Configuring Floating L3Outs Using the CLI

Creating a VLAN Pool for Floating L3Out Using the CLI

This section demonstrates how to configure a VLAN pool specifically to use with the floating Layer 3 outside network connection (L3Out).


Note

The VLAN pool for the L3Out must have a static VLAN range. It must also be the same for the VMware vSphere Distributed Switch (VDS) Virtual Machine Manager (VMM) domain and the Layer 3 domain. After you configure the VLAN pool, you configure the VMM and Layer 3 domains, adding the same VLAN pool to each domain.

Procedure

To configure a VLAN pool for floating L3Out:

Example:

    
vlan-domain dom1
    vlan 300-400
    exit

What to do next

Create a VMM Domain Profile for VMware VDS. See the procedure Configuring a VMM Domain Profile for VMware VDS Using the CLI.

Configuring a VMM Domain Profile for VMware VDS Using the CLI

Use this procedure to create a Virtual Machine Manager (VMM) profile for the VMware vSphere Distributed Switch (VDS) if you have not already done so and want to use floating Layer 3 Out network communication (L3Out).


Note

To use a floating Layer 3 outside network connection (L3Out), you must configure a VLAN pool that has a static VLAN range for the VMM domain. Also, the VLAN pool must be the same as the VLAN pool of the L3Out domain. For example, both the range for the L3Out domain and the Virtual Machine Manager (VMM) domain must be 200-209.

Procedure

To configure a VMM domain profile for VMware VDS:

Example:


vmware-domain vmmdom1
    vlan-domain member dom1
    vcenter 192.168.66.2 datacenter prodDC
      username administrator password *****
    configure-dvs
      exit
    exit

What to do next

Configure a floating L3Out. See procedure Configuring a Floating L3Out Using the CLI.

Configuring a Floating L3Out Using the CLI

This section demonstrates how to create a floating L3Out.

Before you begin

You must have created the following:

  • A VLAN pool for floating L3Out

  • A VMM domain profile for VMware VDS

Procedure

To configure a floating L3Out:

Example:


tenant t1
    vrf context vrf1
      exit
    l3out l3out
      vrf member vrf1
      exit
    external-l3 epg instp l3out l3out
      vrf member vrf1
      exit
      exit
leaf 101
  vrf context tenant t1 vrf vrf1 l3out l3out
  exit
leaf 101
     virtual-interface-profile ipv4 vlan 680 tenant Floating vrf Floating l3out CLI
        ip address 1.68.0.3/16
            physical-domain Floating-CP-L3out floating-addr 1.68.0.9/16
            exit
         vlan-domain member CP-L3
         exit
      virtual-interface-profile ipv6 vlan 680 tenant Floating vrf Floating l3out CLI   
         ipv6 address 2000:68::2/64 preferred
            physical-domain Floating-CP-L3out floating-addr 2000:68::9/16
            vlan-domain member CP-L3
         exit

What to do next

Configuring a Secondary IP Using the CLI

This section demonstrates how to configure a secondary and floating secondary IP using the CLI.

Procedure

To configure a secondary and floating secondary IP: 


leaf 101
    virtual-interface-profile vlan 100 tenant t1 vrf v1
      ip address 10.1.1.1/24
      ip address 10.1.1.3/24 secondary
      ip address 11.1.1.1/24 secondary
      ip address 11.1.1.3/24 secondary
      vmm-domain mininet floating-addr 10.1.1.100/24
        ip address 11.1.1.100/24 secondary
        exit
      exit
    exit

Configuring the Avoidance of Suboptimal Traffic From an ACI Internal EP to a Floating L3Out Using the CLI

This section demonstrates how to configure next hop propagation and direct-attached host route advertising using the CLI

Before you begin

The following must be configured:

  • For Next Hop Propagation, the floating L3Out must be in a physical domain, not in a VMM domain.

