cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5502
Views
25
Helpful
8
Replies

L3OUT VRF Loopback IP error

acabezas11
Level 1
Level 1

I have multiple L3Outs on my ACI.  I have one device connected to my leaf 101 and 102.  Now I am trying to connect another device to these same leaf switches on different ports and different routed subnets.  Anyway to work around this error?L3OUT Loppback Error.png

1 Accepted Solution

Accepted Solutions

Well at least I can blow that one up to be ale to read the error:

TheError.png

I think this is what it says - although I've had to make the assumption that the designer of the error message was not too concerned about grammar:

Error 400 - Invalid Configuration - VRF Validation failed for VRF - uni/tn-DCH/ctx-A [non-overlay VRF] in node 101 - loopback IP - 192.168.126.97 is attempted(?) to be used by two L3extOut uni/tn-DCH/out-L3OUT_RightFax and uni/DCH/out-L3OUT_GW if this was an attempt to modify, consider deletion followed by addtion.

 

Like I said before, I think Jayesh has nailed it. You are trying to create another L3 out with a Loopback address.  In other words you are highlighting one of the stupidest Implementation Methods used by Cisco in the ACI GUI.

The problem that people don't see is that the way ACI presents L3 external routing is using a construct called a Routed Outside - which everybody calls a L3Out.

This is a ruse. A lie. A trick. An illusion.

The truth is, you have to configure - wait for it - ROUTERS - and those routers are Leaf101 Leaf102 etc.

So, like all other ROUTERS - the leaf switches can only support one Router ID per VRF.

Similarly, once a loopback IP address have been created for that VRF for that leaf, you can't create it again - but it will be there even if it is created in another L3 out.

I would suggest that you may look at your design and ask "Do I NEED more than one L3 Out?" - just as you'd ask yourself when configuring a router, "Do I need multiple OSPF instances?". If the answer is "No", then keep it simple, just have one L3 Out.  The important part of the configuration is under the Node and Interface Profiles - that's where you actually configure the routers.

Now there will be some cases when you will need more than one L3 Out - for instance if you are configuring EIGRP and BGP onthe same Leaf. And you may mind it convenient to use two L3 Outs when configuring completely different leaves - one L3Out per Leaf (or pair of leaves if VPC connected).

I hope this helps.


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem.


 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

8 Replies 8

Jayesh Singh
Cisco Employee
Cisco Employee

Hello,

I am having trouble viewing that screenshot. However, just on the basis of your description, I think while creating the node profile you are keeping the check mark on for creating a new loopback with the router ID. Since you already have L3 outs in that vrf, probably there is already loopback created in previous L3 out config. So, this is throwing an error.

You can try removing that check mark and that should get it through.

 

Pardon me if my understanding is wrong. Also, in that case please share another screenshot which can help in understanding the error.

 

Regards,

Jayesh

 

***Rate all helpful posts. Mark it as a solution if that answers your query, it might help other users who are facing the same issue***

Please see below hope this explains it much better. Thanks

[cid:image001.jpg@01D4BFB7.B452E980]

Hi acabezas11,

At the moment the bigest problem is that no-one can see your error - although if it is what I think it is, Jayesh has probably given you good advice.

The reference to [cid:image001.jpg@01D4BFB7.B452E980] didn't work

Now you probably clicked the Photos icon in the toolbar when you added the picture, but in the next screen - make sure you choose Large in the format section - and ideally make sure the original picture is a .png for best resolution.  If you chose small in your original post, you can go back and edit it and change it to large.

Format.jpg

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

 

Maybe attaching it like this will help.  I will try to uncheck that option.  Thank you. 

 

Well at least I can blow that one up to be ale to read the error:

TheError.png

I think this is what it says - although I've had to make the assumption that the designer of the error message was not too concerned about grammar:

Error 400 - Invalid Configuration - VRF Validation failed for VRF - uni/tn-DCH/ctx-A [non-overlay VRF] in node 101 - loopback IP - 192.168.126.97 is attempted(?) to be used by two L3extOut uni/tn-DCH/out-L3OUT_RightFax and uni/DCH/out-L3OUT_GW if this was an attempt to modify, consider deletion followed by addtion.

 

Like I said before, I think Jayesh has nailed it. You are trying to create another L3 out with a Loopback address.  In other words you are highlighting one of the stupidest Implementation Methods used by Cisco in the ACI GUI.

The problem that people don't see is that the way ACI presents L3 external routing is using a construct called a Routed Outside - which everybody calls a L3Out.

This is a ruse. A lie. A trick. An illusion.

The truth is, you have to configure - wait for it - ROUTERS - and those routers are Leaf101 Leaf102 etc.

So, like all other ROUTERS - the leaf switches can only support one Router ID per VRF.

Similarly, once a loopback IP address have been created for that VRF for that leaf, you can't create it again - but it will be there even if it is created in another L3 out.

I would suggest that you may look at your design and ask "Do I NEED more than one L3 Out?" - just as you'd ask yourself when configuring a router, "Do I need multiple OSPF instances?". If the answer is "No", then keep it simple, just have one L3 Out.  The important part of the configuration is under the Node and Interface Profiles - that's where you actually configure the routers.

Now there will be some cases when you will need more than one L3 Out - for instance if you are configuring EIGRP and BGP onthe same Leaf. And you may mind it convenient to use two L3 Outs when configuring completely different leaves - one L3Out per Leaf (or pair of leaves if VPC connected).

I hope this helps.


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem.


 

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Thank you so much that nailed it and cleared up my confusion.

Thank you! This clarified some confusion I had reading the official docs. After reading your post, i was able to get my lab fw routed context up and running in about 10 minutes!

Many thanks Jayesh. I had the same issue and now it is resolved following your response :)

 

Cheers

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License