Implement ACI Transit Routing (Multipod)
Available Languages
Introduction
This document describes how to configure transit routing in an Application Centric Infrastructure (ACI) multipod environment.
Prerequisites
Requirements
Cisco recommends that you have knowledge of these topics:
- ACI multipod
- L3Out
- Contracts
- Routing protocols
Components Used
The information in this document is based on these software and hardware versions:
- 2 N5K-C5548UP switches, both on NXOS version 7.3(8) (used as external routers)
- 1 N9K-C9332PQ leaf switch and 1 N9K-C93108TC-EX leaf switch, both on ACI version 14.2(7f)
- 2 N9K-C9336PQ spine switches, both on ACI version 14.2(7f)
- 1 N9K-C9232C switch (used as IPN device) on NXOS version 10.3(3)
The information in this document was created using the above devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Background Information
In transit routing, the Cisco ACI fabric advertises the routes that are learned from one Layer 3 Out (L3Out) connection to another L3Out connection. The external Layer 3 domains peer with the fabric on the border leaf switches. The fabric is a transit Multiprotocol Border Gateway Protocol (MP-BGP) domain between the peers.
Configure
Network Diagram
Network diagram
Configurations
A logical node profile is used to identify the leaf switch that is connected to external networks, and that can deploy the routing protocol or static routes towards it. To view the logical node profile in the L3Out, navigate to your Tenant > Networking > L3Outs > L3Out > Logical Node Profiles > Logical Node Profile as shown in the image.
Logical node profile for LEAF102
Logical node profile for LEAF202
A logical interface profile is used to identify the L3Out interface that connects to the external device. You see several function elements that are defined for virtual routing and forwarding (VRF): Address Resolution Protocol (ARP), Border Gateway Protocol (BGP), Neighbor Discovery, and Open Shortest Path First (OSPF) as a consequence of both profiles. To view the logical interface profile in the L3Out, navigate to your Tenant > Networking > L3Outs > L3Out > Logical Node Profiles > Logical Node Profile > Logical Interface Profiles > Logical Interface Profile. In these examples, an SVI is configured in the logical interface profile.
Logical interface profile for LEAF102, eth1/1
Logical interface profile for LEAF202, eth1/2
An external EPG instance profile (External EPG, L3Out EPG) represents a group of external subnets that have the same security behavior. Other subnets can also associate with other scopes, which define the routing behavior for that subnet. To view the external EPG in the L3Out, navigate to your Tenant > Networking > L3Outs > L3Out > External EPGs > External EPG as shown in the image.
External EPG instance profile for MR-BGP L3Out
External EPG instance profile for MR-OSPF L3Out
In these examples, the MR-PERMIT-ICMPcontract is applied as both a provided and consumed contract in both external EPGs.
MR-PERMIT-ICMP contract applied to MR-BGP-EXT-EPG
MR-PERMIT-ICMP contract applied to MR-OSPF-EXT-EPG
On LEAF102, BGP is established with neighbor 50.50.50.50 and is receiving the external network 49.49.49.49/32.
BGP peer entry on LEAF102
BGP summary for VRF MR:MR-VRF on LEAF102
BGP route for VRF MR:MR-VRF on LEAF102
On LEAF202, OSPF is established with neighbor 1.1.1.222 and is receiving the external network 101.101.101.101/32.
OSPF neighbor entry on LEAF202
OSPF neighbor for VRF MR:MR-VRF on LEAF202
OSPF route for VRF MR:MR-VRF on LEAF202
On both LEAF102 and LEAF202, the MP-BGP table for the VRF shows the external BGP network, 49.49.49.49/32, but it appears as external on LEAF102 and internal on LEAF202. The OSPF external network, 101.101.101.101/32, also appears in the BGP tables on both leaf switches; on LEAF202 it shows as redistributed from OSPF and on LEAF102 it shows as internal.
MP-BGP table for VRF MR:MR-VRF on LEAF102
MP-BGP table for VRF MR:MR-VRF on LEAF202
The BGP IPv4 table contains equivalent information.
BGP IPv4 table for VRF MR:MR-VRF on LEAF102
BGP IPv4 table for VRF MR:MR-VRF on LEAF202
However, the OSPF external network, 101.101.101.101/32, is not in the routing table of N5K1.
RIB for VRF MR-BGP on N5K1
Similarly, the BGP external network, 49.49.49.49/32, is not in N5K2 's RIB.
RIB for VRF MR-OSPF on N5K2
In the BGP L3Out, navigate to External EPGs > External EPG > Subnets and select the + icon in the top-right corner of the table. Enter the IP address of the external subnet received from the OSPF L3Out, 101.101.101.101/32. Choose Export Route Control Subnet in the Route Control section and clear the External Subnets for the External EPG classification. Click Submit. The Export Route Control Subnet option allows a network to be exported (advertised) to the external peer.
Create new subnet
Configure the correct options for the new subnet
On N5K1, the OSPF external network, 101.101.101.101/32, is now received over BGP.
RIB for VRF MR-BGP on N5K1
In the OSPF L3Out, navigate to External EPGs > External EPG > Subnets and select the + icon in the top-right corner of the table. Enter the IP address of the external subnet received from the BGP L3Out, 49.49.49.49/32. Choose Export Route Control Subnet in the Route Control section and clear External Subnets for the External EPG classification. Click Submit.
Create new subnet
Configure the correct options for the new subnet
Now on N5K2, the BGP external network, 49.49.49.49/32, is received over OSPF.
RIB for VRF MR-OSPF on N5K2
Ping works between the two networks because of the MR-PERMIT-ICMP contract that was applied to both external EPGs earlier.
Communication verification on N5K1
Communication verification on N5K2
Related Information
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
1.0 |
09-Oct-2023 |
Initial Release |
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)