am working on a project where the engineering group is looking at deploying a pair of Nexus 6001 devices at the Aggregation Layer & a pair of Checkpoint 4800 firewalls in a ClusterXL configuration, wherein the FW's Active/Active mode (aka Load Sharing Multicast in default config) passes 'keep alive / state' communication via multicast. The potential case for dropped communication between the L2 switches & the Checkpoint Cluster occurs where the proprietary keepalive packets might get dropped due to the fact that the L2 Switch wont pass the packets sent to the multicast MAC address b/c it cant match the dest IP to an IGMP group (which IGMP membership is disabled by default on CP 4800 firewalls ver R76) -- packets get dropped, and the cluster gets triggered into a potential incorrect failover, throwing warnings, etc
there is a recommendation of disabling IGMP snooping on the ports/VLAN connected to the Checkpoint Cluster members - doing this globally on Nexus will disable all VLANs apparently - but apparently can be done on a per-VLAN basis
there is also recommendation of entering static multicast MAC entries so the switches know where to pass the packets since the IGMP query timers will expire -- however, in the L2 config guide for Nexus 6K - i dont see anything about adding static multicast MAC entries
Moquery is the command line cousin of Vizore, it's very helpful and efficient sometimes during the troubleshooting. This article aims to provide moquery cheat sheet to the users for some most common seen scenarios.
Here is the checklist before customers/partners contact Cisco TAC:
Firmware Version of APIC and Switch
Download Switch and APIC techsupport logs
Problem description (Symptoms with details)
Business impact (eg, what kind of services...
moquery usageAPIC moquerySwitchmoquery
This document discuss a common issue observed during the VMM integration & VM workload migration to ACI fabric.
VMware Virtual machines are hosted in Cisco UCS-B seri...