Static L3 out issue

mmacdonald70 · ‎06-30-2016

We have a simple ACI network setup at the moment. Single VRF. Several Tenants, each tenant shares a L3 out that was created in the common VRF. OSPF over a VPC.

Recently, another client asked to connect into the ACI. They have their own network that they wanted to statically route through the ACI. We connected their switch as a VPC to four ports on the same Leaf switches as the existing L3 out. We then created an interface profile and assigned it to a routed domain.

In one of the tenents, we created a L3 out, added the nodes and assigned IP addresses and contracts. The problem is that it doesn't seem to work. The port channel is up, we can see the mac addresses of the switch as endpoints, but we can't ping the switch and he can't ping us. When we converted it to a simple endpoint and created a network, it worked fine.

If it matters, the nodes are connected with SVIs. The only error message that I can see is on the L3 out itself. I don't remember the exact wording but it says something about either nodes being configured with no path or path with no nodes. I can get the exact error message if it helps.

Does anybody know where I should look to troubleshoot this? Or have a list of everything that needs to be done to set up a L3 out with static routing.

Thanks,

Tomas de Leon · ‎06-30-2016

This is a known limitation.

CSCux66950 - L3out Static Routes not advertised between route processes on same leaf

In ACI version 1.2(1i) \ 1.1(4e), Static routes are not advertised (redistributed) between different routing processes when located on the SAME Leaf Node. The External EPG is configured to use "0.0.0.0/0" with Aggregate Export. Dynamic Learned Routes and Remote Static Routes (on a different leaf) are learnt and advertised as expected.

The local static routes for each routing process are not included with the use "0.0.0.0/0" with Aggregate Export on the External Network EPG configuration.

The "exc-ext-inferred-exportDST" prefix list is NOT created so the static route prefixes are NOT added.

The workaround is to manually configure the static routes that are not being advertised individually to the External Network EPG configuration. This is in addition to the "0.0.0.0/0" with Aggregate Export. Once you individually add the routes necessary, the "exc-ext-inferred-exportDST" prefix list is created and the static route prefixes are added. This should all be handled by the "0.0.0.0/0" with Aggregate Export.

Version Tested:
apic = 1.2(1i) \ 1.1(4e)
leaf\spine = 11.2(1i) \ 11.1(4e)

Release-Note:
Symptom:
The local static routes for each routing process are not included with the use "0.0.0.0/0" with Aggregate Export on the External Network EPG configuration.

Conditions:
Static Routes are configured for two different route processes on the SAME Leaf Node. The External EPG is configured to use "0.0.0.0/0" with Aggregate Export.

Workaround:
The workaround is to manually configure the static routes that are not being advertised individually to the External Network EPG configuration. This is in addition to the "0.0.0.0/0" with Aggregate Export. Once you individually add the routes necessary, the "exc-ext-inferred-exportDST" prefix list is created and the static route prefixes are added. This should all be handled by the "0.0.0.0/0" with Aggregate Export.

Sample Diagram included which displays the limitation and the workaround

mmacdonald70 · ‎07-04-2016

Thanks but I don't think that this is my issue. At the moment, I can't even get the SVI to come up properly and I can't ping the switch on the other end from the leaf.

My connections are also not both static (one is OSPF)

dpita · ‎07-04-2016

Regarding the SVI, do you mean its not part of OSPF or the VRF is not created on the leaf?

-Are there any faults?

-do you have a domain associated to the L3 out?

-are the access policies configured?

-is the VRF configured on the switch? (show vrf)

---is the VRF associated to the L3 out

i look forward to your response!