Hi fellow ACI experts, I came here to ask for your wisdom.
Some days ago we got some nasty endpoint that by some means managed to publish a lot of IP adresses from many EPGs from its MAC address, causing that a big portion of our ACI Fabric forwarding got messy and generatng a major sinkhole in our production environment. We managed to stop the issue and to put on place some controls to avoid this type of erros (basically shutting down some ports and then enabling "Limit IP to subnetmask" check in the bridge domain) and now all is working as expected, but, in the System->Errors tab we got a lot of error F3083 messages (duplicated IP addresses) stuck like if it were still present. We have checked each LEAF and the issue is gone, but the messages got stuck in the error cycle at the "raise" category.
Does somebody know how i can get rid off those messages? is there any script, command or configuration i could do to erase that entries? It is pretty dificult now to identify some problem when you have 50+ messages of stuck messages.
Thank you at advance and i really appreciate any help that anyone can provide me.
Thank you for the information, but the manual clear doesn't seem to work in my case. I have looked for all the "dupped" IP addresses in the APIC CLI, and it looks normal (not duplicated), but it keeps showing up int the GUI.
Is there any way to clear it from the APIC GUI?
Hi @EduardR ,
Not that I know of. I've had better luck clearing these type of "stale" issues from the CLI. I think my next step would be to reload each APIC one at a time making sure each one was up and fully fit before going to the next. (I'm assuming you've cleared your cache and tried different browsers and still see them?) If that didn't clear it out the only other option I've seen to clear out stale data is to call TAC so they can use their elevated privileges to look around and clear stuff out. Not knowing anything about your environment I'd recommend calling TAC to see if they can clear them out.