10-12-2024 06:59 AM - last edited on 10-12-2024 07:03 AM by Yanli Sun
Device Version: /bootflash/aci-n9000-dk9.14.2.7g.bin
Device Model: Cisco C9516
Problem description:
As shown in the figure below, A cannot access B(any protocol), and after logging in to B and initiating a request from B to A(any protocol, we are pinging), both ends can communicate normally
When the ping fails, the leaf switches connected to A and B can learn the LOCAL endpoint information, and the coop table entries on the four spine switches are normal. The endpoint information of A and B can be found on the APIC controller.
Please help analyze the causes and solutions to the problem, thank you!
10-14-2024 10:15 PM - edited 10-14-2024 10:15 PM
1.Server B ToAOnce the request is initiated, normal communication will occur, at which pointleaf 1expectedServer Bofremote EPTable Item, this timeServer A Initiated traffic arrivesLeaf1Query Afterremote EPThe appearance, the direct decision to send todst leaf.
2.When things go wrong,BNo request sent,Leaf1Should not haveServer Bofremote EPInformation, when traffic needs to bespine proxyarriveSpineMake a query to determine the path.
Because of spine proxy, Cisco ACI packet forwarding will work without remote endpoint learning.
Spine proxy enables leaf switches to forward traffic directly to the COOP database located on the spine switches.
So we need to doELAMCatch packets to determine traffic arrivalSpineIs the correct slave afterSpineSend Toegress Leaf. It also requires further reviewSpine LC/FMtable entries and forwarding conditions.
We recommend that you review the followingACI forwarding, andACIContract opening of equipmentCaseto get CiscoTACDepartmental technical support.
10-14-2024 11:39 PM
Hello!
1. How does ELAM capture the packets?
2. If the packet is not sent from the Spine after capture, what is the problem?
10-15-2024 12:30 AM
1 To use elam, you can check at:
https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/217995-troubleshoot-aci-intra-fabric-forwarding.html
2 Forwarding behavior depends on the relevant configurations within your ACI fabric. If spine proxy is enabled, there will be Glean ARP packets for processing. Detailed information on this can be found in the ACI Forwarding documentation.
- https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2023/pdf/BRKDCN-3900.pdf
10-15-2024 02:31 AM
Hello! Currently, the packet is not sent from Spine. How do I resolve this issue? Thank you
10-15-2024 08:24 PM
If the traffic is terminating at the spine, more information is needed to verify the spine's status. Please collect on-demand techsupport and contact TAC for further assistance.
Collect on-demand techsupport:
10-16-2024 08:32 PM
May I analyze it myself? Please provide analysis ideas and methods, thank you!
10-17-2024 02:02 AM
For details on modular spine forwarding, it is necessary to review specific ELAM captures. ELAM needs to be performed not only on the LC but also on the FM, and it is also important to check the forwarding table entries on the spine.
However, before proceeding, it's essential to understand the basics of ACI forwarding, which can be found in the previously provided documentation.
For further detailed discussion and analysis, please reach out to TAC for confirmation.
10-15-2024 11:54 PM - edited 10-16-2024 12:00 AM
Understanding the Issue
Diagram:
Description:
Issue:
Probable Reason:
10-31-2024 07:22 AM
Hello, there is no firewall in the middle path
10-31-2024 07:25 AM
Hello, there is no firewall in the middle path. When B initiates to ping server A, server A can also ping server B. Can you tell me why? Thanks!
10-15-2024 11:55 PM - edited 10-16-2024 12:01 AM
Understanding the Issue
Diagram:
Description:
Issue:
Probable Reason:
10-31-2024 07:24 AM
Hello, there is no firewall in the middle path
10-31-2024 07:24 AM
Hello, there is no firewall in the middle path. When B initiates to ping server A, server A can also ping server B.
10-31-2024 07:25 AM
Hello, there is no firewall in the middle path. When B initiates to ping server A, server A can also ping server B.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide