Buy or Renew
Buy or Renew
Cisco DNA Center is now Catalyst Center. New name, same great product. Learn more about Catalyst Center here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
0
Helpful
9
Replies

Migrate subnet into SD Access

KevinR99
Level 1
Level 1

‎04-15-2024 03:59 AM

Hi

I am testing migrating a subnet into SD Access.  I have a subnet routed outside my fabric and I have a device inside my fabric on that subnet routed by the external gateway by handing off the address pool on a L2 VN.  This all works fine.

I now want to simulate a situation where I move the gateway inside the fabric.  So I shut the SVI on the outside then tried to create an Anycast gateway on the inside.  I get the follwong error.

"One or more of the proposed pool(s) conflicts with at least one blocklisted IP address. Please choose a different pool address."

So I thought I'd start from scratch and delete my handed off L2 VN as well as the hand off at the L2 Border.  The intentio n being that I will then create an Anycast gateway and hand the associated L2 VN off externally.  However, when I try to delete the original L2 VN I get the following error

Invalid Message Code NCSO20275

Do I cannot even delete my L2 VN and start from scratch and rebuild with an Anycast gateway inside my fabric.

Anyone seen this before?  I want to get a process streamlined where I can move an external gateway inside my fabric as quickly and with as little disruption as possible.

Thanks, Kev.

Labels:
0 Helpful
9 Replies 9

KevinR99
Level 1
Level 1

‎04-15-2024 04:15 AM - edited ‎04-15-2024 04:16 AM

I've resolved the very helpful 2nd message "Invalid Message Code NCSO20275"

This is because I had edge ports allocated to the L2 VN I was trying to delete.  So I cleared those allocations and was able to delete the L2 VN.  However, the initial issue still stands that I cannot create an internal Anycast gateway due to the following error.

"One or more of the proposed pool(s) conflicts with at least one blocklisted IP address. Please choose a different pool address."

In real life I will have the gateway outside the fabric and gradually I will move devices inside the fabric.  So at some stage I will have many devices inside the fabric being routed by an external gateway.  I then want as smooth as possible a change to an internal Anycast gateway.

Any thoughts would be welcome.

Thanks, K.

0 Helpful

Torbjørn
Spotlight
Spotlight

‎04-15-2024 04:18 AM

Is there an IPAM integration configured?

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev
0 Helpful

KevinR99
Level 1
Level 1
In response to Torbjørn

‎04-15-2024 04:27 AM

No, there's no IPAM integration.

0 Helpful

KevinR99
Level 1
Level 1
In response to KevinR99

‎04-15-2024 04:35 AM

I'm now at the stage where I have deleted any reference to the address pool, the L2 VN and made sure there is no Anycast gateway.  I then create an address pool, try to create an Anycast gateway using that pool and I get that original message.

"One or more of the proposed pool(s) conflicts with at least one blocklisted IP address. Please choose a different pool address."

As a test I created a completely new address pool from the same Global pool and successfully created an Anycast gateway for it.  So it looks like DNAC is retaining some info relating to my problematic address pool and won't let me recreate it.

K.

0 Helpful

KevinR99
Level 1
Level 1
In response to KevinR99

‎04-15-2024 05:37 AM

Problem solved in a way.  To do my migration from an external gateway to an internal one I had the external gateway SVI shutdown on my external switch.  This switch was known by DNAC and as such it seems to have picked up the fact that the gateway address was allocated even though it was on a shutdown SVI.  I looked in the address pool unassignable addresses area and there was my gateway address.  So I deleted it from my external gateway and did a resync.  Now the address is not in the unassignable area and I have successfully created my Anycast gateway.

Not really ideal for my migration plan.  I would usually shut an SVI on the old gateway and enable it in the new location.  It seems I may have to delete the gateway on the old gateway before re-assigning it inside my fabric.  Probably not an issue on my live site though because DNAC doesn't know about my external gateway.

More testing to be done to streamline this migration process.

K.

0 Helpful

KevinR99
Level 1
Level 1
In response to KevinR99

‎04-15-2024 07:33 AM

Ok, so this seems to be my migration issue.  When the gateway is outside the fabric and I have devices inside I create a L2 VN, hand it off to the external vlan at the L2 Border and assign my internal SDA clients to the vlan name.  So the vlan name is associated with a L2 VN.

I then want to move the Anycast gateway inside the fabric.  So I shut it on the outside device and create the Anycast gateway.  I can't use the same name for the related vlan so I let DNAC assign that.  A new L2 VN is then associated with a new vlan name and my new Anycast gateway.  The problem here is that the vlan my clients were in when the gateway was outside is different from the vlan associated with my anycast gateway.  So to resolve this I need to move all my fabric clients into the new Anycast vlan.  That's easy in a test environment with few fabric clients but in a real migration this could be a great many clients that were on a vlan associated with an external gateway and now need to be moved to a new vlan associated with the internal Anycast gateway.  That can't be a workable migration method. 

I thought I could maybe create a L2 VN for when the gateway is outside the fabric.  Then when creating an internal Anycast gateway just associate it with the already existing L2 VN.  That way my clients don't need to move.  However, this doesn't seem possible.

Anyone got any experience of the method to seamlessly move an external gateway into SDA?  It's so much easier in ACI.

Kev.

0 Helpful

jedolphi
Cisco Employee
Cisco Employee

‎04-15-2024 04:14 PM

Hi Kevin, unfortunately at this stage we cannot add an Anycast Gateway to an existing L2VN. There is an ask in the software dev queue but no ETA. Please do raise this gap with your sales team and/or "Make a Wish" in the Catalyst Center UI with some detail/explanation (like you have above) of the requirements and business value.

The alternative approach is to first move the AnyCast gateway into the SD-Access Fabric, connect the new ACGW to legacy networks via Border Node L2HO or Edge Node Trunk port, and then slowly move endpoints into the SD-Access Fabric. You can review Cisco Live presentation BRKENS-2008 for some high level explanations of this procedure. Regards, Jerome

 

0 Helpful

KevinR99
Level 1
Level 1

‎04-16-2024 12:42 AM

Thanks Jerome.

I came to that same conclusion after finishing testing yesterday.  Anycast gateway initially in the fabric and clients outside.  A bit of an oversight there on Cisco's part ?  I'm not an ACI guy but I do believe this is easily achievable there.

I'll make a wish".

Thanks again.

0 Helpful

jedolphi
Cisco Employee
Cisco Employee
In response to KevinR99

‎04-16-2024 01:03 AM

I'll take a pass on that question! Everything is contextual. Please feel free to have a candid conversation with your sales representative. Cheers, Jerome

 

0 Helpful
Customers Also Viewed These Support Documents