cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
401
Views
1
Helpful
2
Replies

Application Centric Infrastructure (ACI) L3-OUT + PBR

jurandir-braz
Level 1
Level 1

Hello,

I have a problem with a client regarding L4-L7 (PBR) contracts that are not working properly.

The customer today has 2 L3-Outs, both with OSPF configured, 1 L3-Out in Area Backbone and the other L3-Out in Area 0.0.0.1, as its neighbor (7K) already has area 0 with another neighbor.

When we migrated to this L3-Out structure (OSPF Hub-Spoke), we had no communication in transits, that is, the insertion contracts in the External EPG of both L3-OUT were not taking effect.

I created a Vzany permit all in the default vrf (both l3-out are in the same vrf).

Now, the client needs me to make the L4-L7 contracts work because he needs the traffic to pass through the Paloalto firewall (the device is currently configured in the service template).

I believe that the contracts did not work because both L3-Out are with 0.0.0.0/0 (External subnet for the external EPG).

1 Accepted Solution

Accepted Solutions

Remi-Astruc
Cisco Employee
Cisco Employee

Hi @jurandir-braz ,

The problem you expose can have several known causes. You would need to give a lot of configuration and setup details for us to help, or even having a troubleshooting session with you.

That is typically a case where you can involve either the TAC support or CX Advanced Services where we would guide you to a solution and better understanding on the topic.

Remi Astruc

View solution in original post

2 Replies 2

Remi-Astruc
Cisco Employee
Cisco Employee

Hi @jurandir-braz ,

The problem you expose can have several known causes. You would need to give a lot of configuration and setup details for us to help, or even having a troubleshooting session with you.

That is typically a case where you can involve either the TAC support or CX Advanced Services where we would guide you to a solution and better understanding on the topic.

Remi Astruc

alieson
Level 1
Level 1

Hello ,,

 

Can you elaborate more about packet flow that you want to achieve?

Is ACI acting as transit between the two OSPF domains?

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License