I have a question about L3Outs... Pretty new to ACI. I understand basic MPLS L3VPNs decently. We are utilizing common tenant and default vrf for our 2x L3Outs. One L3Out is for default route and whatever networks live on the perimeter. The other L3Out is for the "rest of backbone" network. All tenants need access to both L3Outs. Today we are leaking all of our backbone routes into each tenant and are exceeding maximum number of routes and having issues programming routes into hardware.
My question is if I leak only the default route to the tenants, the theory is that I will drain all traffic toward the common tenant, then the common tenant has more specific routes to tell traffic where to go. As long as the contracts allow the traffic, will this work as desired? As I understand it we would export the default route with a target then import that target into the tenants... And vice versa from tenant to common. The theory is any tenant to tenant (excluding common) will still be exported/imported on a per tenant basis as needed and will still route directly between each other without traversing the border leafs).
No comments:
Post a Comment