cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4149
Views
5
Helpful
5
Replies

ACI static routes to internal EP

EduardR
Level 1
Level 1

Hey all,

 

We are currently working on migrate many of our networks, actually placed on 2 N7k, to a Cisco ACI in Network Centric, all the physical conenctions have been migrated and we just need to migrate the SVI. The migration with almost all the VLANs is pretty easy, just shut the Nexus SVI and configure the subnet in the respective Bridge Domain, and make the OSPF between the Fabric and the Nexus do the rest.

 

But, we got 1 VLAN that has many Firewall hosts inside, and many static routes in the Nexus7k that point to these hosts. ALl the connections to these host are actually in a pair of leaf inside the Fabric, but the default gateway is still in the nexus7k ¿Is there any strategy to migrate that SVI and make the static routes work?

5 Replies 5

martin.parodi
Level 1
Level 1
Did you solve it?

Negative, it seems is not possible at all. We needed to migrate all the host in that VLAN.

peterzhang
Level 1
Level 1

For host routes behind the firewall, after moving the SVI into ACI. You can try creating static host routes for these hosts behind a firewall. The feature is under BD -> Subnets -> Right click on the subnet -> Create EndPoints Behind EPG subnet. Here is the whitepaper with additional details.

 

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/2-x/L3_config/b_Cisco_APIC_Layer_3_Configuration_Guide/b_Cisco_APIC_Layer_3_Configuration_Guide_chapter_01000.pdf

 

Additionally in version 4.0, you can enable host-based routing on the bridge domain so that individual host routes (/32 prefixes) are advertised from the border leaf switches.

 

Make sure you test them in a lab environment before attempting in production.

Hello! So, is it impossible to have a network behind the FW in an EPG? 

Thanks!

Please read the reply above yours.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: