cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

584
Views
10
Helpful
2
Replies
Highlighted
Engager

Where do I find the "management" VRF in ACI?

[Apologies if you have already seen this: I accidently posted it in /Service Providers/MPLS/ and found no way to move it] 

Hi,

Let me start by saying I suspect I know the answer, but am hoping someone with more knowlwdge than I have will be able to elaborate.

Fist of all, let me define where I see the allusive management VRF.  The easiest is from the CLI on a brand-new ACI fabric. Run the show vrf command on any switch and you will see:

apic1# fabric 201 show vrf
----------------------------------------------------------------
 Node 201 (Spine201)
----------------------------------------------------------------
 VRF-Name                           VRF-ID State    Reason
 black-hole                              3 Up       --
 management                              2 Up       --
 overlay-1                               4 Up       --

Now curiously, I don't see any VRF with a VRF-ID of 1, nor do I see the pre-defined VRFs called mgmt:inb or mgmt:oob - which are seen when I issue the same command on the APIC. (I may have chrated a little here, because my fabric is NOT brand new, I have configured inb mangement)

apic1# show vrf
 Tenant      Vrf         Consumed Contracts    Provided Contracts    Description
 ----------  ----------  --------------------  --------------------  ----------------------------------------
 common      copy        -                     -
 common      default     -                     -
 infra       ave-ctrl    -                     -
 infra       overlay-1   -                     -
 mgmt        inb         -                     -
 mgmt        oob         -                     -

Now my suspicion is that the management VRF is in fact an alias for the mgmt:oob VRF - based on the fact that if I issue a command like: fabric 201 show ip route vrf management, I see the default route of the OOB VRF, in my case 172,16.12.1.

apic1# fabric 201 show ip route vrf management
----------------------------------------------------------------
 Node 201 (Spine201)
----------------------------------------------------------------
IP Route Table for VRF "management"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

0.0.0.0/0, ubest/mbest: 1/0
    *via 172.16.12.1/32, mgmt0, [0], 10:12:05, local

So here is what I hope someone can tell me:

  • Is the mangement VRF ALWAYS the same as the mgmt:oob VRF?
    1. If so, why does ACI have two names for the same thing? (Again I suspect that if this is the case it just another of the MANY inconsistencies in ACI put there to confuse us)
    2. If not, what exactly IS the relationship between the mangement and the mgmt:oob VRF?  And how do I verify that?

One of the places where I have found this particularly confusing is when configuring NTP. When I issue the command  fabric 201 show ntp peers (or fabric 201 show ntp peer-status), I see the VRF listed as management

apic1# fabric 201 show ntp peers
----------------------------------------------------------------
 Node 201 (Spine201)
----------------------------------------------------------------
-----------------------------------------------------------------------------
  Peer IP Address                         Serv/Peer Prefer KeyId   Vrf
-----------------------------------------------------------------------------
  172.16.1.5                              Server    no     None    management

My problem is that I have no idea where to configure this allusive mangement VRF!

 

RedNectar
aka Chris Welsh


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Participant

Hi Chris

 

That's correct: mgmt:oob == management.

I think this is a "Nexus-thing": The out-of-band mgmt interface (mgmt0) Interface is always bound to the VRF "management". So even if there is an ACI image running - it's still Nexus-hardware running a special NX-OS.

 

HTH

Marcel

View solution in original post

2 REPLIES 2
Highlighted
Participant

Hi Chris

 

That's correct: mgmt:oob == management.

I think this is a "Nexus-thing": The out-of-band mgmt interface (mgmt0) Interface is always bound to the VRF "management". So even if there is an ACI image running - it's still Nexus-hardware running a special NX-OS.

 

HTH

Marcel

View solution in original post

Highlighted

Thanks Marcel,

I can't count the hours I've wasted looking for relationships in ACI because of inconsistencies of naming. And although I accept the "Nexus-thing" explanation, I really don't think it is a good enough excuse for the inconsistency.

And for the record there is another inconsistency.

If I use the GUI to navigate to Fabric > Inventory >> Pod 1 > Leaf101 > Interfaces > Management Interfaces > mgmt0, I do see the IP address of the OOB interface.

BUT, if I issue an ifconfig command on Leaf101, mgmt0 interface exists, but has no IP address and a different MAC address to that shown in the GUI.  The IP and MAC corresponding to the mgmt0 interface shown in the GUI is associated with interface eth0

Thanks again for taking the time to respond.

 

RedNectar
aka Chris Welsh


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

Content for Community-Ad