cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1482
Views
10
Helpful
2
Replies
Claudia de Luna
Rising star

Clarification on L3 Outs

I'm hoping this community can help clarify my understanding of L3 Outs and when to use the same L3 Out vs separate L3 Outs. 

Scenario 1:

Lets say we have border leafs in a full mesh with two upstream core switches in a Routed Interface OSPF configuration, so 2 links per leaf, and we are expecting 4 x ECMP into and out of the fabric.  So thats one L3 out construct with two node profiles and two Routed Interface entries in each.  That seems straightforward.  How would this differ if I had two L3 Outs one to each core?

 

Now lets add a pair of Internet routers. 

Option 1:  a full mesh of links again using Route Interfaces.  Are those additional Routed Interface entries in the existing L3 Out or a new L3 Out?

Option 2:  I can only have one link between each leaf and each internet router so I want to build adjacencies across an EPG using SVIs.  Now my Physical Domain is important because I'm using an encap.  So are these additional SVIs in the existing L3 Out or a new L3 Out.

 

What if I want to participate in dynamic routing with the core but only want to learn the default route from the Internet routers?

 

I'm trying to work through the various design/decision points that would lead to separate L3 Outs for these type of functions vs one consolidated L3 Out.

 

Thanks in advance for any pointers and guidance!

2 REPLIES 2
Leon
Beginner

In my opinion, the main difference is that separate L3outs give you control of different networks that you advertise or receive. With a single L3out, you will have one EPG for that L3out, which means whatever EPG needed to use that L3out will be able to access ALL networks being received from that L3out. 

The EPG also gives you the ability to filter incoming networks, perform network summary, as well as controlling what ACI can advertise out.

Also if you have different default routes that you need to setup for different network, single L3out will not work.

If you use VLAN tagging, you should be able to route the traffic separately across one physical link, using multiple L3out. 

Jason Williams
Beginner

Using 1 or 2 L3outs would depend upon the design of your dynamic routing. 

Are you using the same protocol for the core and internet? 

If yes, then will they operate on the same process/area?

Example: If all routers need to advertise over OSPF area 0, then place all into the same L3 out. If one set of routers uses area 0 while another group of external routers is on area 1, then you would need 2 different L3 out configurations. If you would like the 2 L3 outs to communicate, then you can configure transit routing.

For ACI border leaves to learn default routes via dynamic routing you would need to configure the external router to advertise a default route. 

Example: For OSPF, use the default-information originate command and ACI border leaves will learn the default route via OSPF.

If a default route is not used dynamically, then a static default route can be configured under the node profile. 

Regards

Jason