The Cisco Application Policy Infrastructure Controller (APIC) works as a smart policy manager, sending the required policy settings to the fabric and applying any needed changes.
It is separate from both the control and data planes, meaning it doesn't get involved in the traffic flow or affect traffic flow in any way. This separation allows the APIC to manage policies efficiently without affecting the movement of data in the network.
apic1# acidiag -h
leaf-a# show interface brief
leaf# show ip interface brief vrf overlay-1 IP Interface Status for VRF "overlay-1"(4) eth1/49 unassigned protocol-up/link-up/admin-up eth1/49.7unnumbered protocol-up/link-up/admin-up (lo0) eth1/50 unassigned protocol-down/link-down/admin-up eth1/51 unassigned protocol-down/link-down/admin-up eth1/52 unassigned protocol-down/link-down/admin-up eth1/53 unassigned protocol-down/link-down/admin-up eth1/54 unassigned protocol-down/link-down/admin-up vlan7 10.0.0.30/27 protocol-up/link-up/admin-up lo0 10.0.32.64/32 protocol-up/link-up/admin-up lo1023 10.0.0.32/32 protocol-up/link-up/admin-up
Configuration of Loopback and TEP IP Addresses in Cisco ACI
Loopback 0 Interface
Assignment:
TEP IP Address: The Loopback 0 interface is assigned the Tunnel Endpoint (TEP) IP address.
Source: Obtained via DHCP from the APIC (Application Policy Infrastructure Controller).
Designation: Referred to as a Physical Tunnel Endpoint (PTEP).
Example Address: In this scenario, the PTEP address is 10.0.32.64.
Additional Configuration:
The PTEP address is also configured as unnumbered on a subinterface of the spine-facing link.
Fabric TEP (FTEP)
Purpose:
Utilized for VXLAN encapsulation to a vSwitch TEP, if available.
Configuration Details:
Unique Address: Cisco ACI specifies a unique FTEP address that remains consistent across all leaf nodes.
Mobility Support: This consistency enables downstream TEP device mobility.
Example Address: In this scenario, the FTEP address is 10.0.0.32.
Overlay-1 VRF
Inclusion:
Both the PTEP and FTEP IP addresses are part of the overlay-1 VRF.
Functionality:
Manages the routing and encapsulation processes for VXLAN tunnels within the Cisco ACI fabric.
APIC Reset
If you need to reset your device, there are two commands you can use: acidiag touch clean and acidiag touch setup.
apic# acidiag touch clean
This command will wipe out this device.
The acidiag touch clean command removes all policy-related data but keeps important network settings like the fabric name, IP address, and login details. This is useful when you want to reset policy settings but keep the core network configurations.
apic# acidiag touch setup
This command will reset the device configuration, Proceed? [y/N] y
The acidiag touch setup command resets the device back to its factory default settings. This is handy if you're planning to repurpose the device for something else, such as moving it between different pods.
Note : you need to reboot the devices after both commands to take command effect.
apic# acidiag reboot
This command will restart this device, Proceed? [y/N] y
You could wipe the switches using the following commands:
Switches
switch# setup-clean-config.sh or acidiag touch clean
This command will wipe out this device, Proceed? [y/N] y
switch# reload
APIC initial config
Press Enter at anytime to assume the default values. Use ctrl-d at anytime to restart from the beginning.
Cluster configuration ...
Enter the fabric name [ACI Fabric1]: Fabric
Enter the fabric ID (1-128) [1]: 1
Enter the number of active controllers in the fabric (1-9) [3]: 3
Is this a standby controller? [NO]: NO
Is this an APIC-X? [NO]: NO
Enter the controller ID (1-3) [1]: 2
Standalone APIC Cluster ? yes/no [no] no
Enter the POD ID (1-254) [1]: 1
Enter the controller name [apic1]: apic2
Enter address pool for TEP addresses [10.0.0.0/16]: 10.0.0.0/16
Note: The infra VLAN ID should not be used elsewhere in your environment
and should not overlap with any other reserved VLANs on other platforms.
Enter the VLAN ID for infra network (1-4094): 3967
Out-of-band management configuration ...",
Enable IPv6 for Out of Band Mgmt Interface? [N]: N
Enter the IPv4 address [192.168.10.1/24]: 192.168.11.2/24
Enter the IPv4 address of the default gateway [None]: 192.168.11.254
Enter the interface speed/duplex mode [auto]: auto
Cluster configuration ...
Fabric name: Fabric
Fabric ID: 1
Number of controllers: 3
Controller name: apic2
POD ID: 1
Controller ID: 2
TEP address pool: 10.0.0.0/16
Infra VLAN ID: 3967
Out-of-band management configuration ...
Management IP address: 192.168.11.2/24
Default gateway: 192.168.11.254
Interface speed/duplex mode: auto
admin user configuration ...
The admin user configuration will be syncronized
from the first controller after this controller joins the cluster.
The above configuration will be applied ...
Warning: TEP address pool and Infra VLAN ID cannot be changed later, these are permanent until the fabric is wiped.
Would you like to edit the configuration? (y/n) [n]: n
apic1# acidiag fnvread
ID Pod ID Name Serial Number IP Address Role State LastUpdMsgId
------------------------------------------------------
101 1 leaf1 S/N 10.0.2.64/32 leaf active 0
102 1 leaf2 S/N 10.0.3.65/32 leaf active 0
201 1 spine1 S/N 10.0.32.66/32 spine active 0
On Cisco APIC, verify the LLDP neighbors on the fabric-facing interfaces eth2-1 and eth2-2 using the acidiag run lldptool command.
apic1# acidiag run lldptool in eth2-1
Chassis ID TLV
MAC: 00:3a:9c:7e:58:c2
Port ID TLV
Local: Eth1/2
Time to Live TLV
120
Port Description TLV
topology/pod-1/paths-101/pathep-[eth1/2]
System Name TLV
leaf-a
System Description TLV
topology/pod-1/node-101
System Capabilities TLV
System capabilities: Bridge, Router
Enabled capabilities: Bridge, Router
Management Address TLV
IPv4: 192.168.10.211
Ifindex: 83886080
Cisco 4-wire Power-via-MDI TLV
4-Pair PoE supported
Spare pair Detection/Classification not required
PD Spare pair Desired State: Disabled
PSE Spare pair Operational State: Disabled
Cisco Port Role TLV
4
Cisco Port Mode TLV
0
Cisco Port State TLV
1
Cisco Model TLV
N9K-C93180YC-FX
Cisco Serial Number TLV
FDO23161CZ0
Cisco Firmware Version TLV
n9000-15.2(1g)
Cisco Node Role TLV
1
Cisco Infra VLAN TLV
369
Cisco Name TLV
leaf-a
Cisco Fabric Name TLV
Fabric
Cisco Node IP TLV
IPv4:10.0.32.64
Cisco Node ID TLV
101
Cisco POD ID TLV
1
Cisco Appliance Vector TLV
Id: 1
IPv4: 10.0.0.1
UUID: 9df7d5a0-ca14-33eb-beda-e526c6a0aa53
LLDP-MED Capabilities TLV
Device Type: netcon
Capabilities: LLDP-MED, Network Policy, Extended Power via MDI-PSE
LLDP-MED Network Policy TLV
01400000
End of LLDPDU TLV
From APIC , Cross-check the chassis ID with the Cisco APIC UUID obtained from the leafs .
