Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Overlapping or non-overlapping VTEP pool

The question is when asking for a VTEP pool to configure ACI fabric, do you ask for non-overlapping IP pool or overlapping is OK?  I understand that the VTEP pool is only used within the fabric (for now) but with the direction of Multi-pod, multi-pod site, GOLF, the Vxlan boundary will be extended out the edge of the network thus VTEP IP will be advertised into IGP for the underlay.  That will required using a non-overlapping VTEP pool if you don't want to rebuilt your fabric.  Is this correct? 

3 REPLIES
Bronze

The logic explained below is

The logic explained below is my logic and the way I explain it, there may be a different official Cisco answer.

The problem with VTEP pools is the APICs.  You see, the APICs can't handle

  1. having a management IP address that overlaps with the VTEP address space, (it can't figure out which interface to send management responses on) or
  2. being accessed from a workstation that is using an IP address that overlaps with the VTEP address space.

Since it is conceivable that any internal IP address may need to access the APIC for some reason sometime, I would recommend that you don't overlap VTEP addresses with any currently used internal addresses.

Below is an example of the routing table from an APIC:

apic1# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 172.16.11.1 0.0.0.0 UG 0 0 0 oobmgmt
10.0.0.0 10.0.0.30 255.255.0.0 UG 0 0 0 bond0.3967
10.0.0.30 0.0.0.0 255.255.255.255 UH 0 0 0 bond0.3967
10.0.32.64 10.0.0.30 255.255.255.255 UGH 0 0 0 bond0.3967
10.0.32.65 10.0.0.30 255.255.255.255 UGH 0 0 0 bond0.3967
169.254.1.0 0.0.0.0 255.255.255.0 U 0 0 0 teplo-1
169.254.254.0 0.0.0.0 255.255.255.0 U 0 0 0 lxcbr0
172.16.11.0 0.0.0.0 255.255.255.0 U 0 0 0 oobmgmt

In this case, the management interface is an OOB management interface, and the APIC sees the OOB management interface route as 172.16.11.0/24.  Now imagine for a minute I had used 10.0.11.0/24 as my OOB Management subnet.  Since that overlaps with my VTEP range (10.0.0.0/16) there is potential that an IP address of say 10.0.11.11 could be allocated to a VTEP somewhere - and if that happened my APIC would be unable to communicate with it because that address overlaps with my management address range.

HTH

RedNectar

aka Chris Welsh

RedNectar
aka Chris Welsh


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

New Member

Excellent example of why the

Excellent example of why the VTEP pool should be non-overlapping.  Thanks.

Bronze

apache_le - don't forget to

apache_le - don't forget to mark your question as Answered if you are satisfied with the answer given.  It helps anyone searching the forum to find unanswered questions, and helps others find the answer if they have the same question.

RedNectar

aka Chris Welsh

RedNectar
aka Chris Welsh


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

34
Views
0
Helpful
3
Replies