cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
625
Views
0
Helpful
2
Replies

Looking for advice on defining external networks for L3Out

SIMMN
Spotlight
Spotlight

I was asked for this question below and I do not know the answer...

What would be the downside of using 0.0.0.0/0 as the external network subnet for all the L3Out external EPGs?

Here is some background information related (to keep thing simple, lets say it is a single pod/single site ACI): Say a company uses ACI with OSPF and static for their L3Out (L3Out-OSPF). The L3Out-OSPF External EPG subnet is configured as 0.0.0.0/0 with default control settings. Then they bought another company who is using EIGRP...So to inter-connect ACI with the new aquisition network, a new L3Out with EIGRP (L3Out-EIGRP) needs to be configured. There is no transit routing needed for ACI. So here comes the question: whatif "0.0.0.0/0" is entered again as the external subnet for this new L3Out-EIGRP external EPG within the same VRF?

I never tried this setup myself but I believe functionnality wise, it would work... However, what would be the downsides then (shot-term and long-term wise)?

Thanks!

1 Accepted Solution

Accepted Solutions

ecsnnsls
Level 1
Level 1
2 Replies 2

ecsnnsls
Level 1
Level 1

Hi @SIMMN ,

You can refer to this document,

https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/215016-overlapping-subnets-on-l3outs-in-cisco-a.html#anc4

section "Fabric with 0.0.0.0/0 prefix declared as external on multiple external EPGs"

HTH

 

Thanks for the link! Even the doc was created using ACI v3.2, it was still an interesting read actually. Two take aways:

  1. When deploying L3outs, separate EPGs in the same VRF, should not have overlapping subnets marked as 'external subnet for external EPGs'.
  2. With 0.0.0.0/0 used as subnet in L3Out EPGs, communication would work but it could lead to contract bypass for inter-EPG traffic...

But here is a little bit reality check, how many ACI fabrics in production are actually using specific contracts for inter-EPG instead of using vzAny Tenant/VRF wide?

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License