Orphan port support

Support is now available for orphan port-channel or physical ports on remote leaf switches, with a vPC domain.

See chapter Remote Leaf Switches

QoS for L3Outs chapter

QoS for L3Outs is moved to a separate chapter.

See chapter QoS for L3Outs

Layer 3 Routed and Sub-interface Port Channels

Support for Layer 3 port channels is added.

See section Layer 3 Routed and Sub-Interface Port Channels

Remote Leaf switch enhancements

New features and options are supported.

See chapter Remote Leaf Switches

Transit Routing Enhancement

Information is added to configure Transit Routing using the APIC GUI, NX-OS style CLI, or REST API.

See chapter Transit Routing

Neighbor Discovery Duplicate Address Detection (DAD)

Support for disabling Discovery Duplicate Address Detection (DAD) is added.

See chapter IPv6 Neighbor Discovery

QoS for L3Outs

In this release, QoS policy enforcement on L3Out ingress traffic is enhanced.

See QoS for L3Outs

Removed incorrect information: Maximum MTU Increased

See chapter Routed Connectivity to External Networks

Neighbor Discovery Router Advertisement on Layer 3 Out

RS/RA packets are used for auto configuration and are configurable on Layer 3 interfaces including routed interface, Layer 3 sub interface, and SVI.

See chapter IPv6 Neighbor Discovery

BGP External Routed Network with Autonomous System Override

The AS override function replaces the AS number from the originating router with the AS number of the sending BGP router in the AS Path of the outbound routes

See chapter Routing Protocol Support

Layer 3 Multicast support with FEX

Multicast sources or receivers connected to FEX ports are supported.

See chapter Tenant Routed Multicast

Allows for the SVI auto state behavior to be enabled. This allows the SVI state to be in the down state when all the ports in the VLAN go down.

See chapter Switch Virtual Interface

Remote Leaf Switches

With an ACI fabric deployed, you can extend ACI services and APIC management to remote data centers with Cisco ACI leaf switches that have no local spine switch or APIC attached.

See chapter Remote Leaf Switches

New Hardware Support for Multipod and GOLF

Multipod and GOLF are supported by all Cisco Nexus 9300 platform ACI-mode switches and all of the Cisco Nexus 9500 platform ACI-mode switch line cards and fabric modules. With Cisco APIC, release 3.1(x) and higher, this includes the N9K-C9364C switch.

See chapters Cisco ACI GOLF and Multipod

Using Shared GOLF Connections Between Multi-Site Sites

Guidelines were added to avoid inter-VRF traffic issues for APIC Sites in a Multi-Site topology, if stretched VRFs share GOLF connections.

See chapter Cisco ACI GOLF

BFD support for spine switch

Support for Bidirectional Forwarding Detection (BFD) on spine switch is added.

See chapter Routing Protocol Support

New examples for L3Out configuration

New GUI, NX-OS style CLI, and REST API examples provide clarity and consistency.

See chapter Routed Connectivity to External Networks

Configuring Transit Routing

Content from the knowledge base article Cisco APIC and Transit Routing was incorporated in this guide, including new configuration examples for APIC GUI, NX-OS style CLI, and REST API

See chapter Transit Routing

Chapters reorganized

The chapters of this guide were reorganized into a more logical order and the following chapter names were changed:

• Tenant Outside Networks is now Routed Connectivity to External Networks

• Route Profiles, Route Maps, and IP Prefix Lists is now Route Control

• Shared Layer 3 Outside Connections is now Shared Services

• SVI External Encapsulation Scope is now Switch Virtual Interface

--

Static Route on BD

Support is added to configure a static route in a pervasive bridge domain (BD) to enable routes to virtual services behind firewalls.

This feature enables endpoint (EP) reachability to subnets and hosts which are not directly connected to the pervasive BD, using regular EPGs.

See chapter Static Route on a Bridge Domain

Allows for the SVI auto state behavior to be enabled. This allows the SVI state to be in the down state when all the ports in the VLAN go down.

See chapter Switch Virtual Interface

Allows for the change to the length of the autonomous system path in a BGP route to invoke best-path selection by a remote peer

See chapter Routing Protocol Support

Enables you to configure the maximum number of paths that BGP adds to the route table to invoke equal-cost multipath load balancing

See chapter Routing Protocol Support

Encapsulation scope for SVI across Layer 3 Outside Networks

With this release you can configure the encapsulation scope for SVI across Layer 3 networks.

