Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
257
Views
0
Helpful
3
Replies

ACI - Encapsulation and L3Out Problem

Ben T
Level 1
Level 1

‎09-18-2024 01:58 AM

Can any of the experts here shed any light on an issue we are having, it seems remarkably simple yet I cannot seem to work out a way around it.

We are migrating from the world of Cisco Nexus/FEX to ACI and we have one particular VRF that I cannot work out how to move. Before I describe the problem, it is all currently working without any issues. The SVIs live in the old world but the L2 has moved over to ACI. There is a L2 EPG essentially that links the old world to the new one and this is working.

The VRF contains a load of server VLANs (each with SVIs) and lets say VLAN 101 with an SVI of 10.0.0.6/29. The default route out of the VRF is 10.0.0.1 (which is known to VLAN 101). VLAN 101 is currently in the 'old world' and on the Nexus routers.

VLAN 101 is connected to almost all of our VMware hosts so that the default gateway can move to a different physical data center in the event of an issue, so VLAN 101 is configured with a bridge domain and as an EPG in ACI. We haven't configured a subnet on the BD as described earlier, the SVI lives in the old world.

But the problem comes when you need to add a L3Out for this VRF. We can add configured/logical profiles for the leaf switches where the gateway will reside and add a static route pointing at 10.0.0.1, add an interface with 10.0.0.6/29 and encapsulate that with VLAN 101. but as soon as you do, you get a message under faults for the L3Out that encapsulation 101 is already in use (which it obviously is by the Application Profile/EPG/BD that the VMware hosts are using).

How are you meant to configure this where the VLAN encapsulation is required for internal hosts and an internal EPG, but also for the external EPG and L3Out as well? The old world seems remarkably simple as it was just a standard SVI and a simple static route. There doesn't seem to be an easy way to do this in ACI?

Labels:
0 Helpful
3 Replies 3

Hefe2
Level 1
Level 1

‎09-25-2024 01:40 AM - edited ‎09-25-2024 01:41 AM

Why would you add an L3 Out  to a bridge domain where unicast routing is disabled? 

greetz

0 Helpful

Ben T
Level 1
Level 1
In response to Hefe2

‎09-25-2024 02:00 AM - edited ‎09-25-2024 02:13 AM

I didn't think you could use the bridge domain as part of the L3Out? Doesn't a L3Out create it's own invisible bridge domain for any encap you add to a logical interface profile?

In my case, VLAN 101 once added to a L3Out will complain it cannot be used as part of an encapsulation for the EPG as its already in use.

0 Helpful

Hefe2
Level 1
Level 1

‎09-25-2024 02:50 AM

I think you´re misunderstanding the function/need of L3 Outs.  L3 Outs are dedicated routed interfaces which are (or can be) used to connect routed aci networks & external routers, firewalls,etc.

You only need L3 Outs if you plan to migrate SVIs/DGWs to ACI.

 

 

 

 

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License