L3Out Subnet Scope
Options in Cisco ACI
|
Scope Option |
Purpose |
|
Export Route
Control Subnet |
Advertises specific
transit routes out of the ACI fabric. Used for controlling which
external routes are exported. |
|
Import Route
Control Subnet |
Allows specific
external routes to be imported into the ACI fabric using BGP or OSPF. |
|
External Subnets
for External EPG (Security
Import Subnet) |
Enables data
plane traffic between external EPGs and internal EPGs. Without this,
traffic is dropped even if routes are learned. |
|
Shared Route
Control Subnet |
Used in inter-VRF
route leaking. Marks subnets that should be advertised across VRFs. |
|
Shared Security
Import Subnet |
Similar to External
Subnets, but for shared L3Outs. Enables traffic flow between shared
external and internal EPGs. |
|
Aggregate
Export/Import/Shared Routes |
Used to summarize
routes, e.g., adding /32 in front of 0.0.0.0/0 for default route
aggregation. |
🧠 Key Notes
- These scope options are critical for controlling
route advertisement and enabling secure communication between
different parts of the network.
- Cisco ACI uses a contract-based
model, so even if routes are advertised, traffic will be dropped
unless explicitly allowed by contracts and security prefixes
No comments:
Post a Comment