ACI Multipod WAN Route Tagging BGP - EIGRP

SJB0095 · ‎08-24-2018

We have migrated our WAN connections from our OLD network to ACI and have hit issues with routing loops. Hoping someone here can help.

When we redistribute routes from one WAN route into our core network (now ACI) we used TAGs to prevent routing loops, it looks like ACI is removing the TAG 100 and installing its own 4294967295 (loop prevention)

is there a way to prevent ACI from removing the TAG 100 when being imported into ACI?

diagram attached.

micgarc2 · ‎08-26-2018

Looks like you are doing transit routing from the topology and tag you are seeing. I will have to test in lab but I do not believe this is possible. We only support route tagging for BD prefixes -> L3 out. For transit prefixes we will tag the routes with the default 4294967295 tag. You can change that default tag value in the route-tag policy but it still applies to all the transit routes in that VRF. I will try to test this further but at first glance not sure if this will work. ACI also uses the 4294967295 the tag for route prevention. Basically when a transit route from one VRF is advertised back into another VRF with OSPF or EIGRP, the route will be blocked.

In some scenarios this is not desired and we can change the route tag in one of the VRFs but in your case the issue is more related to an external TAG not being preserved through the fabric.

-Michael G

SJB0095 · ‎08-28-2018

Hi Michael,

Thanks for looking into this, I opened a TAC case about this one and the very helpful guy suggested that separate L3outs might carry the TAG..

I would be interested in your thoughts on this one?

Stuart

micgarc2 · ‎08-28-2018

I was thinking about this more. If we disable the tag in ACI we still run into the same issue but now the problem is on ACI. ACI will receive routes it advertised out to one side coming back from other so we are not solving anything. Not really understanding the point of doing loop prevention outside of ACI by disabling it in ACI.

SJB0095 · ‎08-29-2018

@micgarc2 I agree it doesn't sound sensible to disable the default loop prevention withing ACI,

So I guess the question is with our scenario what's the best way to prevent loops from accruing? as we can no longer use route TAGs with ACI?

micgarc2 · ‎08-29-2018

I would just let ACI handle the loop prevention as it does by default without any extra config with the default tag and then not do tagging externally.

SJB0095 · ‎08-29-2018

that only helps with ACI routes being advertised out,

what's happening is ACI is learning routes from one WAN router1 removing the TAG and they are being advertises back out of the other WAN Router2.

micgarc2 · ‎08-29-2018

Please read this section: "Routing Loop Protection with Transit Routing" : https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/ACI_Best_Practices/b_ACI_Best_Practices/b_ACI_Best_Practices_chapter_010010.pdf

SJB0095 · ‎08-31-2018

that's not much help, that only discusses out bound from ACI being re-advertised back in NOT learned routes being advertised back out.. I think we'll have to look at using a route filter to limit the subnets being advertised back to the WAN routers.

micgarc2 · ‎08-28-2018

What is the SR #? We don't external preserve tags in ACI. I can open an enhancement for you. Something like a check box that enables or disables loop prevention. By disabling, it would allow the external tag to be preserved.

SJB0095 · ‎08-28-2018

684924313