Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1187
Views
0
Helpful
2
Replies

ACI routing to reach a subnet behind an EP?

SIMMN
Spotlight
Spotlight

‎03-18-2021 09:11 AM

During one of my migration from classic ethernet to ACI, I ran into this issue routing issue. There are some static routes configured on classic switch, say a N5K1 switch, like below.

 

ip route 10.10.10.0 255.255.255.0 192.168.1.2

 

The next hop address 192.168.1.2 on VLAN100 and VLAN100 SVI is on the same N5K1. But the device running 192.168.1.2 is connected on N5K2 which connects to the N5K1...VLAN100 is trunked between N5K1 and N5K2.

 

Now I migrated the VLAN100 SVI into ACI BD-100 (N5K1 is powered down). I am having issue configuring the static routes in ACI to forward traffic to 10.10.10.0/24 subnet...I do have the L3Out with N5K2 which I could put the static route but I was told that I can not use next hop address that is learned within the fabric...So if that is true, what would be my options for the static routes?

Labels:
0 Helpful
2 Replies 2

KELLEYD
Level 1
Level 1

‎03-18-2021 03:04 PM

Welcome to my world.

 

You are correct, this is not possible.  ACI wants you to use transit networks for transit and stub networks as stubs.  Period.   What this means is that you will need to either make VLAN 100 an L3Out as opposed a tenant BD, or you will need to find a new home for the next-hop toward 10.10.10.0/24.

 

In our case, we did a little of both.

 

Scenario 1 - Migrate VLAN 100 to an L3Out

We had a particular subnet that was used entirely for the purposes of virtual server addresses on hardware load balancers.  And it was also used as our transit network to subnets "behind" that load balancer.  So we had something like this pre-ACI:

ip route 10.1.1.0/24 10.1.100.1

ip route 10.1.2.0/24 10.1.100.1

ip route 10.1.3.0/24 10.1.100.1

interface Vlan100

  ip address 10.1.100.254/24

!

 

What we did in the above case was create an L3Out called HLB-Transit_L3Out.  It was deployed to our border leaves as an L3Out SVI.  The SVI was configured with a secondary address of 10.1.100.254/24 on both sides.  We were then able to create the static routes on our border leaves without a problem.  We then redistributed those into our fabric L3Out to advertise these subnets to the rest of the world.

 

 

Scenario 2 - Migrate router out of VLAN 200

We also had another case where we had VLAN 200 which was a typical data center server farm.  Shame on us, I know, but we had static routes with a next-hop of an router that was in this same VLAN 200.  So it looked like this pre-ACI:

ip route 10.1.201.0/24 10.1.200.1

ip route 10.1.202.0/24 10.1.200.1

ip route 10.1.203.0/24 10.1.200.1

interface Vlan200

  ip address 10.1.200.254/24

!

 

Because this was a server VLAN, we had no choice but to re-IP the router and create an L3Out.  So we created an L3Out for this router, created the static routes on the border leaves, etc etc etc.  But in this case, it was a new subnet for the L3Out: 10.0.0.200/31.  We were then able to move our VLAN 200 into ACI as a regular tenant BD.

 

0 Helpful

SIMMN
Spotlight
Spotlight
In response to KELLEYD

‎03-18-2021 03:47 PM - edited ‎03-18-2021 03:51 PM

I think my case is close to your scenario 2...the difference is my vlan is a management instead of servers...and the next hop devices are not directly connected to ACI...

 

I am thinking of either move the VLAN BD address out of ACI or enable OSPF on the next hop devices...thought about re-ip but that also means we would have to considering cabling, firewall rules and a new transit network...

 

nothing is easy nowadays...

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License