03-14-2018 07:57 AM - edited 03-01-2019 05:28 AM
Hey all,
We are currently working on migrate many of our networks, actually placed on 2 N7k, to a Cisco ACI in Network Centric, all the physical conenctions have been migrated and we just need to migrate the SVI. The migration with almost all the VLANs is pretty easy, just shut the Nexus SVI and configure the subnet in the respective Bridge Domain, and make the OSPF between the Fabric and the Nexus do the rest.
But, we got 1 VLAN that has many Firewall hosts inside, and many static routes in the Nexus7k that point to these hosts. ALl the connections to these host are actually in a pair of leaf inside the Fabric, but the default gateway is still in the nexus7k ¿Is there any strategy to migrate that SVI and make the static routes work?
02-11-2019 06:18 AM
02-11-2019 11:06 AM
Negative, it seems is not possible at all. We needed to migrate all the host in that VLAN.
02-15-2019 08:07 PM
For host routes behind the firewall, after moving the SVI into ACI. You can try creating static host routes for these hosts behind a firewall. The feature is under BD -> Subnets -> Right click on the subnet -> Create EndPoints Behind EPG subnet. Here is the whitepaper with additional details.
Additionally in version 4.0, you can enable host-based routing on the bridge domain so that individual host routes (/32 prefixes) are advertised from the border leaf switches.
Make sure you test them in a lab environment before attempting in production.
02-20-2019 06:46 AM
Hello! So, is it impossible to have a network behind the FW in an EPG?
Thanks!
02-20-2019 06:48 AM
Please read the reply above yours.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide