4 Replies Latest reply: Oct 5, 2017 9:47 PM by David P. RSS

    ACI Performance Troubleshooting and Optimization | Post Webinar Open Discussion

    Matt Saunders - Community Manager

      Hello - Please consider this the ACI Performance Troubleshooting and Optimization Post Webinar Open Discussion for today's webinar.

       

      Please download the presenters' handout here: ACI Performance Troubleshooting Slides.pdf

       

      I will post a notification of recording and presenters slide deck availability there once they are available. Typically this takes 3-4 business days from the day of the live event.

       

      Please visit the ACI Training Videos space for more info on the ACI Webinar and Training Videos series.

       

      Thank you very much.

         
        • 1. Re: ACI Performance Troubleshooting and Optimization | Post Webinar Open Discussion
          Matt Saunders - Community Manager

          Q&A Session for ACI Performance Troubleshooting and Optimization

           

          Session Number: 203462974

          Date: 2017-10-5

          Starting time: 09:25

          ________________________________________________________________

           

           

          (Guest)  - 10:01

          Q:  which ACI version will you be working with today

          Priority:  N/A 

              Robert Burns (Cisco)     - 10:01

            A:  I believe she'll be demoing on 3.0  

          ________________________________________________________________

           

             Dan (Guest)  - 10:06

          Q:  Anyway to check for contract utilization/TCAM affects if you implemented a certain number of contracts with varying consume/providing relationships? 

          Priority:  N/A 

              Robert Burns (Cisco)     - 10:09

            A:  Yes, there's actually a tool built into the APIC called "ACI Optimizer" which does exactly this.  Operations > ACI Optimizer.  You can create a "What if" scenario to help size your policy deployment details.  

          ________________________________________________________________

           

             Rui - 10:12

          Q:  Is there a way to monitor how much TCAM is being consumed by the current contracts deployed?  To monitor when you are approaching thresholds

          Priority:  N/A 

              Robert Burns (Cisco)     - 10:14

            A:  I don't believe we can look at the impact of a single contract, but rather all contacts/filters as a whole's impact on TCAM on a per switch basis.  

              Robert Burns (Cisco)     - 10:17

            A:  Actually misread the question.  Yuliya should be demoing this shortly.  

          ________________________________________________________________

           

             Peter  (Guest) - 10:12

          Q:  If you re-use the same contract between different EPG's, does that make a difference to TCAM usage?

          Priority:  N/A 

              Daniel Pita (Cisco)     - 10:14

            A:  no difference. still need to program two entries for each pair of prov/consumer  

          ________________________________________________________________

           

           

             Rui  (Guest) - 10:13

          Q:  Are there plans for the Preferred Group function to be expanded, to allow for multiple Preferred Groups per VRF (i.e. where i can put one group of EPG's on Preferred Group 1, and a group of other EPG's on preferred Group 2)?

          Priority:  N/A 

              Daniel Pita (Cisco)     - 10:16

            A:  not that i am aware. if you really have a use case for this. open a TAC case and request an enhancement 

              Robert Burns (Cisco)     - 10:15

            A:  I don't believe so at this time.   I will double check though.  

          ________________________________________________________________

           

           

             Roxana  - 10:13

          Q:  the preferred group option also applies if we have a L3OUT configured?

          Priority:  N/A 

              Daniel Pita (Cisco)     - 10:15

            A:  yes. preferred group applies to L3 out InstP/ EPG  

          ________________________________________________________________

           

             Rui - 10:20

          Q:  So when would you use vzAny vs Preferred Group?   

          Priority:  N/A 

              Daniel Pita (Cisco)     - 10:23

            A:  its really up to what you are trying to accomplish. vzAny will apply to all EPGs. so say i have a web-epg. that epg is providing port 80 contract. vzAny will consume port 80 contract which will mean ALL EPGs in the VRF can access port 80 of web-epg 

              Daniel Pita (Cisco)     - 10:24

            A:  preferred groups on the other hand allows all communication between any EPG that is included. no need for contracts. and only applies to those that are set to "include"  

          ________________________________________________________________

           

             Sergiu - 10:30

          Q:  so if i understood correctly, pre-provision option is used in case you have the vmm configured, but not yet connected to the fabric leafs? 

          Priority:  N/A 

              Daniel Pita (Cisco)     - 10:33

            A:  that is sort of correct. with what you describe the switch will be programmed. but esseintially pre-provision is a way to program the switch regardless of anything. kind of like a static path that is implicitly programmed 

              Robert Burns (Cisco)     - 10:32

            A:  Yes, its also helpful to remove the dependency on the discovery protocl (LLDP/CDP), in the case if your host was more than 1 hop connected from the fabric. It would also make the policy "ready to use" should all APICs not be reachable to push the policy  

          ________________________________________________________________

           

             Simon - 10:31

          Q:  Resolution and deployment. Is this only related to vm domains? 

          Priority:  N/A 

              Robert Burns (Cisco)     - 10:32

            A:  Yes 

              Robert Burns (Cisco)     - 10:33

            A:  Since Virtual Endpoints move around, we give the ability to dictate "When" to download network policies from the APIC to the Leaf switches which the Hypervisors connect to.    

          ________________________________________________________________

           

             Rui - 10:37

          Q:  Multicast Routing in the overlay, still does not incorporate using the Fabric as a Rendezvous Point, correct?  

          Priority:  N/A 

              Daniel Pita (Cisco)     - 10:40

            A:  as far as i can tell. that is correct 

              Daniel Pita (Cisco)     - 10:40

            A:  https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/multicast/b_Using_Layer3_Multicast/b_Using_Layer3_Multicast_chapter_00.html  

          ________________________________________________________________

           

             Kevin - 10:38

          Q:  is "dCloud" a good place still to play with ACI?

          Priority:  N/A 

              Robert Burns (Cisco)     - 10:39

            A:  Yes, you can walk through some guided labs - all free.  There's one ACI lab using "WalkMe" which leverage a similutor which has no datapath, but there is a "APIC Physical Fabric" lab as well.  Look for those keywords depending what you want to play with.  

          ________________________________________________________________

           

             Dennis - 10:40

          Q:  Is there any troubleshooting guides or experiences (or special troubleshooting considerations) specifically when running Vmware NSX over ACI ?

          Priority:  N/A 

              Daniel Pita (Cisco)     - 10:42

            A:  nothing really special to consider. regular networking 

              Robert Burns (Cisco)     - 10:42

            A:  https://communities.vmware.com/servlet/JiveServlet/downloadBody/30849-102-1-41565/Deploying%20NSX%20with%20Cisco%20ACI%20as%20Underlay.pdf  Nothing I haven't seen specifically to troubleshooting both together.    

          ________________________________________________________________

           

           

             Peter - 10:45

          Q:  I have multiple EPG's running http/https services for users to consume.  They all use the same WEB contract.  Can I use preferred group or vz Any to reduce TCAM?  I don't want to give access between the EPG's though...

          Priority:  N/A 

              Daniel Pita (Cisco)     - 10:49

            A:  Hello Peter. you might need to be a little more specific. do you want all other EPGs to access the multiple EPGs with web servers? or only a specific set? do you only want to allow HTTP? or ICMP/SSH and all other traffic as well?  

          ________________________________________________________________

           

             Roberto- 10:50

          Q:  Is there any rule definition for implicit rules in the fabric that we may look and dig. for example Reverse Path Verify, source routing, etc? I'm having some issues in my lab denying traffic from an implicit rule even when the contract allows everything

          Priority:  N/A 

              Daniel Pita (Cisco)     - 10:52

            A:  implicit rules are always programmed, like the deny rule. we dont have anything like reverse path verify or source routing  

          ________________________________________________________________

           

             Peter - 10:49

          Q:  Thanks.  I wouldn't want all other EPG's to access the WEB EPG's.

          Priority:  N/A 

              Daniel Pita (Cisco)     - 10:53

            A:  i see. if its a specific set of EPGs then regular contracts are the way to go. vzAny wont work for you and preferred groups wont either from the sounds of it  

          ________________________________________________________________

           

             Rui  - 10:52

          Q:  any good resource on moquery on different iterations of the command that can be used (for useful queries).  I've seen the odd article, but it's still somewhat daunting on how to query some useful information from the CLI (such as to show all EPG's that are

          Priority:  N/A 

              Daniel Pita (Cisco)     - 10:55

            A:  i think you are better off using some form of programminng/python to include the logic "if this epg has 802.1p then print epg" sorta thing. cobra sdk is great but you can use regular python requests pachage as well  

          ________________________________________________________________

           

             Dennis - 10:56

          Q:  Does ACI supports Geneve already or only VXLAN as an overlay/tunnel protocol in the Fabric? 

          Priority:  N/A 

              Robert Burns (Cisco)     - 10:57

            A:  Its coming ;-)  

          ________________________________________________________________

           

             Tom - 10:57

          Q:  what is the facebook group name so we can join?

          Priority:  N/A 

              Robert Burns (Cisco)     - 10:58

            A:  https://www.facebook.com/groups/1028679983855301/  

          ________________________________________________________________

           

             Dennis - 10:57

          Q:  great session, thanks

          Priority:  N/A   

          • 2. Re: ACI Performance Troubleshooting and Optimization | Post Webinar Open Discussion
            David P.

            Couldnt catch the Webinar   but will wait for the recording. Got the slides!

             

            I have worked with Daniel in some TAC cases before, also his blog is excellent!

             

            You guys had amazing hosts! Cannot miss the chance to watch this webinar!

             

            Thanks, guys, for organizing this!

            • 3. Re: ACI Performance Troubleshooting and Optimization | Post Webinar Open Discussion
              Matt Saunders - Community Manager

              Thanks David - I hope you're finding these valuable!

              • 4. Re: ACI Performance Troubleshooting and Optimization | Post Webinar Open Discussion
                David P.

                I am! ACI is part of my daily work. We manage a ton of DCs based on ACI! This is priceless :D

                 

                Thanks!