cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1220
Views
0
Helpful
3
Replies

PBR with Multiple l3Outs

dthomason
Level 1
Level 1

Is there a way to have multiple l3Out's in the same tenant with the ability to send internet traffic down one l3out and internal traffic down the other l3out, if so, how?

 

3 Replies 3

If a default route is coming in L3Out-A and more specifics network prefixes are coming in L3Out-B then routing should take care of sending the traffic to the correct external Router as long as contracts are in place.

I get that, the problem is they both have default routes but I only want to use one of them for INET traffic.

I don't see it possible due to the fact that those default routes are received from a L3Out. It could be one L3Out or two L3Outs. Static routes or Dynamic Routing.

In the L3Out, there is a Logical Node Profile and inside it, a Logical Interface Profile with an encap VLAN already defined to reach the next-hop IP (the External Router's leg) of those default routes (in case you configured it with the SVI option).

To use PBR, you would need to attach it to a Service Graph and for that, define a L4-L7 Device. In the L4-L7 device you would need to configure the Concrete Interface and Cluster interface to reach the next-hop IP (the External Router's leg) again. Since you have already defined the connectivity to the External Router's leg with an encap VLAN in the L3Out, it cannot be duplicated  in the L4-L7 device configuration.

PBR with L4-L7 was designed for Service Insertion and steer the traffic to a Firewall or Load balancer.

To accomplish your objective, you would need instead to modify Admin Distance (if you are using Default Static routes) or increase inbound metric to make one of the default route less desirable as an exit point in the Border Leaves. Or maybe, you could inject 0.0.0.0/1 and 128.0.0.0/1 to force the traffic to the desirable exit point. Those more specific routes take precedence over 0.0.0.0/0 in Routing. Just brainstorming here.

Regards.

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License