cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4798
Views
0
Helpful
5
Replies

ACI multiple L3outs on same Leaf

Hello,

 

I have configured 2 different L3outs with interfaces on the same leafs. 

However, all routes that should be advertised only to the first L3out are being advertised also to the second one without adding it to the associated L3 in the bridge domain.

I  believe that this problem is happening since the ospf process on the leafs is the same for both L3outs.

How can i solve this issue

5 Replies 5

Remi Astruc
Level 1
Level 1

Hello Ziad,

When you say "advertised to the L3out", do you mean advertised from the L3out towards the external device?

Are your both L3out part of the same VRF?

 

Remi Astruc

 

Yes, when i say advertised to the L3out I mean the subnet on the bridge domain that is being advertised from the L3out to the external device.

Both L3outs are in the same VRF

Hello,

So it works as expected when using OSPF in ACI.

Here is the document:

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/L3_config/b_Cisco_APIC_Layer_3_Configuration_Guide/b_Cisco_APIC_Layer_3_Configuration_Guide_chapter_011.html#id_66753

Bridge domain route advertisement For OSPF and EIGRP

When both OSPF and EIGRP are enabled on the same VRF on a node and if the bridge domain subnets are advertised out of one of the L3Outs, it will also get advertised out of the protocol enabled on the other L3Out.

For OSPF and EIGRP, the bridge domain route advertisement is per VRF and not per L3Out. The same behavior is expected when multiple OSPF L3Outs (for multiple areas) are enabled on the same VRF and node. In this case, the bridge domain route will be advertised out of all the areas, if it is enabled on one of them.

 

Remi Astruc

 

RedNectar
VIP
VIP

Hi @Ziad El Achkouty ,

 

Let me point you to a previous answer I gave about L3 Outs: https://community.cisco.com/t5/application-centric/l3out-vrf-loopback-ip-error/td-p/3797933

The point is, L3Outs are confusing.  Teach yourself to believe that there is no such thing as a L3 Out - just leaf switches that are routers.  So if you have two interfaces in the same VRF on the same router, routes will be learned and advertised from one to the other, although if using BGP you can tweak this a little.

So the thing to ask is, "Is the route advertising causing a problem". If not, you don't have a problem.  You can control what traffic goes THROUGH the router easily with contracts and live with the routes being advertised, like you probabaly would on a normal router.

 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

You can have more control if you advertised the routes via a route map created on the L3out instead of associating the L3out to the BD.

This will also give you more control if you need to summarize routes.

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License