Thanks Pita and Robert.Can

tienbuiminh · ‎05-24-2015

Hi everyone,

I have some questions,

1. What is a difference between Subnets in EPG and Subnets in BD?

2. How many Subnets(in 1 Bridge Domain) can I create in tenant Common?

Thanks,

tienbui

dpita · ‎05-24-2015

Hello

regarding question 1) no real difference in where the subnet is defined. Under the EPG it is expected that the subnet will be used for shared services like route leaking for inter-tenant communications

as per the number of subsets in 1 BD under tenant common, I would have to check internally or recreate to find out.

Ill report back back here with my findings! Thanks for using support forums!

Robert Burns · ‎05-25-2015

The only other consideration on whether a subnet should be defined at the BD vs. EPG level is in regards to route advertising. If you have a L3 external peering via OSP/EIGRP/BGP, and you'd like to advertise the Tenant prefix being used, the subnet must be created under the BD and set to "public".

The common tenant has no different limitations to scale than any other tenant. The scalability guide should provide the relevant info for your release.

Robert

vuth60001 · ‎05-25-2015

Thanks Pita and Robert.

Can you share to me, how many maximum subnets per BD ?

Thanks for your support.

Joseph Ristaino · ‎05-27-2015

In standalone, there is no limit to the amount of IP's you can place under an SVI. Each additonal subnet is added as a secondary IP under the SVI:

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/6-x/unicast/configuration/guide/l3_cli_nxos/l3_ip.html#pgfId-1233390

I would think this is the same for ACI :)

Joey

networkguy13111 · ‎02-24-2016

Hi Robert,

In regarding in the 'public' 'private' subnet mark, I think either Cisco document is wrong or there is a software bug on ACI 1.2.1k.

My subnet is advertised over external layer3 out eBGP session no matter where I configure it (BD or eBGP), and no matter what type (private to vrf or public).

"1900-ACI#show ip route bgp

10.0.0.0/24 is subnetted, 1 subnets
B 10.112.1.0 [20/0] via 172.16.1.10, 00:01:34

-- Best Regards

dpita · ‎02-25-2016

Hello

That is interesting. Could you please provide the following output from your border leaf? (the one that connects to the external router)

show ip prefix-list

as well as this moquery command from your APIC. where the subnet "17.17.2.1" can be replaced with your 10.112.1.0

admin@rtp1-apic1:~> moquery -c fvSubnet -f 'fv.Subnet.ip=="17.17.2.1/24"'

Total Objects shown: 1

# fv.Subnet

ip : 17.17.2.1/24

childAction :

ctrl :

descr : Tenant Blue in deadbeef Pod

dn : uni/tn-deadbeef-blue/BD-blue-bd2/subnet-[17.17.2.1/24]

lcOwn : local

modTs : 2015-12-24T11:57:27.799-05:00

monPolDn : uni/tn-common/monepg-default

name :

preferred : yes

rn : subnet-[17.17.2.1/24]

scope : public,shared

status :

uid : 15374

virtual : no

admin@rtp1-apic1:~>

networkguy13111 · ‎02-25-2016

Hi Robert,

The MO attributes:

admin@apic1:~> moquery -c fvSubnet -f 'fv.Subnet.ip=="10.112.1.1/24"'
Total Objects shown: 1

# fv.Subnet
ip           : 10.112.1.1/24
childAction :
ctrl         :
descr        :
dn           : uni/tn-ITS/BD-MyAurionReals/subnet-[10.112.1.1/24]
lcOwn        : local
modTs        : 2016-02-25T13:33:58.524+10:00
monPolDn     : uni/tn-common/monepg-default
name         :
preferred    : no
rn           : subnet-[10.112.1.1/24]
scope        : private
status       :
uid          : 15374
virtual      : no

The prefix list seems empty for 10.x.x.x range:

rackf8_2# show ip prefix-list
ip prefix-list IPv4-deny-all: 1 entries
   seq 1 deny 0.0.0.0/0
ip prefix-list IPv4-2621440-5474-18-2490368-shared-svc-leak: 1 entries
   seq 2 permit 172.20.1.0/24
ip prefix-list IPv4-peer21-2457600-2490368-5474-shared-svc-intDST: 2 entries
   seq 3 permit 192.168.2.1/24
   seq 4 permit 192.168.1.1/24
ip prefix-list IPv4-peer21-2457600-2490368-49155-shared-svc-intDST: 2 entries
   seq 3 permit 192.168.2.1/24
   seq 4 permit 192.168.1.1/24
ip prefix-list IPv4-peer21-2457600-2621440-19-shared-svc-intDST: 2 entries
   seq 3 permit 172.30.1.1/24
   seq 4 permit 172.30.2.1/24
ip prefix-list IPv4-peer21-2457600-2621440-5475-shared-svc-intDST: 2 entries
   seq 3 permit 172.30.1.1/24
   seq 4 permit 172.30.2.1/24
ip prefix-list IPv4-peer21-2457600-exc-int-inferred-exportDST: 2 entries
   seq 2 permit 130.112.3.1/24
   seq 4 permit 130.112.1.1/24
ip prefix-list IPv4-peer21-2457600-2490368-10932-shared-svc-intDST: 2 entries
   seq 3 permit 192.168.2.1/24
   seq 4 permit 192.168.1.1/24
ip prefix-list IPv4-2621440-any-18-2555904-shared-svc-leak: 1 entries
   seq 1 permit 172.20.1.0/24

For this:

ip prefix-list IPv4-peer21-2457600-exc-int-inferred-exportDST: 2 entries
seq 2 permit 130.112.3.1/24
seq 4 permit 130.112.1.1/24

This prefix-list is not modified by APIC at all regardless what type of subnet I configure them.

-- Best Regards