-
Policy Based Routing (PBR) tracking can be enabled for the Cisco APIC service graph created for supporting SNAT feature. One HealthGroup for each node is created, and it is associated with the redirect policy of the SNAT service graph with the internet protocol service level agreement (IPSLA) interval set to 5 seconds. This interval is configurable through the acc provision input file
net_config: service_monitor_interval: 10 # default is 5 seconds
If the service_monitor_interval is set to zero, PBR tracking is disabled.
-
PBR tracking can be also be enabled for other Cisco APIC service graphs created for each Kubernetes external service, setting the following configuration in the acc-provision input file:
net_config: pbr_tracking_non_snat: true #
If enabled,
service_monitoring_intervaldescribed earlier applies here as well.
Add following configuration in the acc provision input file:
net_config:
service_monitor_interval: 10
pbr_tracking_non_snat: trueRun acc-provision tool on updated acc provision input file to generate new aci_deployment.yaml
acc-provision -c <acc_provision_input_file> -f <flavor> -u <apic_username> -p <apic_password> -o aci_deployment.yamlDelete old aci_deployment.yaml and wait till all the pods in the aci-containers-system namespace are deleted
$ oc delete -f aci_deployment.yaml
$ oc get pods -n aci-containers-systemApply newly generated aci_deployment.yaml and wait till all pods in aci-containers-system namespace are running
$ oc apply -f aci_deployment.yaml
$ oc get pods -n aci-containers-systemVerify flags set in aci-containers-config config map:
noiro@oshift3-ext-rtr:~$ oc get cm -n aci-containers-system aci-containers-config -oyaml | less
apiVersion: v1
data:
controller-config: |-
{
"flavor": "openshift-4.13-esx",
"apic-hosts": [
"10.30.120.180"
],
"aci-service-monitor-interval": 5,
"aci-pbr-tracking-non-snat": true,
...
...