Leaf : show lldp neighbour detail
Leaf : show lldp traffic
(none)# Prompt means switch hasn’t been discovered yet
(none)# moquery -c faultInfo (contails all fault)
TPM Disabled in BIOS → Enable it
LLDP Enabled in CIMC/VIC → Disable it
“Show cli list” → to view all CLI commands available
APIC Logs
—-------------
/var/log/dme/log
/var/log/dme/oldlog
Switch Logs
—---------------
/var/log/dme/log
/var/log/dme/oldlog
/var/sysmgr/tmp_logs
APIC# show epg BLUE detail
Leaf1# iping -V tenant:vrf01 -S 172.16.1.1[GW BD IP] 172.16.1.22 (Destination)
apic1# acidiag avread
Local appliance ID=1 ADDRESS=10.0.0.1 TEP ADDRESS=10.0.0.0/16 ROUTABLE IP ADDRESS=0.0.0.0 CHASSIS_ID=9df7d5a0-ca14-11eb-beda-e526c7a0aa53
Cluster of 1 lm(t):1(zeroTime) appliances (out of targeted 1 lm(t):1(2021-06-11T09:39:44.787+00:00)) with FABRIC_DOMAIN name=Fabric set to version=5.2(1g) lm(t):1(2021-06-11T09:40:01.215+00:00); discoveryMode=PERMISSIVE lm(t):0(1970-01-01T00:00:00.001+00:00); drrMode=OFF lm(t):0(1970-01-01T00:00:00.001+00:00); kafkaMode=OFF lm(t):0(1970-01-01T00:00:00.001+00:00)
appliance id=1 address=10.0.0.1 lm(t):1(2021-06-10T19:44:55.051+00:00) tep address=10.0.0.0/16 lm(t):1(2021-06-10T19:44:55.051+00:00) routable address=0.0.0.0 lm(t):1(zeroTime) oob address=192.168.11.1/24 lm(t):1(2021-06-10T19:45:00.131+00:00) version=5.2(1g) lm(t):1(2021-06-10T19:45:00.188+00:00) chassisId=9df7d5a0-ca14-11eb-beda-e526c7a0aa53 lm(t):1(2021-06-10T19:45:00.188+00:00) capabilities=0X7EEFFFFFFFFF--0X2020--0X1 lm(t):1(2021-06-11T09:44:04.539+00:00) rK=(stable,present,0X206173722D687373) lm(t):1(2021-06-10T19:45:00.134+00:00) aK=(stable,present,0X206173722D687373) lm(t):1(2021-06-10T19:45:00.134+00:00) oobrK=(stable,present,0X206173722D687373) lm(t):1(2021-06-10T19:45:00.134+00:00) oobaK=(stable,present,0X206173722D687373) lm(t):1(2021-06-10T19:45:00.134+00:00) cntrlSbst=(APPROVED, FCH2128V0F0) lm(t):1(2021-06-10T19:45:00.188+00:00) (targetMbSn= lm(t):0(zeroTime), failoverStatus=0 lm(t):0(zeroTime)) podId=1 lm(t):1(2021-06-10T19:44:55.051+00:00) commissioned=YES lm(t):1(zeroTime) registered=YES lm(t):1(2021-06-10T19:44:55.051+00:00) standby=NO lm(t):1(2021-06-10T19:44:55.051+00:00) DRR=NO lm(t):0(zeroTime) apicX=NO lm(t):1(2021-06-10T19:44:55.051+00:00) virtual=NO lm(t):1(2021-06-10T19:44:55.051+00:00) active=YES(2021-06-10T19:44:55.051+00:00) health=(applnc:255 lm(t):1(2021-06-10T19:47:00.737+00:00) svc's)
---------------------------------------------
clusterTime=<diff=-7610 common=2021-06-11T18:30:33.430+00:00 local=2021-06-11T18:30:41.040+00:00 pF=<displForm=0 offsSt=0 offsVlu=0 lm(t):1(2021-06-11T09:39:41.180+00:00)>>
---------------------------------------------
Interfaces in APIC (ifconfig)
bond0: A logical bond that bundles the physical interfaces attached to the fabric (eth2-1 and eth2-2).
bond1: A logical bond that provides OOB connectivity.
bond0.369: Subinterface of the bond0 interface that carries Infra traffic, such as packets encapsulated with Infra VLAN (369) 802.1Q header. The IP address of this subinterface is 10.0.0.1/32. It belongs to the TEP address pool (10.0.0.0/16) that was configured in the setup utility.
oobmgmt: Logical interface for OOB management configured during the initial setup.
The bonding mode is set to fault-tolerance (active-backup). In the example below, eth2-2, facing leaf-b, is active.
Identify the active link on Cisco APIC
/proc/net/bonding/bond0
leaf2 must have been discovered first.
APIC’s bond0 is active/standby port-channel
apic1# cat /proc/net/bonding/bond0
Ethernet Channel Bonding Driver: v3.7.1 (April 30, 2023)
Bonding Mode: fault-tolerance (active-backup)
Primary Slave: None
Currently Active Slave: eth2-2
MII Status: up
MII Polling Interval (ms): 60
Up Delay (ms): 0
Down Delay (ms): 0
Slave Interface: eth2-1
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 1
Permanent HW addr: 38:90:a5:40:76:ea
Slave queue ID: 0
Slave Interface: eth2-2
MII Status: up
Speed: 10000 Mbps
Duplex: full
Link Failure Count: 1
Permanent HW addr: 38:90:a5:40:76:eb
Slave queue ID: 0
Packet Drop
Leaf
SSH to the leaf and run these commands. This example is for ethernet 1/31.
