we have an EPG-BD-switcport 802.1P access to provide connectivity to an Infoblox via ACI. In the same BD we have other devices like domain controllers connected to other ports and switcport 802.1P access. Now we would like to have a L3 Out to talk OSPF between the border leafs an the Infoblox and the question is If we create the L3OUT how we can have the domain controllers in the same vlan than the infoblox or if its possible?
No. By nature, L3Out is precisely anything but a Bridge Domain. You will also never establish OSPF peering with the Fabric from within a BD.
If your Infolblox is a dynamic routing instance in your design, you will put it on a L3Out. You can still route traffic between the L3Out routers and the BD Endpoints if needed, with an appropriate contract.
yes the idea is to create the L3 OUT and delete the BD where the infoblox is currently connected. L3 Out->OSPF->Infoblox. But how i can connect the other devices like the domain controllers to this L3 Out so Infoblox and Domain Controllers will be in the same VLAN is that possible using a L3 Out?
Yes, but then you cannot connect the Domain Controllers on the Leaves anymore. You will need to provide the L2 Vlan with additionnal switches connecting L3out ports, Infoblox and DCs.
But what is really your requirement of having DCs on the same Vlan as the Infoblox? Maybe that can be solved differently.
thanks for the info. Well the way that i have been thinking to do it is to have the L3Out+ospf+infoblox and then have a BD for the domain controllers but cause of the customer want them in the same vlan cause of that my question.
About the DCs, if the requirement is to perform DHCP to the Infoblox, that can be managed from within the BD by assigning a DHCP Relay policy towards the Infoblox behind L3Out, and you're done.
Mark the answer as solved if that's fine for you.
No this isn't the way to go.
BD under l3out (subnets part) is completly a sperate entity(object in aci) from the normal BD/EPG mapping you probably have.
Vlan encapsulation under l3out is not equal to EPG vlan encapsultation.
So for exampe if you have a staitc port mapping in epg with vlan encapsulation 70 and you have an l3out wit another port mapped under node profiles with same encapsulation the devices won't be on same encapsulation domain/broadcast domain.
If you have an extra L3 layer below youre Aci fabric you that already has l3out connection with ACI for all external routing.
You could add an extra routed port on that layer into BD domain/epg via static mapping and do ospf peering between infoblox and that routed port. You will only get hairpinning on return traffic. Also depends on youre Datacenter setup and DCI options.
Redunant extra l3 layer interconnected with it's on DCI l2/l3 and only l3 connections to Aci. With all exernal routing dynamicly exchanged on l3out. And infoblox and and l3 layer via routed ports on extra l3 layer. ACI would learn those routes via l3out for all other external routes outside of aci.
Otjer option could bet to do multihop bgp from infoblox to youe external l3 devices via youre general l3out