See chapter Switch Virtual Interface

Support for Deny prefix

Denying context rules for specific routes is now supported.

See chapter Route Control

Per VRF per node BGP timer values

With this release, you can define and associate BGP timers on a per VRF per node basis.

See chapter Routing Protocol Support

See chapter Shared Services

See chapter Routed Connectivity to External Networks and Route Control

Support for EIGRP to BGP transit routing is available

Added support in the Supported Transit Combination Matrix.

See chapter Transit Routing

Communication between shared L3Outs in different VRFs

Added support statement in Scope and Aggregate Controls for Subnets.

See chapter Transit Routing

Document Reorganization

The topics in this guide were collected from Cisco APIC Basic Configuration Guide, Release 2.x, Cisco ACI and Layer 3 Multicast with Cisco ACI, and the following Knowledge Base articles:

• Cisco APIC and Interleak of External Routes

• Cisco APIC and Route Maps Using Explicit Prefix List

• Cisco APIC IP Aging Policy

• Cisco APIC Layer 3 Outside for Tenant Network

• Cisco APIC Tenant, VRF, and Bridge Domain Creation with IPv6 Neighbor Discovery

• Cisco APIC and Common Pervasive Gateway

• Cisco APIC and HSRP

• Cisco APIC and IGMP Snoop Layer 2 Multicast Configuration

• Cisco APIC and Route Control Protocol Using Import and Export Controls

• Cisco APIC and BGP External Routed Network and BFD

• Cisco APIC with EIGRP

Cisco APIC Layer 3 Configuration Guide (this guide)

Name Change

Changed name of "Layer 3 EVPN Services for Fabric WAN" to "Cisco ACI GOLF".

See chapters Cisco ACI GOLF and Multipod

HSRP

With this release, you can enable HSRP, a first-hop redundancy protocol (FHRP) that allows a transparent failover of the first-hop IP router. HSRP provides first-hop routing redundancy for IP hosts on Ethernet networks configured with a default router IP address. You use HSRP in a group of routers for selecting an active router and a standby router. In a group of routers, the active router is the router that routes packets, and the standby router is the router that takes over when the active router fails or when preset conditions are met.

Distribute EVPN Type-2 Host Routes

Support is added for optimal traffic forwarding in an EVPN topology enables fabric spines to advertise host routes using EVPN type-2 (MAC-IP) routes to the DCIG along with public BD subnets in the form of BGP EVPN type-5 (IP Prefix) routes.

See chapter Cisco ACI GOLF

Route Maps Using Explicit Prefix Lists

Explicit prefix lists for public bridge domain (BD) subnets and external transit networks enable inbound and outbound route controls. Inbound and outbound route control for Layer 3 Out is managed by the route map/profile (rtctrlProfile). The route map/profile policy supports a fully controllable prefix list for Layer 3 Out in the Cisco ACI fabric.

See chapter Route Control

IP Aging Policy

In this release, you can enable a new aging policy for IPs in an endpoint. The IP aging policy tracks and ages unused IPs on an endpoint. Tracking is performed using the endpoint retention policy configured for the BD to send ARP requests (for IPv4) and neighbor solicitations (for IPv6) at 75% of the local endpoint aging interval. When no response is received from an IP, that IP is aged out.

See chapter IP Aging

IGMP Snoop access group support and IGMP Snoop static group support

Support is added for IGMP snooping, the process of listening to Internet Group Management Protocol (IGMP) network traffic. The feature allows a network switch to listen in on the IGMP conversation between hosts and routers and filter multicast links that do not need them, thus controlling which ports receive specific multicast traffic.

See chapter IGMP Snooping

IP Multicast support for Multipod

Support is added for IP Multicast in a Multipod topology

See chapter Tenant Routed Multicast

Import control policy support for OSPF inbound filtering

Support is added for import and export controls using OSPF as well as BGP.

See chapters Routed Connectivity to External Networks and Route Control

GOLF (Layer 3 EVPN Services Over Fabric WAN)

GOLF is introduced.

