Route Summarization in Cisco ACI

This post consists of some notes from Cisco ACI L3OUT White paper for route summarization.

BGP Route Summarization

This feature is supported from version 1.2(2), according to L3OUT White paper, this feature used to advertise only a summarized prefix for BD subnets or Transit Routes from the ACI BGP L3Out to outside.


BGP Route summarization configuration in ACI:

Under the L3Out External EPG, When adding a subnet to advertise via L3OUT to outside:

  • Enter the summarized subnet (in our example: 10.1.0.0/16) you want to advertise.
  • First check “Export Route Control Subnet” scope, because this an advertisement via L3OUT,
    this a requirement in order to apply the “BGP route summarization Policy”


  • Create or select an existent BGP route summarization Policy:
    You can Enable or disable the AS-SET option which will reserve the original AS-PATH of the summarized subnets when advertising the summary subnet.

    The equivalent configuration on NX-OS is: aggregate-address <prefix> summary-only <AS-SET>

By adding a route-summarization policy to the L3Out subnet, the border leaf will to create a Null-0 entry for the summarized route (192.168.0.0/16), which will be advertised to its BGP peers. Please be aware that, just like a normal BGP router, the summarization will not occur if no contributing routes exist in the IPv4/IPv6 BGP table for the user VRF on the border leaf.

And because a picture is better of thousands words:



OSPF Route Summarization in ACI

This feature is supported from version 1.2(2), It’s used to advertise only a summarized prefix for BD subnets and/or Transit Routes from ACI OSPF L3Out to outside.

2 ways to achieve OSPF route summarization in ACI:

  • Inter-area Route Summary
  • Redistributed Route Summary


I- OSPF Inter-area Route Summary

This method is only used for OSPF inter-Area summarization on the same Border (same VRF).

Taking the fact that One border leaf has only one OSPF process, and each OSPF L3Out on the same border leaf in the same VRF represents different OSPF areas in the same process, when there are multiple OSPF L3Outs on the same border leaf, each L3Out manages a different OSPF area. Hence, Transit Routing between those L3Outs will not use redistribution but will use area-filter instead.


Configuration of OSPF Route summarization (Inter-Area on the same BLEAF):

This configuration is little bit special, cause we are using the export flag on the source L3OUT (source Area) instead of the destination L3OUT.

Under the L3Out source External EPG, When adding a subnet to advertise via L3OUT to outside:

  • Add the summarized subnet with scope “Export Route Control Subnet
  • Create OSPF Summary Policy, enter name and check “Inter-Area Enabled” option.
    You can set the metric for the summarization subnet, or by default it will assigned the max value of the contributed summarized subnets value.

Note: A summarization route (192.168.0.0/16) is configured pointing to null0 and advertised to outside via destination L3OUT, only if:

  • The previous configuration is performed (on the source L3OUT/Area).
  • The contributed routes (learned from source Area) exist in the VRF routing table.

The equivalent configuration on NX-OS is: area 0 range 192.168.0.0/16

II- OSPF Redistributed Route Summary

This method will summarize all routes within the configured subnet from Type-5 or Type-7 LSA, which are redistributed external routes.

Note – OSPF L3OUTs in different BLEAF

If multiple OSPF L3Outs are deployed on different border leaf switches instead of on the same border leaf, then one OSPF L3Out will get the transit routes from another OSPF L3Out via infra MP-BGP. Hence it still uses redistribution and relies on Redistributed Route Summarization instead of Inter-Area Route Summarization.


Configuration of OSPF redistributed Route summarization in ACI:

  • On the engress L3OUT, add the summarization subnet with scope “export Route Control Subnet”
  • Create an OSPF summarization Policy without Inter-Area option.

To perform a summarization, at least one contributing subnet needs to be in the OSPF LSDB for L3Out 3.

Therefore, If there is no LSA (LSA-5 or LSA-7, from BGP into OSPF redistribution) that can be summarized, summarization does not happen, and no Null-0 entry for 192.168.0.0/16 is created. This means that at least one contributing subnet needs to be redistributed into the engress OSPF L3Out (L3OUT 3 in our example).

The equivalent NX-OS command is: summary-address 192.168.0.0/16




Ref: cisco.com

Bilel-A

Enthusiastic Network Engineer specializing in Cisco ACI, passionate about solving challenges. A lifelong learner who loves gaining and sharing knowledge. Profile: https://www.linkedin.com/in/bilel-ameur-71116b2b5

Related articles

ACI L3 Multicast Troubleshoot – Part-3: Source and Receiver inside ACI – Topology 2

ACI L3 Multicast Troubleshoot – Part-3: Source and Receiver inside ACI – Topology 1

Troubleshoot ACI L3 Multicast – Part-2: Source in ACI and Receiver Outside

ACI L3 Multicast Troubleshoot – Part-1: Receiver in ACI and Source Outside

Quality of Service (QoS) in Cisco ACI – Overview and Configuration Examples

MACsec configuration in ACI Fabric

Cisco ACI Floating L3OUT [Explained & Configuration]

ACI Multiste PBR Configuration and Troubleshooting

ACI Route Redistribution

ACI Q in Q Dot1Q Tunnel Data Forwarding

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x