02-23-2020 01:14 PM
Is there a way to have multiple l3Out's in the same tenant with the ability to send internet traffic down one l3out and internal traffic down the other l3out, if so, how?
02-24-2020 03:26 AM
If a default route is coming in L3Out-A and more specifics network prefixes are coming in L3Out-B then routing should take care of sending the traffic to the correct external Router as long as contracts are in place.
02-24-2020 06:17 AM
02-27-2020 06:43 AM
I don't see it possible due to the fact that those default routes are received from a L3Out. It could be one L3Out or two L3Outs. Static routes or Dynamic Routing.
In the L3Out, there is a Logical Node Profile and inside it, a Logical Interface Profile with an encap VLAN already defined to reach the next-hop IP (the External Router's leg) of those default routes (in case you configured it with the SVI option).
To use PBR, you would need to attach it to a Service Graph and for that, define a L4-L7 Device. In the L4-L7 device you would need to configure the Concrete Interface and Cluster interface to reach the next-hop IP (the External Router's leg) again. Since you have already defined the connectivity to the External Router's leg with an encap VLAN in the L3Out, it cannot be duplicated in the L4-L7 device configuration.
PBR with L4-L7 was designed for Service Insertion and steer the traffic to a Firewall or Load balancer.
To accomplish your objective, you would need instead to modify Admin Distance (if you are using Default Static routes) or increase inbound metric to make one of the default route less desirable as an exit point in the Border Leaves. Or maybe, you could inject 0.0.0.0/1 and 128.0.0.0/1 to force the traffic to the desirable exit point. Those more specific routes take precedence over 0.0.0.0/0 in Routing. Just brainstorming here.
Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide