Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1372
Views
0
Helpful
5
Replies

Static L3 Out Transit ACI fabric

Go to solution
faizal_vi
Level 1
Level 1

‎06-15-2020 09:28 AM

Hi,

HI

DC-DIAG.png

Please find the above diagram for a proposed DC setup. The current DC is with traditional switches with 2 WAN links and 1 LAN link to the Adjacent Building.

ie there are three L3 connections connected to the current core switch.

I have few doubts about the L3 out that is to be configured in the network while we do the migration to ACI infrastructure.

  1. Old DC setup is having static routes configured. Like we have 30 static routes + default route to the FW-A. 20 static routes to FW-B and about 5 static routes to the router. This is because this external links are not just Internet Gateways. They have Site to site connections and MPLS terminated on them.
    1. I would like to know how to configure the L3 out for this setup.
    2. Can I distribute all the routes from all the 3 gateways with each other when I use ACI? I hope the term transit is used in this scenario.
  2. Also, I have few PBR configures to redirect the traffic from Source A to Source B
    1. How will I accomplish it in ACI infrastructure?

The APIC version we are going to implement is 4.2.

 

Appreciate your valuable feedback.

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to faizal_vi

‎06-16-2020 08:36 PM

So if you have 1 vrf and traffic behind FW B must go behind FW A, and so must pass through ACI, ACI will act as transit, you’re right.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni

‎06-15-2020 08:23 PM

Hi

Going with version 4.2, L3outs are very simple to configure through the GUI because you’ll have a wizard helping you and steps are straightforward.

What do you mean by distribute routes between them?
A L3out is attached to vrf. You can have shared services L3out to allow vrf A BD to use vrf B L3out for example. Or also, using the default common tenant will make routing available to others. Can you explain a little bit what do you mean by distribute?

For PBR, here is an official documentation that will help:
https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739971.html

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
faizal_vi
Level 1
Level 1
In response to Francesco Molino

‎06-16-2020 01:02 AM

@Francesco Molino wrote:

What do you mean by distribute routes between them?
A L3out is attached to vrf. You can have shared services L3out to allow vrf A BD to use vrf B L3out for example. Or also, using the default common tenant will make routing available to others. Can you explain a little bit what do you mean by distribute?

Hi , Thank you for your reply on the query.

Just to clarify I have only a single VRF and all the three external links are connected to the same VRF. 

 

With regard to the distribute routes, my query was whether the ACI fabric will act as a transit network for FW.B and the router  for the routes learned from FW.A and vice versa.

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to faizal_vi

‎06-16-2020 08:36 PM

So if you have 1 vrf and traffic behind FW B must go behind FW A, and so must pass through ACI, ACI will act as transit, you’re right.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Go to solution
faizal_vi
Level 1
Level 1
In response to Francesco Molino

‎06-17-2020 07:56 AM

Hi Francesco,

I have gone through the link for the PBR. This part is most confusing area for in APIC .

 

I will make my question simple.I have the below PBR in my Core SW mentioned in the diag. Is it possible to achieve the same in ACI.  Consider I have SVI mentioned below is IP given for the BD  and the endpoint with IP address is 172.165.56.0 is a part of BD. 10.5.10.5 being one of my L3 out device.

 

interface ve 37

ip address 172.16.56.2/24

ip policy route-map ABCD

 

route-map ABCD permit 230

match ip address 230

set ip next-hop 10.5.10.5

 

access-list 230 sequence 10 permit ip 172.165.56.0 0.0.0.255 192.168.200.0 0.0.0.255

 

 

0 Helpful

Go to solution
Francesco Molino
VIP Alumni
VIP Alumni
In response to faizal_vi

‎06-17-2020 08:06 PM

Yes you can do PBR and i understand it could be difficult to understand it.

I have found a video that explains it in a simple way:
https://m.youtube.com/watch?v=H09zV-GIoHk

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License