cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4639
Views
40
Helpful
9
Replies

Interface & Endpoint EPG Up/Down Logs

snarayanaraju
Level 4
Level 4

Hello All - Where to see the Logs in ACI APIC for Endpoint EPG Up/Down events or status. I am not seeing it in the Faults logs

For example, I have a Endpoint with IP address 192.168.11.100 configured in a HP Blade Server. It is statically mapped under EPG named APP-192.168.11.0

When this Endpoint goes down and come up online, where the Logs of this event can be seen or recorded. 

 

1 Accepted Solution

Accepted Solutions

Ah ok. I got your question now.

First thing you should know about Local EP learning (IP+MAC) is that there is something called Local End Point Aging Interval. This is basically the amount of time in seconds that a leaf node can keep each local endpoint in its endpoint table without further updates (meaning there is no control plane - ARP, or data plane traffic - ucast traffic generated by EP, which can update the entry on Leaf switch). The default interval is 900 seconds. If 75 percent of the interval is reached, the leaf node sends three ARP requests to verify the presence of the endpoint. If no response is received, the endpoint is deleted.

Now coming back to your question, if you have the default value of Local EP Aging Interval, if the Leaf do not see any updates on the EP information, the Leaf will wait 600 seconds and then generate 3x ARPs. If there is no reply, will delete the entry after the aging time expired. This is the moment when the EP will be deleted from the EPG, and you will be able to see this in EP tracker or epm/epmc.

In EP tracker you will see it as "detached" while in EPMC you will see it as optype = DEL.

 

Stay safe,

Sergiu

 

View solution in original post

9 Replies 9

julian.bendix
Level 3
Level 3

Hey!

When a physical interface with an active configuration (e.g. mapped to an EPG) goes down, there will be a fault for it.

Also you can track endpoints via the EP Tracker (Operations -> EP Tracker).
There you can search for the IP (if the Bridge Domain the EP belongs to has L3 Routing enabled), or for the MAC address.
There you can see the logs for the EP attaching and detaching to and from the Fabric, and on which Port(s).

Let me know if that helped.

Best regards
Juls

Sergiu.Daniluk
VIP Alumni
VIP Alumni

Hi @snarayanaraju 

You can also use Enhanced EP tracker and Enhanced EP tracker mini:

https://dcappcenter.cisco.com/enhancedendpointtracker-mini.html

https://dcappcenter.cisco.com/enhancedendpointtracker.html

 

Stay safe,

Sergiu

Alexander09
Level 1
Level 1

Hi,

 

On top using the Endpoint tracker you could fetch the info from each leaf to check endpoint flapping, the location /var/log/dme/log/epm*  (or /var/log/dme/oldlog/epm*) and you can use (e)grep to filter on MAC / IP.

 

cheers

 

Alexander

--
Alexander Deca

snarayanaraju
Level 4
Level 4

Thanks you everybody for sharing your thoughts. I have a challenge here. We know only the IP address of the Host and not the MAC address. When the EPG is down, we dont find the location of the Endpoint using the EP Tracker. As we dont know the MAC address, we cannot use the EP Tracker too.

 

As the Endpoint is behind the Blade Server, the Physical Interface never goes down / Up. Is there any ways to find which Interface the EPG were going down and coming UP

@snarayanaraju 

What do you mean by "when the EPG is down"?

If you use static path binding to deploy the EPG towards the host, then you should have static binds for all interfaces towards the hosts where the server/vm is moved.

If you do not see the IP being learned it means:

1. Either you have the EPG configured with all the static paths, but the EP is a silent host and does not generate a GARP when it is being moved/vmotioned. This is usually resolved by normal operations of network (source reARPs or EP expires + traffic flood)

2. The static path towards the new host where the server is moved is not configured or is incorrectly configured as statich path under the EPG.

 

Cheers,

Sergiu

Alexander09
Level 1
Level 1
Not sure I understand it completely but you could do a moquery -c fvCEp | grep -A 10 -B 5 ?

This will show you info about your endpoint with and will show you where it is learned from ?


--
Alexander Deca

T +32 16 898771
M +32 479989968
E alexander.deca@deca-consulting.be

Schoolstraat 59
B-3110 Rotselaar
VAT BE0687.819.476
--
Alexander Deca

snarayanaraju
Level 4
Level 4

Sorry for not putting the things clearly. Let me explain again.

I have an endpoint host (192.168.11.100) configured in a Blade Server which also has multiple hosts which is managed by Server Team

The Blade Server is connected to ACI using a Static Binding in EPG named APP-192.168.11.0

If this endpoint reboot (192.168.11.100 ) or Shutdown, will we get this event logs in APIC as the Physical Interface of the Leaf Switch  will not go down in the scenario? 

As a Network Engineer we will not know to which leaf switch this Endpoint is connected if the endpoint is down as the IP is not seen in the endpoint Tracker the endpoint is down to track the location of the Endpoint

Ah ok. I got your question now.

First thing you should know about Local EP learning (IP+MAC) is that there is something called Local End Point Aging Interval. This is basically the amount of time in seconds that a leaf node can keep each local endpoint in its endpoint table without further updates (meaning there is no control plane - ARP, or data plane traffic - ucast traffic generated by EP, which can update the entry on Leaf switch). The default interval is 900 seconds. If 75 percent of the interval is reached, the leaf node sends three ARP requests to verify the presence of the endpoint. If no response is received, the endpoint is deleted.

Now coming back to your question, if you have the default value of Local EP Aging Interval, if the Leaf do not see any updates on the EP information, the Leaf will wait 600 seconds and then generate 3x ARPs. If there is no reply, will delete the entry after the aging time expired. This is the moment when the EP will be deleted from the EPG, and you will be able to see this in EP tracker or epm/epmc.

In EP tracker you will see it as "detached" while in EPMC you will see it as optype = DEL.

 

Stay safe,

Sergiu

 

Excellent Reply. Thank you very much

If the Endpoint is UP, then in the EP Tracker i can see the State Transitions changing as 'attached' or 'detached'. That sounds good for us.

But when the Endpoint is down, there EP Tracker will not show up the Learning details and so the State Transition.

 

As a Network Engineer, i have given a problem saying the Endpoint is down. I know only the IP address. I dont know which Leaf the Endpoint was connected with to trace the History of the UP/Down events

 

What is the easy and best way to see the logs of the Endpoint state change, given the Endpoint is down currently as the EP Tracker dont  show the logs for the Endpoint which is down

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Save 25% on Day-2 Operations Add-On License