Layer 3 Prerequisites
Before you begin to perform the tasks in this guide, complete the following:
-
Ensure that the ACI fabric and the APIC controllers are online, and the APIC cluster is formed and healthy—For more information, see Cisco APIC Getting Started Guide, Release 2.x.
-
Ensure that fabric administrator accounts for the administrators that will configure Layer 3 networks are available—For instructions, see the User Access, Authentication, and Accounting and Management chapters in Cisco APIC Basic Configuration Guide.
-
Ensure that the target leaf and spine switches (with the necessary interfaces) are available—For more information, see Cisco APIC Getting Started Guide, Release 2.x.
For information about installing and registering virtual switches, see Cisco ACI Virtualization Guide.
-
Configure the tenants, bridge domains, VRFs, and EPGs (with application profiles and contracts) that will consume the Layer 3 networks—For instructions, see the Basic User Tenant Configuration chapter in Cisco APIC Basic Configuration Guide.
-
Configure NTP, DNS Service, and DHCP Relay policies—For instructions, see the Provisioning Core ACI Fabric Services chapter in Cisco APIC Basic Configuration Guide, Release 2.x.
Caution |
If you install 1 Gigabit Ethernet (GE) or 10GE links between the leaf and spine switches in the fabric, there is risk of packets being dropped instead of forwarded, because of inadequate bandwidth. To avoid the risk, use 40GE or 100GE links between the leaf and spine switches. |
Bridge Domain Configurations
The Layer 3 Configurations tab of the bridge domain panel allows the administrator to configure the following parameters:
-
Unicast Routing: If this setting is enabled and a subnet address is configured, the fabric provides the default gateway function and routes the traffic. Enabling unicast routing also instructs the mapping database to learn the endpoint IP-to-VTEP mapping for this bridge domain. The IP learning is not dependent upon having a subnet configured under the bridge domain.
-
Subnet Address: This option configures the SVI IP addresses (default gateway) for the bridge domain.
-
Limit IP Learning to Subnet: This option is similar to a unicast reverse-forwarding-path check. If this option is selected, the fabric will not learn IP addresses from a subnet other than the one configured on the bridge domain.
Caution |
Enabling Limit IP Learning to Subnet is disruptive to the traffic in the bridge domain. |