See chapter Cisco ACI GOLF

GOLF is Supported with Transit Routing

GOLF L3Outs and Border Leaf BGP/OSPF L3Outs are supported

See chapter Transit Routing

Enhancements for the EIGRP interface policy

Support is added for EIGRP properties such as bandwidth and delay.

See chapter Routing Protocol Support

Layer 3 Multicast

Layer 3 Multicast is introduced.

See chapter Tenant Routed Multicast

Support for Aggregate Controls for Subnets for Transit Routing

Added a new section for Scope and Aggregate Controls for Subnets.

See chapter Transit Routing

Support Ethertype, protocol, L4 port, and TCP flag filters

Support for Ethertype, protocol, L4 port, and TCP flag filters is available, and can be used in transit routing controls.

See chapter Transit Routing

Route Summarization

Removed object model CLI procedure.

Added route summarization procedures for the GUI and NX-OS CLI interfaces.

See chapter Routing Protocol Support

-

Removed object model CLI procedures and added NX-OS style CLI procedures.

• NX-OS style CLI topics in chapter

  See chapter Transit Routing

  IPv6 and Neighbor Discovery

• NX-OS style CLI topics in Route Controls

• NX-OS style CLI topics in BGP External Routed Networks with BFD in Routing Protocol Support

• See chapter Routing Protocol Support

Set attributes for all routes received and redistributed from OSPF

Support is added to set attributes for all routes received such as community, local prefix, MED. Set attributes for all routes redistributed such as tags, local prefix, community.

See chapter Routing Protocol Support

Route Summarization for OSPF, BGP, and EIGRP

Route summarization enables route tables by replacing many specific addresses with an single address. For example, 10.1.1.0/24, 10.1.2.0/24, and 10.1.3.0/24 is replaced with 10.1.0.0/16. Route summarization policies enable routes to be shared efficiently among border leaf switches and their neighbor leaf switches. BGP, OSPF, or EIGRP route summarization policies are applied to a bridge domain or transit subnet. For OSPF, inter-area and external route summarization are supported.

See chapter Routing Protocol Support

Common Pervasive Gateway

Two ACI fabrics can be configured with an IPv4 common gateway on a per bridge-domain basis. Doing so enables moving one or more virtual machine (VM) or conventional hosts across the fabrics while the host retains its IP address. VM-host moves across fabrics can be done automatically by the VM hypervisor. The ACI fabrics can be co-located, or provisioned across multiple sites. The Layer 2 connection between the ACI fabrics can be a local link, or can be across a bridged network.

See chapter Common Pervasive Gateway

Set BGP attributes for routes based on incoming communities

Set BGP attributes is enabled for routes based on incoming communities such as community, local preference, MED.

See chapter Routing Protocol Support

Bidirectional Forwarding Detection (BFD):

Global configuration for GUI, NX-OS CLI, and REST API

Interface configuration for GUI, NX-OS CLI, and REST API

Consumer protocol configuration for GUI, NX-OS CLI, and REST API

Support for BFD is introduced, providing sub-second failure detection times in the forwarding path between ACI fabric border leaf switches configured to support peering router connections.

See chapter Routing Protocol Support

Maximum prefix limit

Support is added for BGP maximum prefix limit.

See chapter Routing Protocol Support

BGP enhancements to set attributes for action rule profiles and peer connectivity profiles

Support is added for the BGP attributes Dynamic Neighbors, Route Dampening, weight attribute and remove-private-as.

See chapter Routing Protocol Support

IPv6 support and interface policy enhancements

IPv6 is supported with EIGRP.

Interface policies are enhanced. In addition to existing interface policy parameters, bandwidth and delay can be controlled on the interface through the eigrpIfPol attribute.

Added the NX-OS-style CLI procedure.

See chapter Routing Protocol Support

Interleak of external routes

Support is added for setting attributes (such as community, preference, or metric) to enable interleak of routes from OSPF to BGP.

See chapter Interleak Redistribution for MP-BGP

Transit Routing Support

Support is added for transit routing through the fabric.

See chapter Transit Routing

IPv6 support, Direct BGP support, and eBGP support

Introduced IPv6 support, direct BGP support, and eBGP support.

See chapter Routing Protocol Support

Tenant Layer 3 outside networks

Documentation is added for tenant Layer 3 outside networks.

See chapter Routed Connectivity to External Networks