About Route Control Per BGP Peer
Route control policies determine what routes are advertised out to the external network (export) or allowed into the fabric (import). For Cisco APIC releases before Release 4.2(1), you configure these policies at the L3Out level, under the L3Out profile (l3extInstP) or through the L3Out subnet under the L3Out (l3extSubnet), so those policies apply to protocols configured for all nodes or paths included in the L3Out. With this configuration, there could be multiple node profiles configured in the L3Out, and each could have multiple nodes or paths with the BGP neighbor specified. Because of this, there is no way to apply individual policies to each protocol entity.
Beginning with Cisco APIC Release 4.2(1), the route control per BGP peer feature is introduced to begin to address this situation, where more granularity in route export and import control is needed.
Guidelines and Restrictions for Route Control Per BGP Peer
Following are the guidelines and restrictions for the route control per BGP peer feature:
-
You must configure route profiles used per BGP peer under a tenant.
-
The methods to configure route map match, set rule or route profile, and the behavior of each of those components, do not change from previous releases.
-
The route profile for this feature can only be set to Match Routing Policy Only (global policy), where the route profile is the only source of information to generate the per BGP peer route map. You cannot set the route profile for this feature to Match Prefix and Routing Policy.
In addition, you must explicitly specify the BD subnets in the prefix list if you want them to be exported.
-
You can only associate one route-control profile with a BGP peer for a particular direction.
-
Default policy is not supported for these route-maps (only a named route profile can be applied to a BGP peer).
-
If you specify a route-control profile for a BGP peer, then a route-map will be generated solely based on that information. Any route-control profile configured in the L3Out profile (l3extInstP) or through the L3Out subnet under the L3Out (l3extSubnet) will not contribute to this route-map. Similarly, if there is no per BGP peer route-control profile configuration, then the route-control profiles under the L3Out will take effect.
-
If you specify a private BD subnet in the match prefix list, then it will be included. You do not have to go through additional configurations to exclude private BD subnets.
-
If you configure 0.0.0.0/0 in the match prefix list, then it will match all prefixes, including BD subnets.
-
The route map name will be set to tenant-name_route-profile-name-direction. For example, a route map with these settings:
-
Tenant name: t1
-
Route profile name: rp1
-
Direction: import
will have this as the route map name: t1_rp1_import
-
-
Configuring the route control per BGP peer feature should not affect the behavior of the shared service route-map.
-
Keep the following considerations in mind when upgrading or downgrading the APIC software:
-
Upgrading the APIC software: If you configured route profiles in the L3Out before upgrading the APIC software, then the route profiles in the L3Out will continue to behave normally until you configure a per BGP peer route profile, at which point the normal guideline and restrictions listed above would apply.
-
Downgrading the APIC software: If you configure a per BGP peer route profile and you want to downgrade the APIC software afterwards, you must remove the policy before proceeding with the downgrade.
-
Configuring Route Control Per BGP Peer Using the GUI
The following procedure describes how to configure the route control per BGP peer feature using the GUI.
Before you begin
-
Configure the node, port, functional profile, AEP, and Layer 3 domain.
-
Configure a BGP Route Reflector policy to propagate the routes within the fabric.
Procedure
Step 1 |
Create the tenant and VRF: |
Step 2 |
Create a bridge domain: |
Step 3 |
Create an application EPG:
|
Step 4 |
Create a tenant level route-map that will be used as the BGP Per Peer Route-Map: |
Step 5 |
Create the L3Out and configure the BGP for the L3Out: |
Step 6 |
After you have completed the L3Out configuration, configure the route control per BGP peer feature: |