New and Changed Information
The following table provides an overview of the significant changes to the organization and features in this guide up to this current release. The table does not provide an exhaustive list of all changes made to the guide or of the new features up to this release.
Feature or Change |
Description |
Where Documented |
---|---|---|
VRF-scoped node level support for modifying the BGP best path policy. |
The 3.2(7) release adds VRF-scoped node level support for modifying the Border Gateway Protocol (BGP) best path policy. |
See chapter Routing Protocol Support |
Feature or Change |
Description |
Where Documented |
---|---|---|
Validations on incoming configurations to an APIC cluster |
Support for validations on incoming configurations to an APIC cluster is added. |
See chapter Cisco ACI Forwarding |
Feature or Change |
Description |
Where Documented |
---|---|---|
Orphan port support |
Support is now available for orphan port-channel or physical ports on remote leaf switches, with a vPC domain. |
See chapter Remote Leaf Switches |
QoS for L3Outs chapter |
QoS for L3Outs is moved to a separate chapter. |
See chapter QoS for L3Outs |
Layer 3 Routed and Sub-interface Port Channels |
Support for Layer 3 port channels is added. |
See section Layer 3 Routed and Sub-Interface Port Channels |
Remote Leaf switch enhancements |
New features and options are supported. |
See chapter Remote Leaf Switches |
Transit Routing Enhancement |
Information is added to configure Transit Routing using the APIC GUI, NX-OS style CLI, or REST API. |
See chapter Transit Routing |
Feature or Change |
Description |
Where Documented |
---|---|---|
Neighbor Discovery Duplicate Address Detection (DAD) |
Support for disabling Discovery Duplicate Address Detection (DAD) is added. |
See chapter IPv6 Neighbor Discovery |
Feature or Change |
Description |
Where Documented |
||
---|---|---|---|---|
QoS for L3Outs |
In this release, QoS policy enforcement on L3Out ingress traffic is enhanced. |
See QoS for L3Outs |
||
Removed incorrect information: Maximum MTU Increased |
|
See chapter Routed Connectivity to External Networks |
||
Neighbor Discovery Router Advertisement on Layer 3 Out |
RS/RA packets are used for auto configuration and are configurable on Layer 3 interfaces including routed interface, Layer 3 sub interface, and SVI. |
See chapter IPv6 Neighbor Discovery |
||
BGP External Routed Network with Autonomous System Override |
The AS override function replaces the AS number from the originating router with the AS number of the sending BGP router in the AS Path of the outbound routes |
See chapter Routing Protocol Support |
Feature or Change |
Description |
Where Documented |
---|---|---|
Layer 3 Multicast support with FEX |
Multicast sources or receivers connected to FEX ports are supported. |
See chapter Tenant Routed Multicast |
Switch Virtual Interface (SVI) Auto State |
Allows for the SVI auto state behavior to be enabled. This allows the SVI state to be in the down state when all the ports in the VLAN go down. This feature is available in the APIC Release 2.2(3x) release and going forward with APIC Release 3.1(1). It is not supported in APIC Release 3.0(x). |
See chapter Switch Virtual Interface |
Remote Leaf Switches |
With an ACI fabric deployed, you can extend ACI services and APIC management to remote data centers with Cisco ACI leaf switches that have no local spine switch or APIC attached. |
See chapter Remote Leaf Switches |
New Hardware Support for Multipod and GOLF |
Multipod and GOLF are supported by all Cisco Nexus 9300 platform ACI-mode switches and all of the Cisco Nexus 9500 platform ACI-mode switch line cards and fabric modules. With Cisco APIC, release 3.1(x) and higher, this includes the N9K-C9364C switch. |
See chapters Cisco ACI GOLF and Multipod |
Using Shared GOLF Connections Between Multi-Site Sites |
Guidelines were added to avoid inter-VRF traffic issues for APIC Sites in a Multi-Site topology, if stretched VRFs share GOLF connections. |
See chapter Cisco ACI GOLF |
BFD support for spine switch |
Support for Bidirectional Forwarding Detection (BFD) on spine switch is added. |
See chapter Routing Protocol Support |
New examples for L3Out configuration |
New GUI, NX-OS style CLI, and REST API examples provide clarity and consistency. |
See chapter Routed Connectivity to External Networks |
Configuring Transit Routing |
Content from the knowledge base article Cisco APIC and Transit Routing was incorporated in this guide, including new configuration examples for APIC GUI, NX-OS style CLI, and REST API |
See chapter Transit Routing |
Chapters reorganized |
The chapters of this guide were reorganized into a more logical order and the following chapter names were changed:
|
-- |
Feature or Change |
Description |
Where Documented |
---|---|---|
Static Route on BD |
Support is added to configure a static route in a pervasive bridge domain (BD) to enable routes to virtual services behind firewalls. This feature enables endpoint (EP) reachability to subnets and hosts which are not directly connected to the pervasive BD, using regular EPGs. |
See chapter Static Route on a Bridge Domain |
NOTE: The APIC Release 2.2(3x) feature is only available in this specific release. It is not supported in APIC Release 3.0(x) or 3.1(x).
