Can’t connect to vCenter from ACI APIC

Having a problem trying to setup your VMM domain on my APIC when trying to connect to vCenter on a different subnet using out of band management? Here’s what we’ve recently run into:

Problems:

Can’t ping from APIC to vCenter IP, but you can ping from vCenter to APIC, therefore you can’t setup your VMM domain in the APIC.

Resolutions:

By default the APIC sets up the infrastructure network (the network the leaf and spine switches use to communicate) to use the 10.0.0.0/16 subnet. You can easily change this, but if you accept the default and happen to be using a 10.0.0.0 subnet for your vCenter the APIC will not route it out of the oobmgmt interface. It tries to route out of the infrastructure interface (often called bond.xxxxx) due to the longest prefix match rule because they both start with 10.x.x.x. You can force a ping to go out the oobmgmt management by using:

ping -I oobmgmt <ip_address_of_vCenter>

This should work because you’re forcing it out the correct interface. Often times we would add a route to the routing table to force it out a certain way, but we don’t have root access on the APIC to do this. Also, this isn’t necessarily a best practices way to handle things.

The easiest way to fix this solution is to change the infrastructure IP s to something not being used.

 

About The Author

0 thoughts on “Can’t connect to vCenter from ACI APIC”

  1. Michel van Kessel

    Hi,

    I had both inband and outband mgmt configured, both with a default gateway. This gave problems, because I had to route to the vCenter. After removing the inband mgmt interface on the APIC I was able to reach vCenter.

    So what is best practice here? use outband mgmt only? I cannot reach vCenter on the inband netwerk (still have no idea why)

    admin@apic1:~> ip route
    default via 10.192.147.1 dev bond0.801
    default via 10.192.120.1 dev oobmgmt metric 16
    10.192.120.0/26 dev oobmgmt proto kernel scope link src 10.192.120.18
    10.192.146.0/24 via 10.192.146.30 dev bond0.800 src 10.192.146.1
    10.192.146.30 dev bond0.800 scope link src 10.192.146.1
    10.192.147.0/26 dev bond0.801 proto kernel scope link src 10.192.147.18
    10.192.147.1 dev bond0.801 scope link src 10.192.147.18

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top