Hi Support,
I'm currently deploying ACI Multi-Pod with a single L3Out in a single VRF. The L3Out connects a pair of leaf switches in each pod (pod1 and pod2) to our core network using BGP.
To avoid issues with asymmetric routing with a pair of upstream firewalls, I need to route all traffic from both pods in/out of the L3Out in Pod1. I have managed to do this by creating Route Maps and applying them on a per BGP peer basis. An ingress route map is applied to the L3Out BGP peers in Pod1 with a high local preference making it the preferred exit point for the VRF, with an egress route map applied to the BGP peers in Pod2 with AS path prepending making Pod1 the preferred entry point for the VRF.
This is all working as intended, however I noticed that routes learnt from the L3Out in Pod1 are being propagated across the fabric and out of the L3Out in pod2 essentially making the ACI fabric transit. From my previous understanding, transit routing had to be enabled under the External EPG of the L3Out, however based on the behavior that I'm seeing, it would suggest that the per peer route maps are overriding regular ACI behavior. Is that correct? If so, will I need to configure additional match rules and filters under my route maps to prevent transit routing? Hopefully this makes sense.
