Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
328
Views
0
Helpful
1
Replies

Use specific L3Out per bridge domain

Go to solution
brlehigh
Level 1
Level 1

‎05-21-2024 08:12 AM

My question:
Is there a way to force a bridge domain to use a specific L3out when multiple l3outs with default routes exist?

My situation:
I currently have a firewall acting as the default gateway for several networks/VLANs. The firewall has a unique "INSIDE" interface for each VLAN. I'm attempting to migrate the default gateways for each of these VLANs into ACI while still passing north/south traffic through the firewall.
To avoid needing to completely reconfigure the firewall policies, my plan was to create multiple L3Outs in ACI to connect each bridge domain to their respective "INSIDE" interface of the firewall.
I created a single VRF for all the BDs and created the first L3Out.  New addressing was assigned to the respective firewall interface for the L3Out and a static default route was added to the L3Out pointing to the new address of the firewall interface.  I then created the subnet on the BD, assigned the gateway address, and associated the L3Out and everything worked as expected.
When I created the second L3Out and added its static default route pointing to its firewall interface IP, connectivity broke for the first network.  The second L3Out wasn't associated with a bridge domain yet, so not sure why it caused the routing issue.  After removing the newly added static route, connectivity was restored.

Any advice would be greatly appreciated.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
brlehigh
Level 1
Level 1

‎06-13-2024 09:05 AM

I'll go ahead and answer my own question to close the loop.
The abstraction of the ACI GUI makes it look like this should work, however, the answer became apparent after checking the VRF routing table via the CLI.  Regardless of the L3Out, adding a second default route within the same VRF created an ECMP scenario.
My solution is now to create a dedicated VRF for each BD / L3Out combo which achieves the desired end result.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
brlehigh
Level 1
Level 1

‎06-13-2024 09:05 AM

I'll go ahead and answer my own question to close the loop.
The abstraction of the ACI GUI makes it look like this should work, however, the answer became apparent after checking the VRF routing table via the CLI.  Regardless of the L3Out, adding a second default route within the same VRF created an ECMP scenario.
My solution is now to create a dedicated VRF for each BD / L3Out combo which achieves the desired end result.

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License