ACI-LEAF# vsh_lc
Spine
A fixed spine (N9K-C9332C and N9K-C9364C) can be checked using the same method as the leaf switches.
For a modular spine (N9K-C9504 etc.), the linecard must be attached to before the platform counters can be viewed. SSH to the spine and run these commands. This example is for ethernet 2/1.
ACI-SPINE# vsh
ACI-SPINE# attach module 2
module-2# show platform internal counters port 1
Queuing stats counters are shown using 'show queuing interface'.
ACI-LEAF# show queuing interface ethernet 1/5
Viewing statistics in GUI
The location is 'Fabric > Inventory > Leaf/Spine > Physical interface > Stats/ Error Counters /QoS Stats
leaf-a# show vrf
VRF-Name VRF-ID State Reason
black-hole 3 Up --
overlay-1 4 Up --
Note
Cisco ACI uses a dedicated VRF as an infrastructure to carry VXLAN traffic. The transport infrastructure for VXLAN traffic is known as overlay-1, which exists as part of the tenant “infra.”
leaf-a# show vrf
VRF-Name VRF-ID State Reason
black-hole 3 Up --
overlay-1 4 Up --
Cisco ACI uses a dedicated VRF as an infrastructure to carry VXLAN traffic. The transport infrastructure for VXLAN traffic is known as overlay-1, which exists as part of the tenant “infra.” Leaf nodes are known as PTEPs (physical tunnel endpoints).
VRF
Policy Control Enforcement in VRF
Default Security:
VRF normally blocks communication between different Endpoint Groups (EPGs) unless there are specific rules (contracts) that allow it.
Policy Control Enforcement Feature:
This feature allows you to turn off the default security settings.
When turned off, the rules (contracts) are ignored.
EPGs can freely communicate with each other as long as they can connect on the network (Layer 2 or Layer 3).
Endpoint Groups (EPGs) and Bridge Domains (BDs)
Bridge Domains
Bridge domains are essential components within Cisco ACI that offer the following characteristics:
Layer 2 Forwarding Domains:They act as Layer 2 forwarding domains, enabling the seamless transmission of packets within the same network segment.
Default Gateway and Subnet Configuration:Bridge domains provide endpoints with default gateway services and subnet configurations, ensuring efficient network communication and IP addressing.
Association with a Single VRF:Each bridge domain is linked to a single Virtual Routing and Forwarding (VRF) instance, maintaining network segmentation and isolation at the Layer 3 level.
Flexibility in Network Design:
Multiple Bridge Domains per Tenant:
Tenants can incorporate one or more bridge domains, allowing for granular network segmentation within their allocated space.
Multiple Bridge Domains per VRF:
A single VRF can encompass multiple bridge domains, facilitating the grouping of various Layer 2 domains under a unified routing instance.
Support for Multiple Subnets:Bridge domains can contain multiple subnets, offering the versatility to host different IP subnets within the same Layer 2 domain.
Characteristics Endpoint Groups (EPGs) and Bridge Domains (BDs)
Security Isolation with EPGs and BDs
Multiple EPGs within a BD:
EPGs are defined within a Bridge Domain (BD) to provide security isolation.
This adds an extra layer of segmentation beyond traditional Layer 2 separation.
Layer 2 Segmentation Differences
Traditional Networks:
VLAN ID is the primary method for Layer 2 network separation.
Cisco ACI:
BDs are not directly tied to VLAN IDs.
Introduces EPGs as a finer segmentation layer, with VLAN IDs used for security separation rather than just Layer 2 separation.
EPG offers more granular security controls compared to BDs.
Endpoint Definition and Management
Endpoint Composition:
An endpoint consists of a MAC address and can have one or more IP addresses, representing a single device.
Traditional Networks:
Use separate tables for managing network addresses:
MAC Address Table: For Layer 2 forwarding.
Routing Information Base (RIB): For Layer 3 forwarding.
ARP Table: For mapping IP addresses to MAC addresses.
Cisco ACI:
Consolidates MAC Address Table and ARP Table into a single Endpoint Table.
Advantages:
Reduces the need for separate processing of ARP traffic.
Detects IP and MAC address changes quickly without waiting for Gratuitous ARP (GARP).
Learns MAC and IP addresses directly from packet inspection in the data plane.
