05-16-2018 08:07 PM - edited 03-01-2019 09:34 AM
Hi All,
My ACI multipod deployment consists of two pods, with each pod having its own L3Out. Each L3Out contains a 0.0.0.0/0 external EPG.
I wish to create a second external EPG (e.g. Admin) containing the /32 IP addresses of certain systems and workstations that require additional access above what is provided to the 0.0.0.0/0 external EPG. For example; this external EPG may consume a contract allowing SSH/RDP to select EPGs.
This second external EPG would be created under both L3Outs as we would wish to maintain the same access for the external systems in the event of an L3Out failure, or if an L3Out association of an EPGs BD was changed, or if the external system was routed via the second L3Out.
However, from what I understand, it appears that this configuration - i.e. creating the same /32 IP address/subnet in an external network under different L3Outs within the same multipod fabric - is not supported and will result in a "Prefix Entry Already Used in Another EPG" fault message.
With this in mind, is there any way in which such access (consistent policy applied to a /32 address in an external EPG) can be configured for a fabric with multiple L3Outs, or is this a fundamental limitation?
Cheers,
-Luke