Introduction
This document describes the configuration of Route Control in Application Centric Infrastructure (ACI).
Prerequisites
Requirements
Components Used
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Configuration
All supported routing protocols base the route map for route control configuration on the same premises:
- Configure a Route Map
- Establish set and match criteria
- Apply Route Map accordingly
Navigate to Tenant > TENANT_NAME > Networking > L3out > L3OUT_NAME > Route Map for Import and Export Route Control.
Right-click on the folder or use the tools button to Create Route Map for Import and Export Route Control.
By default, an import and export route control exists already. If you would like to edit these, just select them from the drop-down menu in the Name field.
These default route controls are mainly applied for route re-distribution and VRF leaking. For the special case of the import route control, L3out must be marked as Import on Route Control Enforcement option.
To create a new one, manually input the desired name in the Name field.
-
Match Prefix AND Routing Policy —This option matches a configured prefix list and a route policy defined.
-
Match Routing Policy Only — This option matches the global destination route and only defines a policy to be applied.
Click the Plus ( + ) button to create a new context that creates the actual route map policy.
- Match Rule — Matches the set of attributes (prefix list, communities for BGP, or regular expressions) to where the rules are to be applied.
- Set Rule — Applies a set of instructions to the attributes specified on the Match Rule:
From this step, the rules to be applied need to match the protocol routing decision.
OSPF
By default, ACI advertises the OSPF route with an external type 2 and a metric of 20.
You can change these attributes as follows:
The metric value is summed up to the cost of the interface in the peer router:
Router# show ip route ospf-1 vrf vrf_test
IP Route Table for VRF "vrf_test"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
10.10.10.0/24, ubest/mbest: 2/0
*via 10.46.0.1, Vlan481, [110/45], 00:06:04, ospf-1, type-1, tag 4294967295
*via 10.46.0.2, Vlan481, [110/45], 00:06:05, ospf-1, type-1, tag 4294967295
Router#
EIGRP
With this method, for EIGRP the only parameter configurable to alter route selection is the Metric, same that is added to the Diiffusal Update Algorithm (DUAL)
Leaf# show ip eigrp topology vrf Test:Test_VRF
EIGRP Topology Table for AS(1818)/ID(192.168.10.1) VRF Test:Test_VRF
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 10.10.10.0/24, 1 Successors, FD is 51200, tag is 4294967295
via Rconnected(51200/0)
Leaf# ! After applying route-map
Leaf#
Leaf# show ip eigrp topology vrf Test:Test_VRF
EIGRP Topology Table for AS(1818)/ID(192.168.10.1) VRF Test:Test_VRF
Codes: P - Passive, A - Active, U - Update, Q - Query, R - Reply,
r - reply Status, s - sia Status
P 10.10.10.0/24, 1 Successors, FD is 51200, tag is 4294967295
via Rconnected(5145600/0)
Leaf#
BGP
Must of the BGP attributes can be configured according to requirement needs:
Set Community |
Appends or Replaces Community ID |
Set Dampening |
Configures time criteria for route suppression in the event of an eBGP route flap. |
Set Weight |
Enables weight configuration. |
Set Preference |
Enables Local Preference configuration. |
Next Hop Propagation |
Propagates the Next Hop address to infra MP-BGP VPN peers. |
ACI validation
To validate in the ACI command line interface (CLI), each protocol is assigned to a default name that includes the VRF VNID:
Leaf# show vrf Test:Test_VRF detail extended
VRF-Name: Test:Test_VRF, VRF-ID: 23, State: Up
VPNID: unknown
RD: 103:2686981
Max Routes: 0 Mid-Threshold: 0
Encap: vxlan-2686981
Table-ID: 0x80000017, AF: IPv6, Fwd-ID: 0x80000017, State: Up
Table-ID: 0x00000017, AF: IPv4, Fwd-ID: 0x00000017, State: Up
