We experienced similar behaviour for our CSS load balancing SMTP servers. These servers were NATed on CSS with VIP address on CSS using a group. Once in a while we use to see packets on Internet firewall with server's non-nated IP ADD. On close inspection we found out that when the CSS service pointing to the servers use to go down the CSS use to act as a router and route any packets coming from the SMTP server to its default gateway of Internet Firewall. The SMTP service on the servers was flapping between up/down state due to code problem on the servers.
You may want to see if CSS Service pointing to the servers is up or down when you see the non-nated IP ADD on Firewall.
Topology & Design:
Two ACI fabrics
Stretching VLANs using OTV
Both fabrics are advertising BD subnets into same routing domain
Some BDs(or say VLANs) are stretched, but some are not.
Endpoints can move betwee...
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
Topology &Design:Traffic flow within same fabric:Endpoint moves to Fabric-2Bounce Entry Times OutTraffic Black-holedSummarySolutionAppendix:
In the Previous articles of ACI Automation, we are using Postman/Newman a...