Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new blog
776
Views
5
Helpful
2
Comments

Kind of Loop is back in ACI !!!

balbaletabrez
Level 1
Level 1
‎07-09-2020 01:49 AM

ACI Fabric start learning external remote IP’s locally on the Leaf switches . Due to this reason, traffic is locally dropped on Leaf Sw03 instead of going outside the fabric. This issue basically interrupted most of the External & Internal services because (ACI firewall IP’s and External LB IP’s plus additional IP’s from HQ and Branch Network) are learning on the Leaf switch03 & 04 Endpoint table.

 

Please find below the EndPoint table as under:

 

LFSW03# show endpoint ip 10.x.x.1xx

Legend:

s - arp              O - peer-attached    a - local-aged       S - static         

 V - vpc-attached     p - peer-aged        M - span             L - local          

 B - bounce           H - vtep           

+-----------------------------------+---------------+-----------------+--------------+-------------+

      VLAN/                           Encap           MAC Address       MAC Info/       Interface

      Domain                          VLAN            IP Address        IP Info

+-----------------------------------+---------------+-----------------+--------------+-------------+

53                                        vlan-40    0000.0000.69b6 L                     eth1/27

DC:DC-NETWORK                             vlan-40     10.x.x.240 L                     eth1/27

DC:DC-NETWORK                             vlan-40   130.x.x.197 L                     eth1/27

DC:DC-NETWORK                             vlan-40      10.x.x.4 L                     eth1/27

DC:DC-NETWORK                             vlan-40      10.x.x.3 L                     eth1/27

DC-DC-NETWORK                             vlan-40       10.x.x.24 L                     eth1/27

DC:DC-NETWORK                             vlan-40      10.x.x.5 L                     eth1/27

DC:DC-NETWORK                             vlan-40     10.x.x.86 L                     eth1/27

DC:DC-NETWORK                             vlan-40       10.x.x.16 L                     eth1/27

DC:DC-NETWORK                             vlan-40      10.x.x.1 L                     eth1/27

DC:DC-NETWORK                             vlan-40    10.x.1x.146 L                     eth1/27

 

Any Solutions to this issue...Please help

0 Helpful
2 Comments
Sergiu.Daniluk
VIP Alumni
VIP Alumni
‎07-09-2020 02:10 AM
‎07-09-2020 02:10 AM

Hi @balbaletabrez 

If you learn the EP locally it means that traffic is received locally with the Source IP of those IP, or ARPs where generated by the IP addresses.

To be able to help you, we need definitely more details:

What do you mean "external remote IP"? Where are these IP's addresses located (L3Out/different EPG/etc)? 

What is connected on 1/27?  How is configured that interface (static EPG port, SG, VMM etc)? Which IP addresses are expected to be learned locally and which are not? As you can see, all the IP addresses are sourced from one single mac address: 0000.0000.69b6. This most probably means that the endpoint owning 0000.0000.69b6 is doing routing: it receives traffic from whatever source, and is routing back to gateway.  I would start by verifying why the endpoint was routing traffic back.

Anyway, the best solution in this scenarios is to enable Tenant > Networking > Bridge Domains > BD > "Limit IP Learning To Subnet" This is a per-BD feature.

There is a second option: Enforce Subnet Check - which is fabric wide and can be enabled from System > System settings.

I would suggest to read about both features and apply the most convenient to you: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html 

 

Stay safe,

Sergiu

balbaletabrez
Level 1
Level 1
‎07-09-2020 02:51 AM
‎07-09-2020 02:51 AM

Thanks Sergiu,

 

Let me check and provide you with the information you have asked.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Popular Articles
Customers Also Viewed These Support Documents