Feature or Change |
Description |
Where Documented |
||
---|---|---|---|---|
Switch Virtual Interface (SVI) Auto State |
Allows for the SVI auto state behavior to be enabled. This allows the SVI state to be in the down state when all the ports in the VLAN go down.
|
See chapter Switch Virtual Interface |
Feature or Change |
Description |
Where Documented |
---|---|---|
AS Path Prepend |
Allows for the change to the length of the autonomous system path in a BGP route to invoke best-path selection by a remote peer |
See chapter Routing Protocol Support |
BGP Max Path |
Enables you to configure the maximum number of paths that BGP adds to the route table to invoke equal-cost multipath load balancing |
See chapter Routing Protocol Support |
Feature or Change |
Description |
Where Documented |
---|---|---|
Encapsulation scope for SVI across Layer 3 Outside Networks |
With this release you can configure the encapsulation scope for SVI across Layer 3 networks. |
See chapter Switch Virtual Interface |
Support for Deny prefix |
Denying context rules for specific routes is now supported. |
See chapter Route Control |
Feature or Change |
Description |
Where Documented |
---|---|---|
Per VRF per node BGP timer values |
With this release, you can define and associate BGP timers on a per VRF per node basis. |
See chapter Routing Protocol Support |
Layer 3 Out to Layer 3 Out Inter-VRF Leaking | With this release, shared Layer 3 Outs in different VRFs can communicate with each other using a contract. |
See chapter Shared Services |
Multiple BGP communities assigned per route prefix | With this release, multiple BGP communities can now be assigned per route prefix using the BGP protocol. |
See chapter Routed Connectivity to External Networks and Route Control |
Support for EIGRP to BGP transit routing is available |
Added support in the Supported Transit Combination Matrix. |
See chapter Transit Routing |
Communication between shared L3Outs in different VRFs |
Added support statement in Scope and Aggregate Controls for Subnets. |
See chapter Transit Routing |
Feature or Change |
Description |
Where Documented |
---|---|---|
Document Reorganization |
The topics in this guide were collected from Cisco APIC Basic Configuration Guide, Release 2.x, Cisco ACI and Layer 3 Multicast with Cisco ACI, and the following Knowledge Base articles:
|
Cisco APIC Layer 3 Configuration Guide (this guide) |
Name Change |
Changed name of "Layer 3 EVPN Services for Fabric WAN" to "Cisco ACI GOLF". |
See chapters Cisco ACI GOLF and Multipod |
Feature or Change |
Description |
Where Documented |
---|---|---|
HSRP |
With this release, you can enable HSRP, a first-hop redundancy protocol (FHRP) that allows a transparent failover of the first-hop IP router. HSRP provides first-hop routing redundancy for IP hosts on Ethernet networks configured with a default router IP address. You use HSRP in a group of routers for selecting an active router and a standby router. In a group of routers, the active router is the router that routes packets, and the standby router is the router that takes over when the active router fails or when preset conditions are met. |
See chapter HSRP |
Feature or Change |
Description |
Where Documented |
---|---|---|
Distribute EVPN Type-2 Host Routes |
Support is added for optimal traffic forwarding in an EVPN topology enables fabric spines to advertise host routes using EVPN type-2 (MAC-IP) routes to the DCIG along with public BD subnets in the form of BGP EVPN type-5 (IP Prefix) routes. |
See chapter Cisco ACI GOLF |
Route Maps Using Explicit Prefix Lists |
Explicit prefix lists for public bridge domain (BD) subnets and external transit networks enable inbound and outbound route controls. Inbound and outbound route control for Layer 3 Out is managed by the route map/profile (rtctrlProfile). The route map/profile policy supports a fully controllable prefix list for Layer 3 Out in the Cisco ACI fabric. |
See chapter Route Control |
IP Aging Policy |
In this release, you can enable a new aging policy for IPs in an endpoint. The IP aging policy tracks and ages unused IPs on an endpoint. Tracking is performed using the endpoint retention policy configured for the BD to send ARP requests (for IPv4) and neighbor solicitations (for IPv6) at 75% of the local endpoint aging interval. When no response is received from an IP, that IP is aged out. |
See chapter IP Aging |
IGMP Snoop access group support and IGMP Snoop static group support |
Support is added for IGMP snooping, the process of listening to Internet Group Management Protocol (IGMP) network traffic. The feature allows a network switch to listen in on the IGMP conversation between hosts and routers and filter multicast links that do not need them, thus controlling which ports receive specific multicast traffic. |
See chapter IGMP Snooping |
IP Multicast support for Multipod |
Support is added for IP Multicast in a Multipod topology |
See chapter Tenant Routed Multicast |
