Create
External L3Out

This section will cover how ACI and in particular your tenant aci_p01_tenant will be connecting outside the fabric via OSPF. For this lab each student will have their own L3 out, but in some instances customers may have what it is called an "L3 shared", where every tenant in the fabric will be leveraging the same L3 (connection) to go outside the fabric. What that means is, ACI can provide the flexibility to minimize the number connections in a multi-tenant environment.

It is important to follow these steps in order to have a successful connection to the rest of the network.

Step 1 - Navigate to L3Outs in the Tenants Tab under Networking

Navigate to Networking to create the External Routed Networks by clicking:

  1. Ensure Tenant aci_p01_tenant is expanded
  2. Expand Networking
  3. Right-click on L3Outs
  4. Click Create Create L3Out

Step 2 - Create L3Out for your Lab POD

In this step, we will be configuring the Routing Protocol that we will be using to peer to our external router. In this lab we will be leveraging OSPF as the Routing Protocol. Here are the steps to follow:

  1. Name the L3 Out: aci_p01_L3out
  2. Set the VRF: aci_p01_vrf
  3. Set the External Routed Domain: aci_p01_extrtdom
  4. Click the checkbox for OSPF
  5. Click on Regular area
  6. Then click Next

NOTE: By default ACI uses OSPF Area 1. We will be using Area 1 to connect to the outside

Step 3 - Create L3Out - Nodes and Interfaces

Select the Physical Node

  1. Select the Node ID: L3 (Node-203)
  2. Set the Router ID: 10.0.0.1
  3. Interface: eth1/1
  4. MTU (bytes): 1500
  5. IP address: 10.0.1.0/31
  6. Then click Next

Step 4 - Create L3Out - Protocol Associations

  1. Policy: broadcast
  2. Then click Next

Step 5 - Create L3Out - External EPG

The external network instance profile represents a group of external subnets (an EPG) that have the same security behavior. This EPG inherits contract profiles applied to the parent instance profile. Each subnet can also associate to route control profiles, which defines the routing behavior for external network

  1. Name the External Network EPG: aci_p01_l3outepg
  2. Then click Finish

Verify all this work and then proceed to the next section to examine the concepts of contracts.

Verify your work

Step 6 - Enable OSPF on the N9K-Ext-Rtr interface 1/1

Click on the console ICON on the left to start the connection to the N9K-L3Out-1-16 we are using as the external L3 connection. Username: acipod01 Password: cisco.123

Using the information in the Credentials dropdown menu connect to N9K-L3Out-1-16 and login.


show run interface ethernet 1/1

N9K-L3Out-1-16# sho run interface ethernet 1/1
interface Ethernet1/1
  description L3-Out-1
  ip address 10.0.1.1/31
  ip router ospf 11 area 0.0.0.1
  no shutdown

Step 7 - OSPF Verification

Verify OSPF is working properly by checking the OSPF neighbor relationship with ACI.

 Wait
It may take around 30-40 seconds for the neighbor relationship to become FULL. You may need to execute the command multiple times.


show ip ospf neighbors | grep 10.0.1.0
N9K-L3Out-1-16# show ip ospf neighbors | grep 10.0.1.0
10.0.0.1           1 FULL/BDR        01:07:02 10.0.1.0        Eth1/1