Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Managing Differences Between Service Configuration and the Golden Configuration

Maintenance Operations

Drain/Undrain

Apstra allows the operator to gracefully drain traffic off a device in the fabric without impacting existing TCP flows. Configuration changes in this state include:

  • Route-maps inbound/outbound for L3 neighbors
  • L2 Server facing ports are shutdown
  • MLAG/ESI peer ports are shutdown

For L2 Servers

  • MLAG peer-links port channels and bond interfaces on any NOS are not changed.
  • For Arista EOS, Cisco NX-OS, all interfaces towards L2 servers in the blueprint are shutdown.

For Network L3 Switches

The device uses Inbound/Outbound route-maps with 'deny' statements to prevent advertisements to 0.0.0.0/0 le 32. This ensures uninterrupted L3 TCP flows. TCP sessions re-establish after a few seconds, or negotiate a new TCP port. The new TCP port prompts the devices to be routed onto a fresh ECMP path from the available links. Since no ECMP routes are available in the presence of a route map, traffic bypasses the device in Drain mode. The device is drained of traffic and can be safely removed from the fabric by switching Deploy mode to Undeploy.

During the draining process of TCP sessions (which may take some time, particularly in EVPN scenarios), you can expect BGP anomalies. These anomalies are temporary however, and are resolved after configuration deployment completes.

Switching the deploy mode to Drain on a device can also affect the configuration of neighboring devices, For example, when a spine device is drained, the configuration of all connected leaf devices changes. Neighboring leaf devices employ Inbound/Outbound route filters (route-maps) with 'reject (deny)' statements to prevent advertisements to 0.0.0.0/0 le 32, for both EVPN (overlay) and FABRIC (underlay).

Similarly, when you drain a leaf device, the configuration on connected spine devices changes. Neighboring spine devices use Inbound/Outbound route filters (route-maps) 'reject (deny)' statements to block any advertisements to 0.0.0.0/0 le 32, for both EVPN (overlay) and FABRIC (underlay).

In the case of an MLAG-based topology, in addition to the configuration on connected spine devices changing, the configuration on the paired leaf device also changes.

Undeploy

Undeploying a device removes the complete service configuration. These devices still have their service config enabled but anomalies are suppressed as the device is likely about to be taken offline by the operator. If the traffic is present on the device, we recommend that you put it in Drain mode (and commit the change) before setting it to Undeploy.

Related Documentation