Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
995
Views
0
Helpful
3
Replies

Properties of L3Out

Go to solution
aloysius.liu
Level 1
Level 1

‎07-21-2020 07:58 AM

Hi all, 

I'm new in ACI and has one question in regard to the basic property of ACI L3Out. I know that multiple L3Outs configured can talk to each other via route-leaking if they are in different vrf and contracts if there are in the same vrf. Are there such properties for one L3 out associating to multiple end devices via multiple leaves ? One example is that you have a pair of leaves connecting to a pair of ASA firewall while the other pair of leaves connecting to another pair of remote routers. Can these be connected via one L3Out ?

 

 

Thanks

Aloysius Liu 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
joezersk
Cisco Employee
Cisco Employee

‎07-22-2020 02:23 AM

Hi Aloysius.  The short answer to your question is yes, you can have more than one peering or adjacency on a given L3out.  The longer answer is this.  Think of the L3Out as equivalent to a routing process.  As long as all your routing peers are using the same protocol (like OSPF for example) and general policy, you can specify many links, peers or adjacencies under the same L3out.  You just need to tell the L3out which leaf, interface and IP needs to be used on the ACI side for each one. 

Hope that helps.

-J

View solution in original post

0 Helpful

Go to solution
aloysius.liu
Level 1
Level 1
In response to joezersk

‎07-26-2020 11:23 PM

Yes, finally I'm able to lab it out. I'm able to create an L3Out that consists of 2 logical Interfaces profiles each mapping to a pair of configured nodes where static routes are define. You will need to create 2 x L3OutNetwork to signify two external EPGs with applied scope on subnets defined in respective L3OutNetwork so as to apply contracts or the like between the two networks. 

 

Basically I would consider L3Out as a routing container with one vrf where you can define multiple node profiles & Interface profiles which is equivalent to ports/routes in network configuration layman term and applying the necessary control  and contract on L3OutNetwork.

 

It is advisable that one Interface profile created map to one L3OutNetwork (external EPGs) to avoid confusion when applying access control on enforced vrf.

 

In the lab, I created one L3Out which had two Interfaces profiles and each profile consists of a pair of nodes. One profile is connected to a pair of ASA while the other profile connected to a pair of L3 routers. 2 external EPGs or L3Out were created each mapping to the respective profile.

 

Thus in conclusion One L3Out can support many interface and node profiles together with multiple L3Out EPGs.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
RedNectar
VIP
VIP

‎07-21-2020 01:20 PM

Hi @aloysius.liu ,

I don't have tome to give a detailed reply - perhaps someone else will - but I've written about this on the forum before - Google search site:community.cisco.com l3out rednectar or look at this one

The key thing to understand is that you are configuring routers - the L3out is nothing magical. What matters are the leaf/interface profiles in the L3Out.

Use One L3out

Use Two L3Outs 

It makes very little diffference. Perhaps LESS confusing (meaning you don't make stupid assumptions about the leaves in the L3Out being able to magically communicate with each other in the sam L3Out) if you use two.

I hope this helps

 


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
0 Helpful

Go to solution
joezersk
Cisco Employee
Cisco Employee

‎07-22-2020 02:23 AM

Hi Aloysius.  The short answer to your question is yes, you can have more than one peering or adjacency on a given L3out.  The longer answer is this.  Think of the L3Out as equivalent to a routing process.  As long as all your routing peers are using the same protocol (like OSPF for example) and general policy, you can specify many links, peers or adjacencies under the same L3out.  You just need to tell the L3out which leaf, interface and IP needs to be used on the ACI side for each one. 

Hope that helps.

-J

0 Helpful

Go to solution
aloysius.liu
Level 1
Level 1
In response to joezersk

‎07-26-2020 11:23 PM

Yes, finally I'm able to lab it out. I'm able to create an L3Out that consists of 2 logical Interfaces profiles each mapping to a pair of configured nodes where static routes are define. You will need to create 2 x L3OutNetwork to signify two external EPGs with applied scope on subnets defined in respective L3OutNetwork so as to apply contracts or the like between the two networks. 

 

Basically I would consider L3Out as a routing container with one vrf where you can define multiple node profiles & Interface profiles which is equivalent to ports/routes in network configuration layman term and applying the necessary control  and contract on L3OutNetwork.

 

It is advisable that one Interface profile created map to one L3OutNetwork (external EPGs) to avoid confusion when applying access control on enforced vrf.

 

In the lab, I created one L3Out which had two Interfaces profiles and each profile consists of a pair of nodes. One profile is connected to a pair of ASA while the other profile connected to a pair of L3 routers. 2 external EPGs or L3Out were created each mapping to the respective profile.

 

Thus in conclusion One L3Out can support many interface and node profiles together with multiple L3Out EPGs.

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License