Leaf#
To validate route maps applied to each protocol, run:
Leaf# show ip ospf vrf Test:Test_VRF | egrep route-map
Table-map using route-map exp-ctx-2686981-deny-external-tag
bgp route-map exp-ctx-proto-2686981
eigrp route-map exp-ctx-proto-2686981
static route-map exp-ctx-st-2686981
direct route-map exp-ctx-st-2686981
coop route-map exp-ctx-st-2686981
Leaf#
Leaf# show ip eigrp vrf Test:Test_VRF | egrep route-map
static route-map exp-ctx-st-2686981
ospf-default route-map exp-ctx-proto-2686981
direct route-map exp-ctx-st-2686981
coop route-map exp-ctx-st-2686981
bgp-64512 route-map exp-ctx-proto-2686981
Tablemap: route-map exp-ctx-2686981-deny-external-tag , filter-configured
Leaf#
Leaf# show bgp process vrf Test:Test_VRF | egrep route-map
static, route-map imp-ctx-bgp-st-interleak-2686981
ospf, route-map permit-all
direct, route-map imp-ctx-bgp-direct-interleak-2686981
coop, route-map exp-ctx-coop-bgp-2686981
direct, route-map permit-all
Leaf#
With the correct route-map identified, its content can be displayed:
Leaf# show route-map exp-ctx-st-2686981
route-map exp-ctx-st-2686981, deny, sequence 1
Match clauses:
tag: 4294967294
Set clauses:
route-map exp-ctx-st-2686981, permit, sequence 8201
Match clauses:
ip address prefix-lists: IPv4-st63-2686981-exc-ext-out-Test2RM-Context0RM-MatchRule-dst
ipv6 address prefix-lists: IPv6-deny-all
Set clauses:
tag 4294967295
metric 5
metric-type type-1
route-map exp-ctx-st-2686981, permit, sequence 15801
Match clauses:
tag: 4294967292
Set clauses:
tag 0
route-map exp-ctx-st-2686981, permit, sequence 15802
Match clauses:
tag: 4294967291
Set clauses:
tag 4294967295
route-map exp-ctx-st-2686981, permit, sequence 15804
Match clauses:
ip address prefix-lists: IPv4-st63-2686981-exc-int-inferred-export-dst
ipv6 address prefix-lists: IPv6-deny-all
Set clauses:
tag 0
Leaf#
Several entries for route maps are created by default, including the default deny for all routes that match tag 4294967294. The tag value is set by ACI border leaf switches to avoid route loops. This is the only value on a route-map that cannot be modified unless is changed at the VRF level.
The prefix list created by the Match Rule policy can be displayed:
Leaf# show ip prefix-list IPv4-st63-2686981-exc-ext-out-Test2RM-Context0RM-MatchRule-dst
ip prefix-list IPv4-st63-2686981-exc-ext-out-Test2RM-Context0RM-MatchRule-dst: 2 entries
seq 1 permit 10.10.0.0/16 le 32
seq 2 permit 0.0.0.0/0
Leaf#
Multisite MP-BGP
Multisite fabrics allow the configuration of stretched L3outs and are site-specific. Endpoints in a fabric prefer the external routes advertised by local L3outs rather than the remote L3out unless a more specific route exists in the remote fabric. To influence the routing decision, since the routes are injected into MP-BGP vpnv4 address family in the overlay-1 VRF; a special route map called interleak is needed.
The configuration of the route map is virtually the same as a regular route map. AS-Prepand is the recommended value to influence route decisions in the eBGP neighbors:
- Under the route map Set Rule policy create a Set AS Path policy:
- Select either AS-Prepend or AS-Prepend last is needed.
Implementation
Once the Route Map for import and Export Route Control has been configured. The implementation depends on the needs:
- For an implementation that affects all routes received and advertised in an L3out:
Navigate to Tenant > TENANT_NAME > Networking > L3out > L3OUT_NAME > Route Control Profile
- For an implementation that affects specific route classification:
Navigate to Tenant > TENANT_NAME > Networking > L3out > L3OUT_NAME > Subnets.
Enable Export Route Control Subnet.
Configure the Route Control Profile.
- For interlake implementation:
Navigate to Tenant > TENANT_NAME > Networking > L3out > L3OUT_NAME.
Configure Route Profile forInterleak .
Configure Route Profile for redistribution using Static source mode: