How to perform Policy Based Routing in ACI via L3OUT

harpreetbatra · ‎11-07-2022

Hi Folks,

I have a use case for Policy Based Routing to perform PBR based on specific Source and Destination IP via L3OUT in ACI. Below mentioned is the scenario. There is an EPG-1 where I have a VM 10.10.10.10 and we have a default route towards Firewall to access WAN and Internet. But we also have a Router connected to reach the specific remote site destinations. The requirement is that if any of my VM to need to access any network, traffic must be sent to Firewall which is currently working Fine but if the Source is particular VM 10.10.10.10 and the destination IP in packet 192.168.50.50 then the traffic must be sent to the Router 192.168.1.2 via 2nd L3out.

Please guide, how this requirement can be achieved.

BANERJEE SHIBASISH · ‎11-28-2022

Hi @harpreetbatra,

You can have two separate L3outs for two different Purpose. Routing should take Precedence choosing longest-prefix match.

So If a default route is coming in L3Out-1 and you have more specifics prefixes in L3Out-2 then then routing will automatically choose second L3out to send the traffic towards external router as long as required contracts are in place.

Please follow the link for PBR related configurations.

https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html#Overview

If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Cisco ACI through our live Ask the Experts (ATXs) session. Check out Cisco ACI ATXs Resources [https://community.cisco.com/t5/data-center-and-cloud-knowledge/cisco-aci-ask-the-experts-resources/ta-p/4394491] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.

SIMMN · ‎05-16-2024

I have the same use case scenario trying to solve...Wondering if you got your solution, even the post is 2-year old now...