Learning and Forwarding Mechanism
Endpoint Learning:
MAC and IP addresses are learned in hardware by inspecting the source MAC and source IP of incoming packets.
No reliance on ARP for obtaining the MAC address of the next hop.
Resource Efficiency:
Minimizes processing and generation of ARP traffic.
IP/MAC Mobility Detection:
Quickly identifies changes in IP and MAC addresses when new traffic is sent from a host.
L3Out Functionality
Despite the Endpoint Table:
Cisco ACI still uses the RIB and ARP table for L3Out (Layer 3 External) functionalities.
Forwarding Table Lookup Order in Cisco ACI
Primary Lookup:
Endpoint Table: Accessed using the show endpoint command.
Secondary Lookup:
Routing Information Base (RIB): Accessed using the show ip route command.
APIC# show epg BLUE detail
Layer 3 Configurations in Cisco ACI
1. Unicast Routing
Enable Default Gateway:
Acts as the default gateway for the bridge domain.
Routes network traffic within the fabric.
IP Mapping:
When enabled, the endpoint table on leaf switches maps IP addresses to Tunnel Endpoints (TEPs) for the bridge domain.
IP Learning:
IP addresses are learned even without a subnet configured under the bridge domain.
2. Subnet Address Configuration
Purpose:
Sets the IP addresses for Switched Virtual Interfaces (SVIs), which serve as default gateways for the bridge domain.
Options for Configuring a Subnet:
Private to VRF:
The subnet is restricted to its specific Virtual Routing and Forwarding (VRF) within the tenant.
It does not extend beyond that VRF.
Advertised Externally:
The subnet can be shared with external networks.
Makes it accessible through a routed connection.
Shared between VRFs:
The subnet can be shared and exported to multiple VRFs within the same tenant or across different tenants.
Ideal for shared services, such as connecting to an Endpoint Group (EPG) in another VRF or tenant.
Allows bidirectional traffic flow between VRFs.
Important Notes:
For shared services, configure the subnet under the EPG, not the bridge domain.
Set the subnet scope to both "advertised externally" and "shared between VRFs."
3. Default Settings and Best Practices
Unicast Routing:
Default State: Enabled by default when configuring a default gateway within the Cisco ACI fabric.
When to Disable Unicast Routing:
If the default gateway is set outside the fabric (e.g., on a firewall).
Alternative: Enable ARP flooding when unicast routing is disabled.
Reason to Disable:
Prevents unnecessary IP learning.
Avoids unexpected IP forwarding issues.
Key Takeaways
Unicast Routing:
Essential for routing traffic within the fabric and mapping IPs to TEPs.
Can be disabled if the default gateway is external, but requires enabling ARP flooding.
Subnet Address Options:
Private to VRF: Limited to a single VRF.
Advertised Externally: Accessible from outside networks.
Shared between VRFs: Allows multiple VRFs or tenants to use the same subnet for shared services.
Configuration Best Practices:
Use "advertised externally" and "shared between VRFs" scopes for subnets under EPGs when sharing services.
Disable unicast routing only when necessary to avoid IP forwarding issues.
-------------------------------------------------------------------------------------------------------------------------------
General Troubleshooting
avread --> Displays APICs within the cluster.
fnvread --> Displays the address and state of switch nodes registered with the fabric.
fnvreadex --> Displays additional information for switch nodes registered with the fabric.
rvread service --> Summarizes the data layer state. The output shows a summary of the data layer state for each service. The shard view shows replicas in ascending order.
rvread service shard --> Displays the data layer state for a service on a specific shard across all replicas.
rvread service shard replica --> Displays the data layer state for a service on a specific shard and replica.
crashsuspecttracker --> Tracks states of a service or data subset that indicate a crash.
dbgtoken--> Generates a token to permit remote SSH access.
version --> Displays the APIC ISO software version.