Feature or Change |
Description |
Where Documented |
---|---|---|
Import control policy support for OSPF inbound filtering |
Support is added for import and export controls using OSPF as well as BGP. |
See chapters Routed Connectivity to External Networks and Route Control |
GOLF (Layer 3 EVPN Services Over Fabric WAN) |
GOLF is introduced. |
See chapter Cisco ACI GOLF |
GOLF is Supported with Transit Routing |
GOLF L3Outs and Border Leaf BGP/OSPF L3Outs are supported |
See chapter Transit Routing |
Enhancements for the EIGRP interface policy |
Support is added for EIGRP properties such as bandwidth and delay. |
See chapter Routing Protocol Support |
Layer 3 Multicast |
Layer 3 Multicast is introduced. |
See chapter Tenant Routed Multicast |
Support for Aggregate Controls for Subnets for Transit Routing |
Added a new section for Scope and Aggregate Controls for Subnets. |
See chapter Transit Routing |
Support Ethertype, protocol, L4 port, and TCP flag filters |
Support for Ethertype, protocol, L4 port, and TCP flag filters is available, and can be used in transit routing controls. |
See chapter Transit Routing |
Feature or Change |
Description |
Where Documented |
---|---|---|
Route Summarization |
Removed object model CLI procedure. Added route summarization procedures for the GUI and NX-OS CLI interfaces. |
See chapter Routing Protocol Support |
- |
Removed object model CLI procedures and added NX-OS style CLI procedures. |
|
Feature or Change |
Description |
Where Documented |
---|---|---|
Set attributes for all routes received and redistributed from OSPF |
Support is added to set attributes for all routes received such as community, local prefix, MED. Set attributes for all routes redistributed such as tags, local prefix, community. |
See chapter Routing Protocol Support |
Route Summarization for OSPF, BGP, and EIGRP |
Route summarization enables route tables by replacing many specific addresses with an single address. For example, 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 is replaced with 10.1.0.0/16. Route summarization policies enable routes to be shared efficiently among border leaf switches and their neighbor leaf switches. BGP, OSPF, or EIGRP route summarization policies are applied to a bridge domain or transit subnet. For OSPF, inter-area and external route summarization are supported. |
See chapter Routing Protocol Support |
Common Pervasive Gateway |
Two ACI fabrics can be configured with an IPv4 common gateway on a per bridge-domain basis. Doing so enables moving one or more virtual machine (VM) or conventional hosts across the fabrics while the host retains its IP address. VM-host moves across fabrics can be done automatically by the VM hypervisor. The ACI fabrics can be co-located, or provisioned across multiple sites. The Layer 2 connection between the ACI fabrics can be a local link, or can be across a bridged network. |
See chapter Common Pervasive Gateway |
Set BGP attributes for routes based on incoming communities |
Set BGP attributes is enabled for routes based on incoming communities such as community, local preference, MED. |
See chapter Routing Protocol Support |
Bidirectional Forwarding Detection (BFD): Global configuration for GUI, NX-OS CLI, and REST API Interface configuration for GUI, NX-OS CLI, and REST API Consumer protocol configuration for GUI, NX-OS CLI, and REST API |
Support for BFD is introduced, providing sub-second failure detection times in the forwarding path between ACI fabric border leaf switches configured to support peering router connections. |
See chapter Routing Protocol Support |
Maximum prefix limit |
Support is added for BGP maximum prefix limit. |
See chapter Routing Protocol Support |
BGP enhancements to set attributes for action rule profiles and peer connectivity profiles |
Support is added for the BGP attributes Dynamic Neighbors, Route Dampening, weight attribute and remove-private-as. |
See chapter Routing Protocol Support |
IPv6 support and interface policy enhancements |
IPv6 is supported with EIGRP. Interface policies are enhanced. In addition to existing interface policy parameters, bandwidth and delay can be controlled on the interface through the eigrpIfPol attribute. Added the NX-OS-style CLI procedure. |
See chapter Routing Protocol Support |
Interleak of external routes |
Support is added for setting attributes (such as community, preference, or metric) to enable interleak of routes from OSPF to BGP. |
See chapter Interleak Redistribution for MP-BGP |
Transit Routing Support |
Support is added for transit routing through the fabric. |
See chapter Transit Routing |
Feature or Change |
Description |
Where Documented |
---|---|---|
IPv6 support, Direct BGP support, and eBGP support |
Introduced IPv6 support, direct BGP support, and eBGP support. |
See chapter Routing Protocol Support |
Tenant Layer 3 outside networks |
Documentation is added for tenant Layer 3 outside networks. |
See chapter Routed Connectivity to External Networks |