cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
438
Views
0
Helpful
15
Replies

Communication Issues in the Cisco C9516 ACI

Translator
Community Manager
Community Manager

 

Device Version: /bootflash/aci-n9000-dk9.14.2.7g.bin

Device Model: Cisco  C9516

Problem description:

As shown in the figure below, A cannot access B(any protocol), and after logging in to B and initiating a request from B to A(any protocol, we are pinging), both ends can communicate normally

When the ping fails, the leaf switches connected to A and B can learn the LOCAL endpoint information, and the coop table entries on the four spine switches are normal. The endpoint information of A and B can be found on the APIC controller.

Please help analyze the causes and solutions to the problem, thank you!

ACI_20241012162945.jpg

15 Replies 15

Translator
Community Manager
Community Manager

1.Server B ToAOnce the request is initiated, normal communication will occur, at which pointleaf 1expectedServer Bofremote EPTable Item, this timeServer A Initiated traffic arrivesLeaf1Query Afterremote EPThe appearance, the direct decision to send todst leaf.

2.When things go wrong,BNo request sent,Leaf1Should not haveServer Bofremote EPInformation, when traffic needs to bespine proxyarriveSpineMake a query to determine the path.

Because of spine proxy, Cisco ACI packet forwarding will work without remote endpoint learning.

Spine proxy enables leaf switches to forward traffic directly to the COOP database located on the spine switches.

 

So we need to doELAMCatch packets to determine traffic arrivalSpineIs the correct slave afterSpineSend Toegress Leaf. It also requires further reviewSpine LC/FMtable entries and forwarding conditions.
We recommend that you review the following
ACI forwarding, andACIContract opening of equipmentCaseto get CiscoTACDepartmental technical support.

https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html

kesma_0-1728969107681.png

 

 

Hello!

1. How does ELAM capture the packets?

2. If the packet is not sent from the Spine after capture, what is the problem?

1 To use elam, you can check at:

https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/217995-troubleshoot-aci-intra-fabric-forwarding.html

2 Forwarding behavior depends on the relevant configurations within your ACI fabric. If spine proxy is enabled, there will be Glean ARP packets for processing. Detailed information on this can be found in the ACI Forwarding documentation.

https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2023/pdf/BRKDCN-3900.pdf

 

 

Hello! Currently, the packet is not sent from Spine. How do I resolve this issue? Thank you

If the traffic is terminating at the spine, more information is needed to verify the spine's status. Please collect on-demand techsupport and contact TAC for further assistance.

Collect on-demand techsupport:

https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/214520-guide-to-collect-tech-support-and-tac-re.html

May I analyze it myself? Please provide analysis ideas and methods, thank you!

For details on modular spine forwarding, it is necessary to review specific ELAM captures. ELAM needs to be performed not only on the LC but also on the FM, and it is also important to check the forwarding table entries on the spine.

However, before proceeding, it's essential to understand the basics of ACI forwarding, which can be found in the previously provided documentation.

For further detailed discussion and analysis, please reach out to TAC for confirmation.

AshSe
Level 3
Level 3

Understanding the Issue

Diagram:

Screenshot 2024-10-16 at 12.16.41 PM.png

Description:

  • A cannot access B (any protocol), and after logging in to B and initiating a request from B to A (any protocol, we are pinging), both ends can communicate normally.
  • When the ping fails, the leaf switches connected to A and B can learn the local endpoint information.
  • COOP table entries on the four spine switches are normal.
  • The endpoint information of A and B can be found on the APIC controller.

Issue:

  • A can not ping B but B can ping A

Probable Reason:

  • Uni-directional traffic restriction on a firewall connected to B or local incoming traffic restriction in B.

Hello, there is no firewall in the middle path

Hello, there is no firewall in the middle path. When B initiates to ping server A, server A can also ping server B. Can you tell me why? Thanks!

Translator
Community Manager
Community Manager

Understanding the Issue

Diagram:

Screenshot 2024-10-16 at 12.16.41 PM.png

Description:

  • A cannot access B (any protocol), and after logging in to B and initiating a request from B to A (any protocol, we are pinging), both ends can communicate normally.
  • When the ping fails, the leaf switches connected to A and B can learn the local endpoint information.
  • COOP table entries on the four spine switches are normal.
  • The endpoint information of A and B can be found on the APIC controller.

Issue:

  • A can not ping B but B can ping A

Probable Reason:

  • Uni-directional traffic restriction on a firewall connected to B or local incoming traffic restriction in B.

Hello, there is no firewall in the middle path

Hello, there is no firewall in the middle path. When B initiates to ping server A, server A can also ping server B.

Hello, there is no firewall in the middle path. When B initiates to ping server A, server A can also ping server B.

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License