Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
374
Views
0
Helpful
4
Replies

BD with the same subnet as a l3out not working after upgrade to 5.2.7f

83881463a
Beginner
Beginner

‎03-29-2023 08:06 AM

Hello,
 
we upgraded our fabric last weekend, everything works fine but we have noticed these days that 4 servers that are in a BD (level3) which has the same subnet definition that an l3out, are not reachable if the traffic flows through that l3out.

 

We have changed the vlan encapsulation, so, they don't have the same vlan id, the one thing they have in common is the subnet. We can see that the routes are correct and we see the /32 specific routes for the host, in the specific VRF where the l3out is defined.

 

With the 4.2(7) version, we didn't face this problem, but since the upgrade it stopped working.

Has anyone faced this issue?

Thank you.

Andere

Labels:
0 Helpful
4 Replies 4

RedNectar
VIP Alumni
VIP Alumni

‎03-31-2023 01:21 AM - edited ‎03-31-2023 12:51 PM

Hi @83881463a ,

[Edit 2023.04.01-I thought about this overnight and remembered something that might help]

I remember there being a change in the way subnets are handled in ACI v5.x - but can't find the relevant release note. But to focus on your problem I'd like to know that you have:

  • defined each of the 4 servers with /32 IPs under the EPG Subnet
  • with the [x] Advertise Externally option selected and
  • the [  ] No Default SVI Gateway option unchecked

RedNectar_0-1680292051801.png

Then verify of the EXTERNAL router that you are receiving all four /32 routes

RedNectar
aka Chris Welsh

[/Edit: Everything below here is still relevant, but the most relevant part of this answer is above]

I started trying to get my head around this, but really need some more specifics; E.g

that 4 servers that are in a BD (level3) which has the same subnet definition that an l3out, are not reachable if the traffic flows through that l3out.

OK. How about a diagram? [A picture is worth a thousand words] - oh - and when you paste it, make full page width

the one thing they have in common is the subnet.

OK. Let's see the subnet definition for both

We can see that the routes are correct and we see the /32 specific routes for the host, in the specific VRF where the l3out is defined.

Well. ACI is not that simple - EVERY switch has a different view