APIC# man acidiag
Service IDs:
1 - cliD
2 - controller
3 - eventmgr
4 - extXMLApi
5 - policyelem
6 - policymgr
7 - reader
8 - ae
9 - topomgr
10 - observer
11 - dbgr
12 - observerelem
13 - dbgrelem
14 - vmmmgr
15 - nxosmock
16 - bootmgr
17 - appliancedirector
18 - adrelay
19 - ospaagent
20 - vleafelem
21 - dhcpd
22 - scripthandler
23 - idmgr
24 - ospaelem
25 - osh
26 - opflexagent
27 - opflexelem
28 - confelem
29 - vtap
30 - snmpd
31 - opflexp
32 - analytics
33 - policydist
34 - plgnhandler
35 - domainmgr
36 - licensemgr
37 - no service
38 - platformmgr
39 - edmgr
Data States
COMATOSE: 0
NEWLY_BORN: 1
UNKNOWN: 2
DATA_LAYER_DIVERGED: 11
DATA_LAYER_DEGRADED_LEADERSHIP: 12
DATA_LAYER_ENTIRELY_DIVERGED: 111
DATA_LAYER_PARTIALLY_DIVERGED: 112
DATA_LAYER_ENTIRELY_DEGRADED_LEADERSHIP: 121
DATA_LAYER_PARTIALLY_DEGRADED_LEADERSHIP: 122
FULLY_FIT: 255
APIC# acidiag rvread 9 15
(9,15,1) st:6 lm(t):3(2024-01-06T12:29:47.065+00:00) le: reSt:LEADER voGr:0 cuTerm:0x50 lCoTe:0x4f lCoIn:0x78000000001d9864 veFiSt:0x13 veFiEn:0x13 lm(t):3(2024-01-06T12:29:47.053+00:00) stMmt:1 lm(t):0(zeroTime) ReTx:0 lm(t):0(zeroTime) lastUpdt 2024-01-07T04:44:20.873+00:00
APIC# acidiag rvread 9 11
(9,11,1) st:6 lm(t):2(2024-01-06T12:29:24.547+00:00) le: reSt:LEADER voGr:0 cuTerm:0x52 lCoTe:0x51 lCoIn:0x58000000001e1304 veFiSt:0x29 veFiEn:0x29 lm(t):2(2024-01-06T12:29:24.507+00:00) stMmt:1 lm(t):0(zeroTime) lp: clSt:2 lm(t):2(2024-01-06T12:04:38.6
Login as root
Since service ID 9 is topomgr
systemctl start topomgr
systemctl stop topmgr
systemctl restart topomgr
systemctl status topomgr
Example: APIC1 is in partial diverge state
APIC# rvread
\- unexpected state; /-unexpected mutator;
s-> 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32lcl
r->123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123123lcl
1
2
3
4
5
6
7
8
9
10
11 \ \ \
12
13
14
15
Non optimal leader for shards : 11:1,11:16,11:19,11:25,11:28,11:31
Since service 11 is dbgr & leader for shard 11 is APIC3
Action Plan:
Stop the dbgr service and start that on 3 APICs and APIC1 is back in fully-fit state
acidiag stop dbgr
acidiag start dbgr
APIC SSD REPLACEMENT PROCEDURE
CIMCServer# scope sol
Server /sol # set enabled yes
Server /sol *# set baud-rate 115200
Server /sol *# commit
Server /sol *#connect host
APIC CPU and Memory
apic# ps aux --sort -%mem
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
1000 22836 1.3 4.9 11636484 4790212 ? Ssl Jan06 14:06 /etc/alternatives/jre_openjdk/bin/java -Xms1g -Xmx1g -XX:+UseConcMarkSweepGC -XX:CMSInitiatingOccupancyFraction=75 -XX:+UseCMSInitiatingOccupancyOnly -Des.networkaddress.cache.ttl=60 -Des.ne
ifc 5775 1.6 2.1 2716716 2121416 ? Ssl Jan06 17:49 /mgmt//bin/svc_ifc_reader.bin --x
root 7380 1.8 1.2 1980428 1226688 ? Ssl Jan06 19:28 /mgmt//bin/nginx.bin -p /data//nginx/
ifc 5766 2.1 1.0 1695524 1006004 ? Ssl Jan06 23:04 /mgmt//bin/svc_ifc_policymgr.bin --x
ifc 5765 1.7 1.0 1642268 995828 ? Ssl Jan06 19:02 /mgmt//bin/svc_ifc_observer.bin --x
apic# top -o %MEM
top - 05:39:56 up 17:46, 1 user, load average: 2.70, 2.54, 2.42
Tasks: 681 total, 1 running, 304 sleeping, 0 stopped, 0 zombie
%Cpu(s): 3.2 us, 2.8 sy, 0.0 ni, 94.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st
KiB Mem : 97353248 total, 51438976 free, 19963508 used, 25950764 buff/cache
KiB Swap: 0 total, 0 free, 0 used. 76119576 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
22836 1000 20 0 11.1g 4.6g 25616 S 0.0 4.9 14:06.19 java
5775 ifc 20 0 2716716 2.0g 166900 S 0.0 2.2 17:50.15 svc_ifc_reader.
