cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1294
Views
0
Helpful
3
Replies

Policy based routing on ACI

Is it possible to policy route traffic from between L3outs? Like we do on IOS.

 

We have 3 L3outs in a single VRF and the requirement is to route traffic entering from one L3out (internal) to route it to another L3out (External1) or L3out (external2) based on source/destination network?

 

 

 

3 Replies 3

Sergiu.Daniluk
VIP Alumni
VIP Alumni

Hi,

ACI PBR is only present along with L4-L7 services. And this one do not give you the possibility to control PBR based on specific SIP/DIP, but rather on source EPG/destination EPG through the use of contracts.

Isn't there an option you can control the preference of the L3Out through metrics?

Cheers,

Sergiu

Hi Sergiu,

 

I have been looking around and came across the following link,

 

https://unofficialaciguide.com/2019/04/08/policy-routing-with-service-graphs/

 

can you please provide me some reference where in l3out preference can be achieved with metrics?

 

Thank you,

 

Camilo Jaraba
Level 1
Level 1

Hello, I have similar situation.

need to migrate a legacy PBR (routemap with defined nexthop applied into a ingress interface with a specific access-list to match source and destination).

 

I have review all the documentation about Service Graph as ACI Routemaps under L3Out is only to control export/export of subnets as per all my tests.

 

Unfortunately L4-L7 Service Graph is not working for some reason.

 

Please see attached topology for reference.

 

We have several L2 "vlans" mapped inside ACI and StaticPorts added to each to allow traffic with no issues.

Additionally we have L3 BD acting as the gateway of those vlans

what we are looking for is to evaluate the following:

 

source: any ip address inside ACI (this is machines or devices that use ACI as GW)

destination: a specific subnet outside ACI (this is a nexus 7k)

nexthop: as the legacy netwotk we want to stablish the nexthop to be the new Point-to-Point between ACI and N7K)

 

We have tried to get this working using L3Out to communicate with outside n7k and also using a BD for the P2P but cannot get it.

without PBR traffic works but there is a lot of hops and latency as it uses MPLS, we want to use a direct connection we have between Sites.

 

Thanks in advance!

 

CJ

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License