Cisco ACI Routing Loops Prevent Mechanisms

Note: This post conist of some notes from the Cisco Live session “BRKACI-2642”.

Routing Loop avoidance for OSPF/EIGRP (VRF TAG):


When Exporting a route to OSPF/EIGRP routing protocol, a tag is added to the route, by default VRF tag is 4294967295 for all VRF. We can check the tag assignement in the redistribution route maps:

LEAF_1# show ip ospf vrf common:PROD 
  Redistributing External Routes from
    static route-map exp-ctx-st-2359296
    direct route-map exp-ctx-st-2359296
    bgp route-map exp-ctx-proto-2359296
    eigrp route-map exp-ctx-proto-2359296
  • exp-ctx-proto route map:
    For routing protocols: EIGRP and BGP in case of OSPF L3out, or OSPF and BGP in case of EIGRP L3out
LEAF_1# show route-map exp-ctx-proto-2359296
route-map exp-ctx-proto-2359296, permit, sequence 15801
  Match clauses:
    ip address prefix-lists: IPv4-proto18-2359296-exc-ext-inferred-export-dst
    ipv6 address prefix-lists: IPv6-deny-all
  Set clauses:
    tag 4294967295
  • exp-ctx-st route-map:
    For Static direct routes (BD subnet and static routes)
LEAF_1# show route-map exp-ctx-st-2359296
route-map exp-ctx-st-2359296, permit, sequence 15801
  Match clauses:
    ip address prefix-lists: IPv4-st18-2359296-exc-ext-inferred-export-dst
    ipv6 address prefix-lists: IPv6-deny-all
  Set clauses:
    tag 4294967295


As result, when ACI learns a routes with this tag assigned from an External device, the table-map will prevent the route from being installed into the VRF RIB by using route-map that will match the tag and deny it:

LEAF_1# show ip ospf vrf common:PROD
 Table-map using route-map exp-ctx-2359296-deny-external-tag

Note: routing is only for OSPF and EIGRP

Note

The VRF tag is by default the same for all VRF 4294967295, so, when the route is learned in another VRFS, it will be blocked as well.

If you need to learn the route in another VRF, a modification of the VRF tag is need.

Navigate Tenant > Networking > VRF > in “Route tag policy” or “Transit route tag Policy” in newer releases, define a new tag policy with a tag number different from the default.


Routing Loop avoidance for EIGRP & MP-BGP Redistribution

Scenario:

  • 10.0.0.0/8 network is learned from EIGRP with metric FD= 100000 on two borde leafs.
  • The network will be propapgated by default to each leaf from the other one via MP-BGP.
  • L3OUT export all route via Export 0.0.0.0/0 & aggregate export (include 10.0.0.0/8)
  • The Redistributed routes (from BGP to EIGRP routing protocol) have lower metric than the original.

–> Routing Loop


Solution1: Do not export all routes via L3OUT1 (Export only necessary routes).

Solution2: Set the metric for redistributed Route (for BGP into EIGRP redistribution)

Bilel-A

Enthusiastic Network Engineer specializing in Cisco ACI, passionate about solving challenges. A lifelong learner who loves gaining and sharing knowledge. Profile: https://www.linkedin.com/in/bilel-ameur-71116b2b5

Related articles

ACI L3 Multicast Troubleshoot – Part-3: Source and Receiver inside ACI – Topology 2

ACI L3 Multicast Troubleshoot – Part-3: Source and Receiver inside ACI – Topology 1

Troubleshoot ACI L3 Multicast – Part-2: Source in ACI and Receiver Outside

ACI L3 Multicast Troubleshoot – Part-1: Receiver in ACI and Source Outside

Quality of Service (QoS) in Cisco ACI – Overview and Configuration Examples

MACsec configuration in ACI Fabric

Cisco ACI Floating L3OUT [Explained & Configuration]

ACI Multiste PBR Configuration and Troubleshooting

ACI Route Redistribution

ACI Q in Q Dot1Q Tunnel Data Forwarding

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x