Cisco ACI based environment conflicting with the VIP in Aria Operations for Logs
Article ID: 315988
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Symptoms:
- The Administration > Management > System Monitor page intermittently shows Failed to load resources and agents are reporting Disconnected in a Cisco ACI based environment.
- Aria Operations for Logs VIP is not reachable for ingestion, however ingestion sent directly to a node succeeds.
- The /var/log/loginsight-agent/liagent_latest-date.log contains the following error
- Transport error while trying to ingest SSL connect error
Environment
Aria Operations for logs 8.x
VMware vRealize Log Insight 4.x
VMware vRealize Log Insight 8.x
Cause
- The Aria Operations for Logs load balancer uses a Direct Server Return (DSR) configuration.
- By default, DSR does not work in Cisco ACI because of data-plane IP learning.
Resolution
The L4-L7 Virtual IPs option was introduced in Cisco Application Policy Infrastructure Controller (APIC) Release 1.2(1m).
This option is located at Tenant > Application Profiles > Application EPGs or uSeg EPGs.
This option disables data-plane IP learning for the specific DSR virtual IP address. Failure to disable IP learning for the DSR virtual IP address will result in IP endpoint flapping between different locations in the Cisco ACI fabric.
For more information, see ACI Fabric Endpoint Learning White Paper.
Note:
This option is located at Tenant > Application Profiles > Application EPGs or uSeg EPGs.
This option disables data-plane IP learning for the specific DSR virtual IP address. Failure to disable IP learning for the DSR virtual IP address will result in IP endpoint flapping between different locations in the Cisco ACI fabric.
For more information, see ACI Fabric Endpoint Learning White Paper.
Note:
- Ensure that GARP is set to "enabled" for the segment on CISCO ACI. The default GARP setting is "disabled."
- Some versions of Cisco ACI appliances use an option labelled 'IP Data-plane Learning', set this to 'no' as there is no GARP option.
After following the above steps, it is necessary to perform a reboot of all nodes in the Aria Operations for Logs cluster.
Note: A service restart will not suffice here, a reboot is required.
- In the Aria Operations for Logs UI, note which node has the ILB (Integrated Load Balancer). You will reboot this node last.
- From the vSphere Web Client, right click the Aria Operations for Logs node, select Power > Restart Guest OS
- Repeat step 2 on the remaining nodes in the cluster, one by one, waiting for each node to come online before moving to the next node.
Feedback
Yes
No
Powered by