  • A BD, EPG, and a contract between the EPG and L3Out EPG

Procedure

Step 1

To configure next hop propagation:

Example:


tenant t1 vrf v1 route-map sap match
 prefix-list p1
  leaf 101
    vrf context tenant t1 vrf v1
      route-map sap
        match prefix-list p1
          set next-hop-unchanged
          exit
        exit
      exit
    exit

Step 2

Configuring direct-attached host route advertising:

Example:

leaf 101
    router bgp 100
      vrf member tenant t1 vrf v1
        redistribute static route-map r2
        redistribute attached-host route-map r1
        exit
      exit
    exit

Configuring Maximum Number of Paths for Redistribution of Routes in Fabric Using the CLI

The following example provides information on how to configure the BGP Max Path feature using the CLI.

Before you begin

Refer to the Verified Scalability Guide for Cisco APIC on the Cisco APIC documentation page for the acceptable values for the following fields.

Procedure

Enter the following commands, where the maximum-paths local command is used specifically to configure the maximum number of paths for redistribution of routes in the fabric using the CLI: 


apic1(config)# leaf 101
apic1(config-leaf)# template bgp address-family newAf tenant t1
apic1(config-bgp-af)# maximum-paths local 12
apic1(config-bgp-af)# exit
apic1(config-leaf)# exit
apic1#

Configuring Multiple Next-Hops Using the CLI

The following example provides information on how to configure multiple next-hops using the CLI.

Procedure

Enter the following commands, where the set next-hop-unchanged and set redist-multipath commands are used specifically to configure the multiple next-hops using the CLI: 


apic1(config)# leaf 101
apic1(config-leaf)# template route-profile test_rp tenant t1
apic1(config-leaf-template-route-profile)# set next-hop-unchanged
apic1(config-leaf-template-route-profile)# set redist-multipath
apic1(config-leaf-template-route-profile)# exit
apic1(config-leaf)# exit
apic1#

Verifying Floating L3Out Using the CLI

This section demonstrates how to verify a floating L3Out configuration.

Procedure

Step 1

To verify floating L3Out on leaf nodes (anchor leaf):

In this example, the anchor leaf has the primary IP, secondary IP, and floating primary IP.

Example:

Switch# show ip interface brief vrf floating:vrf1
IP Interface Status for VRF "floating:vrf1"(9)
Interface	Address			Interface Status
vlan14 	  192.168.1.254/24 	   protocol-up/link-up/admin-up
vlan17 	  192.168.2.254/24 	   protocol-up/link-up/admin-up
vlan49 	  172.16.1.251/24	     protocol-up/link-up/admin-up
lo2             11.11.11.11/32 	     protocol-up/link-up/admin-up

Switch# show ip interface vlan49
IP Interface Status for VRF "floating:vrf1"
vlan49, Interface status: protocol-up/link-up/admin-up, iod: 110, mode: external
	IP address: 172.16.1.251, IP subnet: 172.16.1.0/24 
	IP address: 172.16.1.250, IP subnet: 172.16.1.0/24 secondary anchor-floating-ip
	IP address: 172.16.1.254, IP subnet: 172.16.1.0/24 secondary
	IP broadcast address: 255.255.255.255
	IP primary address route-preference: 0, tag:

Switch# # show vlan id 49 extended

VLAN Name 			     Encap		    Ports
----------------------------------------------------------------------------
49	floating:vrf1:l3out-	vxlan-14876650,	Eth1/5, Eth1/6, Po1, Po2
        L3Out:vlan-208 	     vlan-208

Step 2

To verify floating L3Out on non-anchor leaf nodes:

When using a VMM domain, if there is no external VM connected, the non-anchor leaf does not have floating IP. When using a physical domain, the floating IP and VLAN are provisioned based on AEP. If the leaf has an AEP that contains the L3Out domain for floating L3Out, the floating IP is provisioned.

Example:

Switch# show ip interface brief vrf floating:vrf1
IP Interface Status for VRF "floating:vrf1"(6)
Interface	Address		Interface Status