Solved: L3Out encap with sub-interface

Jeremy Dubrulle · ‎01-21-2021

Hi!

I see in the documentation that when we have 1 L3out with 2 nodes with each an SVI connected to a different router, a shared BD is created between the nodes (https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/guide-c07-743150.html#L3Outstaticroutes). I put the picture I'm interested in in the attachment.

I don't understand how it works with subinterfaces. I have 1 L3Out, 2 nodes, 1 external router.

One subif on the first leaf is connected to the router with encap 21 and another subif is also connected to the router with same encap 21. There is also an encap-21 for another leaf to the same router.

What does this mean ?

I provide you the xml lines to understand better.

<l3extRsPathL3OutAtt addr="10.3.239.24/31" annotation="" autostate="disabled" descr="" encap="vlan-21" encapScope="local" ifInstT="sub-interface" ipv6Dad="enabled" llAddr="::" mac="00:22:BD:F8:19:FF" mode="regular" mtu="1500" tDn="topology/pod-2/paths-2425/pathep-[eth1/30/1]" targetDscp="unspecified"/>
<l3extRsPathL3OutAtt addr="10.3.239.30/31" annotation="" autostate="disabled" descr="" encap="vlan-21" encapScope="local" ifInstT="sub-interface" ipv6Dad="enabled" llAddr="::" mac="00:22:BD:F8:19:FF" mode="regular" mtu="1500" tDn="topology/pod-2/paths-2415/pathep-[eth1/30/2]" targetDscp="unspecified"/>
<l3extRsPathL3OutAtt addr="10.3.239.32/31" annotation="" autostate="disabled" descr="" encap="vlan-21" encapScope="local" ifInstT="sub-interface" ipv6Dad="enabled" llAddr="::" mac="00:22:BD:F8:19:FF" mode="regular" mtu="1500" tDn="topology/pod-2/paths-2425/pathep-[eth1/30/2]" targetDscp="unspecified"/>
<l3extRsPathL3OutAtt addr="10.3.239.22/31" annotation="" autostate="disabled" descr="" encap="vlan-21" encapScope="local" ifInstT="sub-interface" ipv6Dad="enabled" llAddr="::" mac="00:22:BD:F8:19:FF" mode="regular" mtu="1500" tDn="topology/pod-2/paths-2415/pathep-[eth1/30/1]" targetDscp="unspecified"/>

Sergiu.Daniluk · ‎01-21-2021

Hi @Jeremy Dubrulle

So based on the config, you have something like this:

If the question is "are the L3 subinterfaces part of the same broadcast domain/internal bridge domain?" the answer should be no. The reason for this is because the parent interface is L3 interface (no switchport), so the broadcast domain ends on the physical port.

This is just my presumption without any testing, but I would be surprised to see the broadcast domain being extended between subinterfaces, regardless of having same encapsulation type.

However, even if the flood domain is extended between the interfaces, the L3 Subnets are different so it wouldn't matter too much, right?

Cheers,

Sergiu

View solution in original post

Sergiu.Daniluk · ‎01-21-2021

Hi @Jeremy Dubrulle

So based on the config, you have something like this:

If the question is "are the L3 subinterfaces part of the same broadcast domain/internal bridge domain?" the answer should be no. The reason for this is because the parent interface is L3 interface (no switchport), so the broadcast domain ends on the physical port.

This is just my presumption without any testing, but I would be surprised to see the broadcast domain being extended between subinterfaces, regardless of having same encapsulation type.

However, even if the flood domain is extended between the interfaces, the L3 Subnets are different so it wouldn't matter too much, right?

Cheers,

Sergiu

Jeremy Dubrulle · ‎01-21-2021

Hi Sergiu,

Thank you for your answer.

Yes it seems like it can't be part of an extended broadcast domain between the subinterfaces. I was wondering if there was some consideration behind the fact that the same encap is used. You mean that it has no signification and it is like having different encap because we are using subif ? I was thinking if the encap had a port or switch significance but I guess as you said it is L3 routed port and it has no importance.

Thanks!

Jérémy

RedNectar · ‎01-22-2021

Hi @Jeremy Dubrulle ,

I'm not quite sure what you are TRYING to achieve, BUT

If you WANT an internal BD to be created between two leaves you must:

Use SVI interfaces (NOT sub-interfaces)
Define both nodes under the same L3Out and same Node Profile (actually, you may not NEED to use the same Node profile, but it would be a good idea)

However, your use of /31 addresses makes me think that you want to set up point-to-point links, in which case you'd want a different VLAN for each link.

@Sergiu.Daniluk's comments are right on target -

Given your configuration and subnetting, it would make no difference if the two sub-interfaces shard a BD - so what are you trying to achive?

One final point though, if you WANTED to see if the two VLAN 31s on the same leaf are on the same broadcast domain, issue this command:

fabric 2415,2425 show vlan extended

and check what the internal vlan mapping is on each port.

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Jeremy Dubrulle · ‎01-24-2021

Hi Chris,

Thanks for your explanation.

In fact that is an architecture I've seen but I can't ask why it has been done like that to the customer. So I try to understand what it could mean

I've understood that the answer to my interrogation is probably that in the interface policy group, the vlan scope is local to the port and that's it. There is no special behavior for subif with same encap between nodes.

Thank you guys!

Jérémy