CISCO ACI DEFAULT-ROUTE ADVERTISEMENT

NAGA1 · ‎05-15-2020

Hi All,

PFA the diagram.

TWO SPINE SWITCHES
LEAF 105 & 106 – BORDER LEAF SWITCHES ARE CONNECTED TO SPINE
LEGACY N7K CORE SWITCH1 IS CONNECTED TO LEAF 105
LEGACY N7K CORE SWITCH2 IS CONNECTED TO LEAF 106
L3 OUT CREATED BETWEEN N7K AND BORDER LEAF SWITCHES
N7K IS ADVERTISING THE DEFAULT-ROUTE 0.0.0.0/0 TO ACI FABRIC
ACI VRF IS CONFIGURED AS A ENFORCED.
OTHER OSPF/BGP L3OUTS ARE CONFIGURED IN THE ACI FABRIC

QUESTION

HOW DO WE ADVERTISE DEFAULT-ROUTE TO OTHER L3OUTS?

JELA · ‎05-15-2020

Hello,

During the creation of your OSPF L3out, you have to select "Leak Default Route in Addition".

This will inject a type 5 LSA in addition to other routes to this specific L3out.

Once you thick this button, you'll have to specify if:

You want to always send the default route (Always : YES)
You want to send the default route only if you receive from you other L3out (Always : NO)

NAGA1 · ‎05-15-2020

thanks for the reply.

The VRF is configured as a enforced. Will it be a problem to leak a default route 0.0.0.0/0?

PFB the Cisco's document.

Transit Routing with a Single L3Out Profile

Before APIC, release 2.3(1f), transit routing was not supported within a single L3Out profile. In APIC, release 2.3(1f) and later, you can configure transit routing with a single L3Out profile, with the following limitations:

· If the VRF is unenforced, an external subnet (l3extSubnet) of 0.0.0.0/0 can be used to allow traffic between the routers sharing the same L3EPG.

· If the VRF is enforced, an external default subnet (0.0.0.0/0) cannot be used to match both source and destination prefixes for traffic within the same Layer 3 EPG. To match all traffic within the same Layer 3 EPG, the following prefixes are supported:

o IPv4

§ 0.0.0.0/1—with External Subnets for the External EPG

§ 128.0.0.0/1—with External Subnets for the External EPG

§ 0.0.0.0/0—with Import Route Control Subnet, Aggregate Import è We are going to use this.

o IPv6

§ 0::0/1—with External Subnets for the External EPG

§ 8000::0/1—with External Subnets for the External EPG

§ 0:0/0—with Import Route Control Subnet, Aggregate Import

· Alternatively, a single default subnet (0.0.0.0/0) can be used when combined with a VzAny contract. For example:

o Use a VzAny provided contract and an Layer 3 EPG consumed contract (matching 0.0.0.0/0), or a VzAny consumed contract and Layer 3 EPG provided contract (matching 0.0.0.0/0).

o Use the subnet 0.0.0.0/0—with Import/Export Route Control Subnet, Aggregate Import, and Aggregate Export.

JELA · ‎05-15-2020

Cisco's document refers to transit routing.
If you choose "Leak default route in addition", you are requesting Cisco ACI to "generate" a default route as LSA type 5.
Transit routing would have been involved if you've decided to collect subnets from one L3out connection and redistribute this subnet on another L3out.

Sergiu.Daniluk · ‎05-15-2020

Hi,

What version are you running in your fabric?

Also, your L3Outs are in the same VRF or different VRFs?

Another question is: do you want to advertise the default route only when you receive it from N7K, or all the time?

Depending on the answers, there are different options to configure what you want.

I would suggest to have a look at the following config guide (depending on the version you have, you might want to swap to corresponding document):

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/4-x/L3-configuration/Cisco-APIC-Layer-3-Networking-Configuration-Guide-42x/Cisco-APIC-Layer-3-Networking-Configuration-Guide-42x_chapter_011100.html

Section: Transit routing, Table row: Advertising a Default Route

Hope it helps,

Sergiu