ACI Multipod L3Out Preference

packet2020 · ‎10-22-2023

Hi All,

I'm currently implementing ACI Multipod for two data centres. There will be one L3out in each pod that provide connectivity to all external networks (0.0.0.0/0).

We want to the ability to configure some Bridge Domains to use the L3out in Pod1 as primary for ingress and egress connectivity, with the L3out in Pod2 as backup in the event that the L3out in Pod1 is down and vice versa for other Bridge Domains. For example:

BD1 - Ingress and egress traffic via Pod1_L3out. In the event that Pod1_L3out is down, use Pod2_L3out

BD2 - Ingress and egress traffic via Pod2_L3out. In the event that Pod2_L3out is down, use Pod1_L3out

Is this feasible?

Thanks

tawa-ndafa · ‎10-24-2023

It is possible....You configigure two L3out Pod1_L3out and Pod2_L3out.

Configure BD1_Pod1 and BD2_Pod2. Each BD will be have an EPG configured for node interface for servers in there respective Pods only. BD1_Pod1 will be assocated with Pod1_L3out and BD2_Pod2 will be associated with Pod2_L3out.

However you loose L3out redundancy. If Pod1_L3out loose connectivity to your core network or PE router, endpoints will loose connectivity to the outside world.

In this case it's better to do two single pods and use the dark for applications sync.

Better way is having a stretched BD between pods and enable "Host Route Advertisment". Configure a single L3out and associate it to the BD. Each Pod will egress using the closest default route in it's Pod. Ingress traffic will also do the same since you are advertise host routes out. You may need to prune the routes or route summarization at the WAN Edge to avoid multiple routes advertised outside to branches.