cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
573
Views
0
Helpful
3
Replies
LakshmiPrabu
Beginner

L3 Routing in VRF

I have created a L3Out - External Routed Domain under Networking. There is a VRF associated with this External Routed Domain.

Under Route Control Subnet I have defined as 0.0.0.0/0 to exchange routes with my external device through the OSPF defined interfaces.

I would like to get clarified whether all the Bridge Domains / Subnets that I create now as part this VRF would be advertised to external device on the OSPF profile or is any explicit configuration  required every time.

3 REPLIES 3
Marcel Zehnder
Participant

Hi Laskhmi

You also need to attach the L3Out to the bridge domains you want to propagate to your external OSPF neighbours (this is done under the "L3 configurations" tab in your bridge domains).

gmonroy
Cisco Employee

LakshmiPrabu,

In addition to the below, you will also need to explicitly set the ACI defined subnets to Publc (or "Advertise Externally") in order to allow it to do so. Please see the following from the ACI Fundamentals Guide:

The options for a subnet under a bridge domain or under an EPG are as follows:

  • Public—the subnet can be exported to a routed connection.

  • Private—the subnet applies only within its tenant.

  • Shared—the subnet can be shared with and exported to multiple VRFs in the same tenant or across tenants as part of a shared service. An example of a shared service is a routed connection to an EPG present in another VRF in a different tenant. This enables traffic to pass in both directions across VRFs. An EPG that provides a shared service must have its subnet configured under that EPG (not under a bridge domain), and its scope must be set to advertised externally, and shared between VRFs.

-Gabriel

Leon
Beginner

You also need to make sure there is a vZany contract in the VRF or a contract between L3out EPG and application EPGs. Without EPG, you might still see routes being exchanged, but no traffic.

This is all assuming that your L3out is in the same VRF as the subnets. If you are using a shared L3out, things get a bit more complicated/easier depends on what you need to do.

Leon