analisi vlan-encap-mismatch vlan-101
25.01 2023 | by massimilianoLa progettazione ACI Fabric è basata su un approccio “Network Centric” dove: 1 VLAN = 1 EPG = 1BD In […]
https://www.ingegnerianetworking.com/wp-content/uploads/2023/01/vl101-fc4.png
La progettazione ACI Fabric è basata su un approccio “Network Centric” dove:
1 VLAN = 1 EPG = 1BD
In questo modo ciascuna vlan rappresenta un singolo dominio di broadcast ed in genere non richiede l’impiego di contracts (no ACL).
Non esistono ambienti multi-tenants ma viene tutto rilasciato nel tenant di default “common”.
La principale causa di un vlan-encap-mismatch è dovuto al fatto che multipli domain associati ad EPG contengono overlapped vlan block, con possibili numeri di intermittenti packets drop.
Gli scenari maggiormente interessati a questo problema sono:
- EPGs deployed on VPC links con due domain ed associazione di overlapped Vlan-Pool
In questo caso perché entrambi i domain hanno lo stesso access-encap vlan-100 ma con vxlan allocation differente su Leaf differenti, il risultato per via EPM (endpoint process manager) è quello di rimuovere le info IP/MAC dell’endpoint dall’hardware ed in questo modo la leaf non ha più infomazioni per il corretto forwarding del pacchetto stesso.
- EPGs deployed on individual links con due domain ed associazione di overlapped Vlan-Pool
In questo caso perché entrambi i domain hanno lo stesso access-encap vlan-100 ma con vxlan allocation differente su Leaf differenti, il risultato è che le BPDU ricevute da un Leaf, verranno scartate dall’altro Leaf.
Architettura di riferimento di analisi:
LEAF-101
leaf101# show system internal epm vlan all | grep 101
101 FD vlan 802.1Q 1076 22892 124 100 2
102 Tenant BD NONE 0 15662991 101 102 3
195 FD vlan 802.1Q 101 12592 205 194 15
243 Ext. BD 802.1Q 1010 15368110 247 243 2
246 Ext. BD 802.1Q 1016 15073235 250 246 1
250 Ext. BD 802.1Q 1011 15499166 254 250 2
leaf101# show system internal epm vlan 195
+———-+———+—————–+———-+——+———-+———–
VLAN ID Type Access Encap Fabric H/W id BD VLAN Endpoint
(Type Value) Encap Count
+———-+———+—————–+———-+——+———-+———–
195 FD vlan 802.1Q 101 12592 205 194 15
leaf101# show system internal epm vlan 195 detail
VLAN 195
VLAN type : FD vlan
hw id : 205 ::: sclass : 5481
access enc : (802.1Q, 101)
fabric enc : (VXLAN, 12592)
Object store EP db version : 74697132
BD vlan id : 194 ::: BD vnid : 15204288 ::: VRF vnid : 3047424
Valid : Yes ::: Incomplete : No ::: Learn Enable : Yes
pol_ctrl_flags: ::: dom_ctrl :
Endpoint count : 15 ::: Local Endpoint count : 15 On Peer Endpoint count 0
::::
LEAF-102
leaf102# show system internal epm vlan all | grep 101
101 FD vlan 802.1Q 308 19793 184 100 19
129 Ext. BD 802.1Q 1011 15499166 134 129 2
131 Ext. BD 802.1Q 1010 15368110 135 131 2
133 Ext. BD 802.1Q 1016 15073235 137 133 1
199 FD vlan 802.1Q 101 16592 143 198 15
263 Tenant BD NONE 0 14712831 101 263 0
leaf102# show system internal epm vlan 199
+———-+———+—————–+———-+——+———-+———–
VLAN ID Type Access Encap Fabric H/W id BD VLAN Endpoint
(Type Value) Encap Count
+———-+———+—————–+———-+——+———-+———–
199 FD vlan 802.1Q 101 16592 143 198 13
leaf102# show system internal epm vlan 199 detail
VLAN 199
VLAN type : FD vlan
hw id : 143 ::: sclass : 5481
access enc : (802.1Q, 101)
fabric enc : (VXLAN, 16592)
Object store EP db version : 73611837
BD vlan id : 198 ::: BD vnid : 15204288 ::: VRF vnid : 3047424
Valid : Yes ::: Incomplete : No ::: Learn Enable : Yes
pol_ctrl_flags: ::: dom_ctrl :
Endpoint count : 17 ::: Local Endpoint count : 17 On Peer Endpoint count 0
::::
LEAF-103
leaf103# show system internal epm vlan all | grep 101
101 Tenant BD NONE 0 15073232 101 101 48
102 FD vlan 802.1Q 430 15892 125 101 6
144 FD vlan 802.1Q 101 16592 132 143 23
leaf103# show system internal epm vlan 144
+———-+———+—————–+———-+——+———-+———–
VLAN ID Type Access Encap Fabric H/W id BD VLAN Endpoint
(Type Value) Encap Count
+———-+———+—————–+———-+——+———-+———–
144 FD vlan 802.1Q 101 16592 132 143 23
leaf103# show system internal epm vlan 144 detail
VLAN 144
VLAN type : FD vlan
hw id : 132 ::: sclass : 5481
access enc : (802.1Q, 101)
fabric enc : (VXLAN, 16592)
Object store EP db version : 11204
BD vlan id : 143 ::: BD vnid : 15204288 ::: VRF vnid : 3047424
Valid : Yes ::: Incomplete : No ::: Learn Enable : Yes
pol_ctrl_flags: ::: dom_ctrl :
Endpoint count : 23 ::: Local Endpoint count : 20 On Peer Endpoint count 3
::::
LEAF-104
leaf104# show system internal epm vlan all | grep 101
81 Tenant BD NONE 0 15335346 101 81 0
145 FD vlan 802.1Q 101 16592 125 144 23
leaf104# show system internal epm vlan 145
+———-+———+—————–+———-+——+———-+———–
VLAN ID Type Access Encap Fabric H/W id BD VLAN Endpoint
(Type Value) Encap Count
+———-+———+—————–+———-+——+———-+———–
145 FD vlan 802.1Q 101 16592 125 144 23
leaf104# show system internal epm vlan 145 detail
VLAN 145
VLAN type : FD vlan
hw id : 125 ::: sclass : 5481
access enc : (802.1Q, 101)
fabric enc : (VXLAN, 16592)
Object store EP db version : 13094
BD vlan id : 144 ::: BD vnid : 15204288 ::: VRF vnid : 3047424
Valid : Yes ::: Incomplete : No ::: Learn Enable : Yes
pol_ctrl_flags: ::: dom_ctrl :
Endpoint count : 23 ::: Local Endpoint count : 18 On Peer Endpoint count 5
LEAF-105
leaf105# show system internal epm vlan all | grep 101
leaf105#
LEAF-106
leaf106# show system internal epm vlan all | grep 101
leaf106#
LEAF |
Vlan-ID (PI internal) |
Vlan-Access-Encapsulation |
SClass |
Fabric Encap (VXLAN-ID) |
BD VxLAN ID |
VRF VxLAN ID |
101 |
195 |
101 |
5481 |
12592 |
15204288 |
3047424 |
102 |
199 |
101 |
5481 |
16592 |
15204288 |
3047424 |
103 |
144 |
101 |
5481 |
16592 |
15204288 |
3047424 |
104 |
145 |
101 |
5481 |
16592 |
15204288 |
3047424 |
Di seguito a verifica di ciò si indica un’output che mette in evidenza lo status di epg flapping:
spine201# show coop internal info repo ep dampening | grep 15204288
——————————————
EP bd vnid : 15204288
EP mac : 00:50:56:A9:0A:A8
num of ipv4 addresses : 0
num of ipv6 addresses : 0
Damp penalty : 6343
Damp status : FREEZE
——————————————
EP bd vnid : 15204288
EP mac : 00:50:56:A9:25:07
num of ipv4 addresses : 0
num of ipv6 addresses : 0
Damp penalty : 6328
Damp status : FREEZE
——————————————
EP bd vnid : 15204288
EP mac : 00:50:56:94:20:F8
num of ipv4 addresses : 0
num of ipv6 addresses : 0
Damp penalty : 6402
Damp status : FREEZE
——————————————
EP bd vnid : 15204288
EP mac : 00:50:56:A9:E2:22
num of ipv4 addresses : 0
num of ipv6 addresses : 0
Damp penalty : 3527
Damp status : FREEZE
——————————————
EP bd vnid : 15204288
EP mac : 00:1C:7F:6E:5E:58
num of ipv4 addresses : 0
num of ipv6 addresses : 0
Damp penalty : 10000
Damp status : FREEZE
——————————————
EP bd vnid : 15204288
EP mac : 00:50:56:94:42:99
num of ipv4 addresses : 0
num of ipv6 addresses : 0
Damp penalty : 5446
Damp status : FREEZE
——————————————
Total no of dampened EPs = 52 à insieme ad altri BD VNID
spine201#
La condizione di FREEZE significa l’effetto di un EP flapping a causa di differenti motivi e il FREEZE dampening permette a tutti i Leaf di ignorare qualsiasi aggiornamento proveniente da endpoint in freezed state; in questo modo nessun update COOP verrà inviato agli Spine prevenendo cosi eventuali problemi in COOP control-plane.