Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
708
Views
5
Helpful
1
Replies

ACI static route clarity

JonathanC1
Level 1
Level 1

‎02-10-2022 04:57 PM

Hi folks,

This is driving me a little crazy! And maybe this is easier than I'm thinking through. I need to add a static route for a network we have that is on ACI ( a BD l3 unicasting routing enabled.) We used to have a static route on IOS but now I'm confused to even if this is possible.

 

The BD on ACI is 10.10.20.1/24 and the IP the server has is 10.10.20.12 - we need to route the 10.2.199.0/24 subnet towards this IP (10.10.20.12.) There are other hosts on this BD/EPG.

 

Would this be a layer 3 out static route? The server in question is currently bound to a EPG statically for the VLAN it is on. If it is a l3out can it be both if that makes sense?

 

Kind regards

J

Labels:
0 Helpful
1 Reply 1

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎02-10-2022 10:07 PM

Hi @JonathanC1 

Funny enough, the scenario described by you is a recurring topic for discussion with some of my customers.

The problem in ACI when it comes to static routes is that you can only configure them in a L3Out and only pointing to an external next hop. Why? Because in the philosophy of ACI, L3Out is the construct which points you to prefixes outside of ACI fabric. From the same point of view, the EPGs (or BDs to be technically accurate) are the subnets inside (or behind) ACI fabric. In other words, you cannot have other prefixes (and static routes for those prefixes) behind an Endpoint from an EPG, because is a `bad design`.

What will happen if you point a static route in a L3Out to a next hop which is an EP? I didn't tested but I think the route will not be programmed. Or if it is programmed, then the policy enforcement will definitely not work.  So either way will not work.  At least in the current ACI images. Maybe in the future the future will be added, though I don't think it will happen.

 

What is the solution to your problem?

There are two solutions which I see:

Option1: if there are not a lot of IP addresses in the subnet, create host routes (/32) in EPG. YES, you can create /32 routes in an EPG pointing to an endpoint. It looks like this:

Screenshot 2022-02-11 080248.png

Info: you add a /32 host route, check "no default svi gateway", select "EP Reachability", and type the EP which is the next hop.

Downside of this is if you have a big subnet. You can automate it, but still it will look ugly

 

Option2: redesign. You need to move the subnet behind a L3Out, either by moving the endpoint which holds the prefix (IP readdressing is necessary) or you move just the prefix itself.

 

Hope it helps.

Sergiu

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License