7380 root 20 0 1980428 1.2g 198468 S 5.9 1.3 19:28.69 nginx.bin
5766 ifc 20 0 1695524 982.4m 224212 S 0.0 1.0 23:04.94 svc_ifc_policym
apic# ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%mem | head -n30
PID PPID CMD %MEM %CPU
22836 22834 /etc/alternatives/jre_openj 4.9 1.3
5775 1 /mgmt//bin/svc_ifc_reader.b 2.1 1.6
7380 1 /mgmt//bin/nginx.bin -p /da 1.2 1.8
5766 1 /mgmt//bin/svc_ifc_policymg 1.0 2.1
5765 1 /mgmt//bin/svc_ifc_observer 1.0 1.7
1811 32429 java -Xms1g -Xmx2g -XX:+Hea 0.9 0.9
30639 30450 java -Xmx4096m -Djava.secur 0.8 1.5
5772 1 /mgmt//bin/svc_ifc_eventmgr 0.7 2.0
32227 32226 /etc/alternatives/jre_1.8.0 0.7 21.5
1563 31801 java -XX:+UseG1GC -XX:MaxGC 0.6 1.1
5780 1 /mgmt/opt/controller/decoy/ 0.6 0.0
Command Output
apic1# acidiag fnvread ID Pod ID Name Serial Number IP Address Role State LastUpdMsgId ------------------------------------------------------ 101 1 leaf-a FDO23161CZ0 10.0.32.64/32 leaf active 0 102 1 leaf-b FDO23161MNG 10.0.32.65/32 leaf active 0 201 1 spine FDO231113UJ 10.0.32.66/32 spine active 0
leaf-a# show lldp neighbors Device ID Local Intf Hold-time Capability Port ID 3560-x.dc.local Eth1/1 120 BR Gi1/0/3 apic1 Eth1/2 120 eth2-1 spine Eth1/49 120 BR Eth1/1 Total entries displayed: 3
List all the EPGs in the fabric:
admin@apic:~> moquery -c fvAEPg | grep dn
dn : uni/tn-infra/ap-access/epg-default
dn : uni/tn-infra/ap-ave-ctrl/epg-ave-ctrl
dn : uni/tn-Sales/ap-eCommerce_AP/epg-App_EPG
dn : uni/tn-Sales/ap-eCommerce_AP/epg-D_EPG
dn : uni/tn-Sales/ap-eCommerce_AP/epg-Wb_EPG
dn : uni/tn-Sales/ap-eCommerce_AP/epg-Bckp_EPG
List all VLAN use anywhere as encap in the fabric:
admin@apic1:~> moquery -c vlanCktEp | grep '^encap' | sort -u encap : vlan-10 encap : vlan-112 encap : vlan-120
Where do you use vlan-120?
admin@apic1:~> moquery -c fvIfConn | egrep "dn.*vlan-120]"
dn : uni/epp/fv-[uni/tn-DC/ap-App/epg-EPG1]/node-102/stpathatt-[n7k2-vpc]/conndef/conn-[vlan-120]-[0.0.0.0]
dn : uni/epp/fv-[uni/tn-DC/ap-App/epg-EPG1]/node-101/stpathatt-[n7k2-vpc]/conndef/conn-[vlan-120]-[0.0.0.0]
dn : uni/epp/fv-[uni/tn-DC/ap-App/epg-EPG1]/node-101/stpathatt-[eth1/33]/conndef/conn-[vlan-120]-[0.0.0.0]List all the EPGs in the fabric:
admin@apic1:~> moquery -c fvAEPg | grep dn
dn : uni/tn-infra/ap-access/epg-default
dn : uni/tn-infra/ap-ave-ctrl/epg-ave-ctrl
dn : uni/tn-Sales/ap-eCommerce_AP/epg-App_EPG
dn : uni/tn-Sales/ap-eCommerce_AP/epg-DB_EPG
dn : uni/tn-Sales/ap-eCommerce_AP/epg-Web_EPG
dn : uni/tn-Sales/ap-eCommerce_AP/epg-Backup_EPG