Hi all,
in the next months we will do a migration from a legacy Nexus environment to a greenfield Cisco ACI. I am studying the better ways to do this.
We decided to proceed with network-centric approach (1BD-1EPG-1VLAN); we will connect ACI to legacy in trunk with all the VLANs involved and than we will start moving L2 cables to ACI with the BG with L3 disabled (unicast routing). So, at this stage, L3 operation is still done by the 2 Nexus that performs L3 routing (SVI, BGP..).
My question is: how to migrate L3 both physically and logically? I mean, I have done a similiar migration between to legacy nexus, where I put all the SVIs in the new Nexus in shut, I moved the cable connection with the routers and than I "no shut" the new SVI and "shut" the old ones. I was planning to do something similar, but I saw that I cannot shut an L3OUT (but only the BGP peering) and more over I cannot configure the interface to the router both with L2 static binding at the start and than activate L3 capabilities, right?.
I read that to migrate L3 is necessary to activate in each BD the routing flag, so the L3OUT will start to advertise the networks, but are the L3outs in "shutdown"-like mode if no network has to be advertised? (maybe they try to perform BGP connection)
I leave a simple diagram to recap.
Thanks,
Irenof
@irenof NJ DMVwrote:Hi all,
in the next months we will do a migration from a legacy Nexus environment to a greenfield Cisco ACI. I am studying the better ways to do this.
We decided to proceed with network-centric approach (1BD-1EPG-1VLAN); we will connect ACI to legacy in trunk with all the VLANs involved and than we will start moving L2 cables to ACI with the BG with L3 disabled (unicast routing). So, at this stage, L3 operation is still done by the 2 Nexus that performs L3 routing (SVI, BGP..).My question is: how to migrate L3 both physically and logically? I mean, I have done a similiar migration between to legacy nexus, where I put all the SVIs in the new Nexus in shut, I moved the cable connection with the routers and than I "no shut" the new SVI and "shut" the old ones. I was planning to do something similar, but I saw that I cannot shut an L3OUT (but only the BGP peering) and more over I cannot configure the interface to the router both with L2 static binding at the start and than activate L3 capabilities, right?.
I read that to migrate L3 is necessary to activate in each BD the routing flag, so the L3OUT will start to advertise the networks, but are the L3outs in "shutdown"-like mode if no network has to be advertised? (maybe they try to perform BGP connection)
I leave a simple diagram to recap.
Thanks,
Irenof
To migrate L3 from your legacy Nexus to Cisco ACI, gradually migrate L2 traffic, then enable routing in ACI Bridge Domains. Create L3Outs and configure BGP on ACI leaves. Start with a subset of routes and gradually increase the scope, monitoring traffic flow at each step. Finally, remove L3 configurations from the legacy Nexus and shut down the interfaces.
Hi @irenof
When building out a new ACI fabric I always recommend,
1. build the fabric (both from management perspective as well as logical (tenants, DBs, EPG, etc)
2. If you are migrating existing build all the BDs as L2 only
3. Building out a new L2 extension between the new Fabric and the Old Data Center (Looks like you have Nexus so thats a dual sided vPC just like you are used to)
3. Build out a new L3Out to your external routing (L3 Core in the diagram below) and build out a test BD/EPG and make sure all that is working to your satisfaction.
4. Test a migration with a test server/application
5. Now that the fabric is fully tested, start moving your data center resources which now travel the new L2 Extension to reach other servers still on the old DC infrastructure and to get out to the rest of the world.
6. At some point (the “tipping” point”) you want to swing the gateways over to ACI and thats basically a) shut down the old gateway b) enable unicast routing on the BD in ACI c) test. Leave everything in place but shutdown for a bit just in case you need to roll back
Those are the basic steps I always recommend (and follow).
Hi @Claudia de Luna and thank you for your detailed answer. The thing I still cannot see clearly is the physical connection with the external router. I mean, I have some VRFs with some direct vlan towards the hosts and each VRF has a BGP connecyion with a router via /30 network address and tag Vlan incapsulation.
When will start migrating cables from legacy to aci, we will also migrate the cable that connect with the external router (right?) and I do not see how to deal with L2 and L3: I will try to explain better my doubt. I am thinking to create some EPGs with the VLAN associated to the /30 connections and migrate its cable from legacy switch to new leaf (border leaf). In this situation, the leaf is only L2 bridge from old data center GW to router. Then I will migrate the L3 by enabling the GW on BD of ACI... But I created L3 outs and int profile with BGP peer before doing the migration. how can I leave the l3out "shut down"? I do not see option to do so, only BGP disable option.. more over can L3out and static epg coexist with the same VLAN? I am asking to create a little test plant to try all of this, but I am anticipating in order to be more ready.
The figura dsecribes what I am thining.
I would "activate" the L3out one VRF at time, leaving all the network addresses te same
Thanks
