07-31-2024 07:51 AM
Hello all,
In Cisco ACI L3OUT, we have an option called Export Route Control Subnet which is used for Transit Routing (i.e. advertising external routes from one L3OUT to another L3OUT).
My question is, what's with that name? Why is it called Export Route Control Subnet and not something more descriptive of what it's actually doing? I'm trying to come up with a way to remember that that option = Transit Routing, but I can't figure out how to read the name Export Route Control Subnet for it to make sense, like should I read it like:
Does anyone have a good way to help us remember that Export Route Control Subnet = Transit Routing? (And I may be missing something obvious here and if so please tell me :- ) ).
Solved! Go to Solution.
07-31-2024 09:36 AM
Hi @vv0bbLeS ,
I agree.
However, remember that setting is within a Subnet window. When ticking that box "Export Route Control Subnet", it says that this Subnet will Control the Route Export... So reading in reverse can help you!
Alternatively, as you spent 10 minutes to write that post about "Export Route Control Subnet", I am pretty sure that was enough to engrave it in your mind!
Regards
07-31-2024 09:36 AM
Hi @vv0bbLeS ,
I agree.
However, remember that setting is within a Subnet window. When ticking that box "Export Route Control Subnet", it says that this Subnet will Control the Route Export... So reading in reverse can help you!
Alternatively, as you spent 10 minutes to write that post about "Export Route Control Subnet", I am pretty sure that was enough to engrave it in your mind!
Regards
07-31-2024 09:50 AM
@Remi-Astruc yes thank you! That does help!
Also, I was reading this great post We Don't Need No Stinkin' Flags! ACI External EPG Subnet Flags...Just for Fun! (cisco.com) and it struck me that the term Route Control is akin to the term Route Management , which also helped. So, I can also think of this flag as saying something like "Hey, tell Route Management to Export this Subnet (to this L3Out)" , or "Hey, tell Route Control to Export this Subnet (to this L3Out)."
I guess if you think of Route Control as a thing, and a subnet you want to export as needing to be managed by Route Control (i.e. Route Management), then I guess the subnet you're exporting could be called a "Route Control" subnet , which, if I wanted to Export one of those subnets, I could maybe see where the dev's got the term Export Route Control Subnet , as in I want to Export a "Route Control Subnet" . Maybe? LOL I dunno, it's all kind of a stretch to me! : D
07-31-2024 10:04 PM - edited 07-31-2024 10:06 PM
Export Route Control Subnet (ERCS): Any external subnet learned via L3Out configured on a Border Leaf switch cannot be advertised to a downstream device by another leaf switch, until you configure Export Route Control Subnet.
In the diagram (Transit Routing Lab) below, both the leaf switches are connected to external networks and are advertising external subnets of one another using ERCS.
Prerequisite: Kindly be noted that configuring the BGP Route Reflector is a MUST to make sure that the external subnet must get propagated to all other leaf switches in the ACI fabric.
.........Please give your thumps-up if the response convinces you...........
08-01-2024 07:36 AM - edited 08-01-2024 09:08 AM
@AshSe per the above article We Don't Need No Stinkin' Flags! ACI External EPG Subnet Flags...Just for Fun! (cisco.com) , I believe Export Route Control Subnet is used for Transit Routing.
In other words, in your diagram above, the external 20.1.1.0/24 subnet from the EIGRP L3Out would be advertised to the other leafs by default (so the rest of the fabric does know "how" to reach that 20.1.1.0/24 external subnet), but that external 20.1.1.0/24 subnet would NOT be advertised OUT to any other L3Out's (e.g. would NOT be advertised OUT to the OSPF L3Out), unless you added that 20.1.1.0/24 external route to the OSPF L3Out External EPG with Export Route Control Subnet checked (i.e. "advertise this 20.1.1.0/24 subnet out to this OSPF L3Out").
Per that article above, for the Export Route Control Subnet flag: "This flag tells ACI to advertise this route out of the fabric at a certain L3Out."
The flag you "might" be talking about in your post is the External Subnets for the External EPG flag, whose meaning is basically in the name: "[Add this subnet to the] External Subnets for the (this) External EPG" . In other words, if you're working on this 20.1.1.0/24 subnet in the EIGRP L3Out External EPG above, this flag means "Add this 20.1.1.0/24 subnet to the list of External Subnets for this EIGRP External EPG" , or more succinctly, "Add this 20.1.1.0/24 subnet to this External EPG". This is similar to how we add "internal/regular" subnets to "internal/regular" EPG's!
It's "kind of" the same idea with external subnets and External EPG's in that the External EPG is still a center-point, except that with external subnets, we focus on the External EPG not so much as a "link" between logical and physical, but more so on the External EPG's "security" abilities and how it can tie to Contracts that can permit/deny traffic (again, taking a diagram from @RedNectar 's blog and pasting below).
If I've stated anything incorrectly here, someone please let me know as I'd be glad to learn it! :- )
08-01-2024 10:08 PM
@vv0bbLeS there needs a small correction in your first sentence >>>: .........the external 20.1.1.0/24 subnet from the EIGRP L3Out would be advertised to the other leafs by default ( ..........
>>>kindly be noted that other leaf switche/s will NOT learn external subnet 20.1.1.0/24 by default, but they will learn by the virtue of BGP RR (Route Reflector) configuration in the spine switches.
And, once again:
Export Route Control Subnet configuration in External EPG will make sure that so and so subnet is duly advertised to L3Out neighbor. Need not say that this option comes as a last step (External EPG) in L3Out Network configuration only.
Also,
External Subnet for External EPG option is equivalent to Network command in Routing Protocol configuration in legacy (non ACI) setup. Under this you need to specify the common shared subnet between ACI Border Leaf and external routing device. And thus, it help in the creation of neighborship between ACI border leaf and external routing device.
08-02-2024 07:17 AM
@AshSe sure, when I said learned "by default" I was speaking in general terms, not of the specific mechanism (iBGP RR) by which the route is distributed through the fabric. Thanks!
08-02-2024 08:46 AM
Hi @AshSe ,
Sorry, but your statement about External Subnet for External EPG is wrong.
It actually informs the Fabric which external Subnets are authorized in/out of this L3Out for contracts enforcement.
It has absolutely no effect on routing advertisement, while Network command has.
It is all about Security, while Network command is not.
Finally, I think the initial question about Export Route Control Subnet has been handled and we should avoid mixing subjects in that thread for the sake of clarity.
Regards
08-05-2024 12:29 AM - edited 08-05-2024 12:29 AM
Hello @Remi-Astruc
my simple understanding about ESEPG & ERCS is based on the lab test observation. Sorry but I am not able to understand your long story. Would appreciate if you could make your long story short in simple words to understand.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide