Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
501
Views
1
Helpful
1
Replies

Dual L3out External EPG Config

MPT3
Level 1
Level 1

‎04-12-2023 02:00 PM - edited ‎04-12-2023 02:00 PM

I have a customer with 2x L3outs configured in their fabric, both under the common tenant & default vrf. One is for management traffic, the other is for production traffic.

Within each L3out, their External EPG configs have the following:

  • 0.0.0.0/0 route configured and only checked to allow External Subnets for External EPG. My understanding says this should allow endpoints in the fabric to reach any external network (contracts are not in play here).
  • A 10.X.X.X/20 route configured and checked to allow External Subnets for External EPG, as well as Export Route Control Subnet (no other options selected).

Per my understanding, the Export Route Control Subnet allows a subnet from one L3out, to be advertised out another L3out (transit routing). The interesting thing is that I don't see the 10.X subnet being learned from either L3out, yet I do see it advertised out both L3outs. It's also not a network associated with a BD within the fabric. Is it getting advertised out both L3outs due to being set under both External EPGs?

My other questions is, does having 0.0.0.0/0 configured on both L3Outs a concern? Since it is only set to External Subnets for the External EPG, this leads me to believe it is not since its just allowing fabric internal endpoints to reach all external routes.

0 Helpful
1 Reply 1

ecsnnsls
Level 1
Level 1

‎04-13-2023 11:57 PM

Hi,

It is not recommended to have 0.0.0.0/0 configured under multiple L3OUTs under the same VRF. You can refer to https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/guide-c07-743150.html#Pg101 to understand why this is the recommendation.

Can you check if there are static routes configured anywhere in the fabric for 10.X.X.X/20? Maybe that's why it is getting advertised out through the L3outs.

HTH

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License