface brief vrf overlay-1 command.  To get it all from one place, issue the command from an APIC, but prefix the command with fabric followed by a list of your Leaf IDs

apic1# fabric 101, 102  show ip interface brief vrf overlay-1 | egrep -v un
----------------------------------------------------------------
 Node 101 (Leaf101)
----------------------------------------------------------------
IP Interface Status for VRF "overlay-1"(4)
Interface            Address              Interface Status
                     (lo0)
vlan14               10.0.0.30/27         protocol-up/link-up/admin-up
lo0                  10.0.16.64/32        protocol-up/link-up/admin-up
lo1                  10.0.192.67/32       protocol-up/link-up/admin-up
lo1023               10.0.0.32/32         protocol-up/link-up/admin-up


----------------------------------------------------------------
 Node 102 (Leaf102)
----------------------------------------------------------------
IP Interface Status for VRF "overlay-1"(4)
Interface            Address              Interface Status
                     (lo0)
vlan13               10.0.0.30/27         protocol-up/link-up/admin-up
lo0                  10.0.16.66/32        protocol-up/link-up/admin-up
lo1                  10.0.192.67/32       protocol-up/link-up/admin-up
lo1023               10.0.0.32/32         protocol-up/link-up/admin-up

[Edit - my first attempt was wrong - here goes again] 

Back to your question "how do i get the leaf switch details [that represent the target of a tunnel]?"

Like you said, you can find the tunnel destination by issuing a show interface tunnelX - but to find the actual leaf switch that points to you have to mentally map that destination IP back to a given Leaf based on the output of the command above.

As far as I know, there is no command that tells you that "This tunnel maps to this leaf" unless you wanted to do some real fancy stuff piping the output of the show endpoint command into sed or awk.

 

 

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

Go to solution
gkumark
Cisco Employee
Cisco Employee
In response to Prakin

‎02-18-2019 07:38 PM

Hi,

 

I believe you are referring to how to identify a remote endpoint and find where it is learned from. 

 

As you are already aware, fist this is to find out the tunnel by running "show endpoint" command. Once you have the tunnel number, you can use the command "show interface tunnelX" where X is the tunnel number. Once you know the tunnel destination IP, you can run the command "acidiag fnvread" to get the destination leaf node ID.

 

Now if your endpoint is learned through vPC, then your tunnel destination would point to vPC IP, instead of leaf TEP IP. so, fnvread command wouldn't give you the actual leaf where it learned. So, you can run below command to know which leaf has that vPC IP.

 

apic1# bash

admin@apic1:~> apic1moquery -c vpcDom | egrep "virtualIp|dn|#"

 

Or you cane even check these IP's from the APIC GUI under Fabric -> Access Policies -> Policies -> Switch -> Virtual Port Channel Default and refer to "Virtual IP" column. 

 

Hope this helps. 

 

Cheers

GK

 

0 Helpful

Go to solution
Prakin
Level 1
Level 1
In response to gkumark

‎02-28-2019 11:13 PM

Sorry guys, that was short break,

 

admin@apic1:~> apic1moquery -c vpcDom | egrep "virtualIp|dn|#"

this command will show only VPC address, how about the loopback 1 ip address ?

 

Secondly from the APIC, i difficult to sneak all the fabric switches to show interface and grep for the loopback ip address. as i have 100 plus leaf switches. 

 

The reason why i have asked this info is because, recently we have hit a bug. something like for e.g

if we have 3 leaf switches. when the VM or server endpoint moved from leaf2 to leaf3. 

From the APIC point of view the endpoint is correctly showing on the leaf3, but from the leaf1 the tunnel destination is still showing as it learned from leaf2. so then we have to manually clear the endpoint entry in leaf1 and leaf 2 ( not really necessary unless the endpoint entry is showing correctly) to re-learn the endpoint from leaf3. this is just for only 3 leaf switches. 

what if have 100 of leaf switches, and if any of the leaf switch showing incorrect VXLAN tunnel to endpoint which is already moved to another leaf. how to identify the incorrect VXLAN tunnel destination leaf details VPC (you have already given the command to check) or loopback 1 IP address ?.

 

let me know your views.

0 Helpful

Go to solution
Prakin
Level 1
Level 1
In response to gkumark

‎04-22-2019 07:12 PM

Thanks,
admin@apic1:~> moquery -c vpcDom | egrep "virtualIp|dn|#"
This resulted me with loopback1 IP address which is the VPC as well. tunnel is formed between lo and l1(if VPC configured). if not tunnel is formed between l0 to l0.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License