I have 2 pods, with 1 L3out, with interfaces profiles connecting to a firewall in each pod (for external access), topology like this:
| | (bgp)
| | (ospf, single l3out, 2 interface profiles)
Suppose the route received from the cloud is eg. 10.10.10.0/24, and is received by both firewalls.
I then wish to redistribute the route into OSPF from both firewalls, using different metrics, such that fw1 would be the preferred exit point for the entire fabric. e.g. i could redistribute as E1 from fw1 and E2 from fw2, or manipulate the costs. I would like nodes in pod1 AND pod2 to use fw1 as the exit, with fw2 as a backup.
As the OSPF routes are again redistributed within the fabric into MP-BGP, will my OSPF metrics be lost? Will nodes in pod2 still prefer the route received from fw2? If so, is there a way to easily override this?
If this is not possible using OSPF then is it possible using BGP? My preference is to use OSPF.
TIA for answers.
For dynamic protocols this can be done with an interleak policy. If the route 10.10.10.0/24 is coming from both L3 outs then you can create an interleak policy on the L3 out, with a route profile that has a match statement permitting the10.10.10.0/24 prefix and a set statement with the local preference higher on the L3 out you want to prefer.
Hope this helps,
Thanks for your answer Michael.
I am using only a single L3out.
I think if i had 2 L3outs, then i would have to add the same route (10.10.10/24) to both L3out EPGs.
When i've attempted this in the past, ACI raises a fault regarding the overlap.
Yeah not sure if this can be done then. You may be able to accomplish with PBR on the external devices. I think the easier solution though is to split this into 2 L3 outs (each pod) and use the interleak policy. Regarding the overlapping. Just use 0.0.0.0/0 - External Subnets for External EPG on one of the L3 outs then it shouldn't give you that error.