Presentation is loading. Please wait.

Presentation is loading. Please wait.

Shared Layer 3 Outside. Agenda – Shared Layer3 Outside Overview & Description Configuration Troubleshooting Other Related Documents.

Published byDouglas Neal Modified over 8 years ago

Similar presentations

Presentation on theme: "Shared Layer 3 Outside. Agenda – Shared Layer3 Outside Overview & Description Configuration Troubleshooting Other Related Documents."— Presentation transcript:

1 Shared Layer 3 Outside

2 Agenda – Shared Layer3 Outside Overview & Description Configuration Troubleshooting Other Related Documents

3 Overview and Description

4 Overview This presentation is focusing on explaining the user configuration needed for enabling shared service with Layer3 Outside (L3Out). It does not focus on switching constructs and packet processing details. Shared service with Layer3 Outside (L3Out) enables EPGs to do cross VRF communications with L3Out. The EPG and L3Out can be configured under any tenant and shared service can be enabled using normal contract configuration.

5 Software and Hardware Requirements No new hardware requirement. Feature will be supported in release 1.2.

6 Configuration

7 User Configuration The EPG and L3Out can be defined in any tenant and shared service can be enabled using normal contract configuration. The contract configuration will program the following: Access control rules Export public BD or EPG subnets to the L3Out Leak shared BD and EPG subnets to the L3Out’s VRF Leak shared external subnets to the EPG’s VRF

8 Configuration Info On top of contracts, “scope” property of the external subnets (represented by model class l3ext::Subnet) defined under the Layer3 Instance Profile (represented by model class l3ext::InstP), would have to get marked properly: For leaking the route in the other VRF −API: Add "shared-rtctrl" bit in the “scope” property of the subnet. −GUI: Add “Shared Route Control Subnet” bit in the “scope” property of the subnet. To leak aggregated route: −API: Add “shared-rtctrl” bit in the “aggregate” property of the subnet, otherwise only exact subnet will be leaked. −GUI: Add “Aggregate Shared Routes” bit in the “aggregate” property of the subnet. For enabling security on the route in the other VRF: −API: Add "shared-security" bit in the “scope” property of the subnet. −GUI: Add “Shared Security Import Subnet” bit in the “scope” property of the subnet. −The bits which are already present in the “scope” property will function as they used to function in previous releases.

9 Example: Scope set to “shared-rtctrl”: Route will get leaked into the other private network, but no ACLs will be installed for the route in the other network. Such a use-case is possible when the route getting leaked (or shared) is a bigger subnet and security is applied on a separate smaller subnet. For instance: −Route: 10.0.0.0/16, Scope: shared-rtctrl, aggregate=“shared-rtctrl” −Route: 10.0.1.0/24, Scope: shared-security −Route: 10.0.2.0/24, Scope: shared-security In this example, aggregated 10.0.0.0/16 will be included in the route map of leaked subnets and it covers 10.0.1.0/24 and 10.0.2.0/24 as well, but no ACLs will be installed for it. For 10.0.1.0/24 and 10.0.2.0/24 user can specify contracts and ACLs will be installed in the other private network for these subnets. Scope set to “shared-rtctrl, shared-security”: Route will get leaked and ACLs will also get installed for this route in the other network.

10 User Configuration Example Tenant-A EPG-B InstP-1 BD-A CTX-A Subnet-A shared,public Subnet-A shared,public Consumer Inter-Context Contract Provider Ctx-B L3Out A AP External Subnet-A shsred-security,shared- rtctrl,import-security External Subnet-A shsred-security,shared- rtctrl,import-security External Subnet-B shared-rtctrl External Subnet-B shared-rtctrl

11 Troubleshooting

12 Troubleshooting Steps Check user configuration and make sure its correct. Check faults raised on the L3Out and on the Application EPG or BD or Ctx. Troubleshooting Border leaf (i.e the leaf with L3Out): −Check that static routes for the “shared” BD or EPG subnets are installed in the L3Out’s VRF. Represented by model class ip::Route −Check that the “public” BD or EPG subnets are included in the “export” route map. Represented by model class rtpfx::Entry and rtmap::Rule −Troubleshooting Non-Border leaf (i.e the leaf with Application EPG): −Check that actrl prefix entry is installed for the external subnets whose scope property is marked with “shared-security”. Represented by model class “actrl::PfxEntry” −Check that the external subnets whose scoper property is marked with “shared-rtctrl” are configured to leaked into the EPGs VRF i.e. are present in the shared route map. −Check that actrl rules are installed in the EPGs VRF for the filters defined in the contract. Represented by model class “actrl::Rule”

13 Other Related Documents Shared_L3_Outside: EDCS- 1511627 & EDCS-1498950

Download ppt "Shared Layer 3 Outside. Agenda – Shared Layer3 Outside Overview & Description Configuration Troubleshooting Other Related Documents."

Similar presentations

Chapter 9: Access Control Lists

Chapter 9: Access Control Lists
Network Design and Implementation

Network Design and Implementation
Ch. 9 – Basic Router Troubleshooting CCNA 2 version 3.0.

Ch. 9 – Basic Router Troubleshooting CCNA 2 version 3.0.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Access Control Lists Accessing the WAN – Chapter 5.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 W. Schulte Chapter 5: Inter-VLAN Routing Routing And Switching.
© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.

© 2006 Cisco Systems, Inc. All rights reserved. ICND v2.3—4-1 Managing IP Traffic with ACLs Scaling the Network with NAT and PAT.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 5: Planning, Configuring, And Troubleshooting DHCP.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 5: Planning, Configuring, And Troubleshooting DHCP.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.

Chapter 8: Configuring Network Connectivity. Installing Network Adapters Network adapter cards connect a computer to a network. Installation –Plug and.
By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.

By Rashid Khan Lesson 8-Crowd Control: Controlling Access to Resources Using Groups.
Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.

Architectural Design Establishing the overall structure of a software system Objectives To introduce architectural design and to discuss its importance.
1 Semester 2 Module 6 Routing and Routing Protocols YuDa college of business James Chen

1 Semester 2 Module 6 Routing and Routing Protocols YuDa college of business James Chen
Subnets Routing within an Organization. Subnet  Subnets are a subset of the entire network Networks can be divided into subnets Subnets can be divided.

Subnets Routing within an Organization. Subnet  Subnets are a subset of the entire network Networks can be divided into subnets Subnets can be divided.
Ch. 5 – Access Points. Overview Access Point Connection.

Ch. 5 – Access Points. Overview Access Point Connection.
And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.

And how they are used. Hubs send data to all of the devices that are plugged into them. They have no ability to send packets to the correct ports. Cost~$35.
Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.

Terminal Services in Windows Server ® 2008 Infrastructure Planning and Design.
1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.

1 ISA Server 2004 Installation & Configuration Overview By Nicholas Quinn.
© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.

© 2007 Cisco Systems, Inc. All rights reserved.ICND2 v1.0—7-1 Address Space Management Scaling the Network with NAT and PAT.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 4: Addressing in an Enterprise Network Introducing Routing and Switching in the.

Similar presentations

Ads by Google