Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
539
Views
0
Helpful
0
Replies

How to control WAN routes in a VRF in Tenant ( DC1 and DC2 are connected using multi-pod)

ACI-Learner
Level 1
Level 1

‎12-12-2020 09:09 AM

Hi Experts,

 

I am facing a routing loop issue in my network and wanted to understand how I can control the routes learnt in DC1 - WAN ( L3 outs)  not to be advertising from DC2.

 

Current scenario.

Old DC - 6800 Core switch - Server gateway  & Old DC and New DC1 are connected via dark fiber L2 link.

Old DC connected to ISP using OSPF and BGP running at the ISP end.

DC1 -we are using ACI 

PRDN - VRF1 - L3out- Leaf 1 interface profile- Primary link - Point to Point OSPF - ISP R1

PRDN - VRF1- L3Out - Leaf2 interface profile - Secondary link- P2P OSPF - ISP R2.

DC2 - We are using ACI connected to DC1 via multi-pod and communication is UP

DC2 is considered also as DR site.

PRDN - VRF1 - L3out- Leaf 1 interface profile- Primary link - Point to Point OSPF - ISP R1

PRDN - VRF1- L3Out - Leaf2 interface profile - Secondary link- P2P OSPF - ISP R2.

 

Requirement:

We want to move one Vlan from old DC to DC1 and make BD as a gateway -  ( Vlan -10- 10.1.1.0/24)

Host in this vlan already communicate between old dc1 to DC1

Step1: Shutdown vlan on Old DC core switch

Step2: Assign the subnet inside BD1 and call the L3 Out1

Step3: Created a new vlan in old DC towards DC1; created a new VRF#2 

SVI for L3 traffic over L2 link

Old DC
192.168.1.1/30

DC1
VRF#2 ; BD2 - 192.168.1.2/30

Allow this vlan over L2 link

 

Step4: New L3out : Leaf 1 & 2 - 

Static route: Target route : 10.2.0.0/22 net hop : 192.168.1.1

Ext.EPG -  0.0.0.0  - Export route control subnet

10.2.0.0/22 - Export route control subnet.

After this ping from old DC to DC1 through L2 link is established 

DC1 - ping success to 192.168.1.1

Step5: Perform route leaking in VRF1 for ( BD Vlan10 - 10.1.1.0/24) towards VRF2 in the same tenant.

 

Issue statement: after step4: old DC subnet 10.2.0.0/22  were started advertising from DC2 for all the branches and thus created the Routing Loop. I guess VRF2 has become a transit and then 10.2.0.0/22 routes were sent to DC2 via IPN link.

 

Now, I want to know how can I control this by performing prefix-list in DC1 and DC2, so that each site should advertise its own routes.

 

Note: DC1 and DC2 are using Ospf towards ISP routers and ISP using BGP and they get redistributed.

 

Appreciate your quick response.

 

 

 

Labels:
Preview file
41 KB
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License