Configuring Layer 3 Outside for Tenant Networks Using the REST API
The external routed network that is configured in the example can also be extended to support both IPv4 and IPv6. Both IPv4 and IPv6 routes can be advertised to and learned from the external routed network. To configure an L3Out for a tenant network, send a post with XML such as the example.
This example is broken into steps for clarity. For a merged example, see REST API Example: L3Out.
Before you begin
-
Configure the node, port, functional profile, AEP, and Layer 3 domain.
-
Create the external routed domain and associate it to the interface for the L3Out.
-
Configure a BGP route reflector policy to propagate the routes within the fabric.
For an XML example of these prerequisites, see REST API Example: L3Out Prerequisites.
Procedure
Step 1 |
Configure the tenant, VRF, and bridge domain. This example configures tenant Example:
|
Step 2 |
Configure an application profile and application EPG. This example configures application profile Example:
|
Step 3 |
Configure the node and interface. This example configures VRF Example:
|
Step 4 |
Configure the routing protocol. This example configures BGP as the primary routing protocol, with a BGP peer with the IP address, Example:
|
Step 5 |
Configure the connectivity routing protocol. This example configures OSPF as the communication protocol, with regular area ID Example:
|
Step 6 |
Configure the external EPG. This example configures the network Example:
|
Step 7 |
Optional. Configure a route map. This example configures a route map for the BGP peer in the outbound direction. The route map is applied for routes that match
a destination of Example:
|
Step 8 |
This example creates filters and contracts to enable the EPGs to communicate. The external EPG and the application EPG are
already associated with the contract Example:
|
Step 9 |
Configure Advertise Host Routes. Example:
|
REST API Example: L3Out Prerequisites
This example configures the node, port, functional profile, AEP, and Layer 3 domain:
<?xml version="1.0" encoding="UTF-8"?>
<!-- api/policymgr/mo/.xml -->
<polUni>
<infraInfra>
<!-- Node profile -->
<infraNodeP name="nodeP1">
<infraLeafS name="leafS1" type="range">
<infraNodeBlk name="NodeBlk1" from_="101" to_="103" />
</infraLeafS>
<infraRsAccPortP tDn="uni/infra/accportprof-PortP1" />
</infraNodeP>
<!-- Port profile -->
<infraAccPortP name="PortP1">
<!-- 12 regular ports -->
<infraHPortS name="PortS1" type="range">
<infraPortBlk name="portBlk1" fromCard="1" toCard="1" fromPort="3" toPort="32"/>
<infraRsAccBaseGrp tDn="uni/infra/funcprof/accportgrp-default" />
</infraHPortS>
</infraAccPortP>
<!-- Functional profile -->
<infraFuncP>
<!-- Regular port group -->
<infraAccPortGrp name="default">
<infraRsAttEntP tDn="uni/infra/attentp-aeP1" />
</infraAccPortGrp>
</infraFuncP>
<infraAttEntityP name="aeP1">
<infraRsDomP tDn="uni/phys-dom1"/>
<infraRsDomP tDn="uni/l3dom-dom1/>
</infraAttEntityP>
<fvnsVlanInstP name="vlan-1024-2048" allocMode="static">
<fvnsEncapBlk name="encap" from="vlan-1024" to="vlan-2048" status="created"/>
</fvnsVlanInstP>
</infraInfra>
<physDomP dn="uni/phys-dom1" name="dom1">
<infraRsVlanNs tDn="uni/infra/vlanns-[vlan-1024-2048]-static"/>
</physDomP>
<l3extDomP name="dom1">
<infraRsVlanNs tDn="uni/infra/vlanns-[vlan-1024-2048]-static" />
</l3extDomP>
</polUni>
The following example configures the required BGP route reflectors:
<!-- Spine switches 104 and 105 are configured as route reflectors -->
<?xml version="1.0" encoding="UTF8"?>
<!-- api/policymgr/mo/.xml -->
<polUni>
<bgpInstPol name="default">
<bgpAsP asn="100"/>
<bgpRRP>
<bgpRRNodePEp id="104"/>
<bgpRRNodePEp id="105"/>
</bgpRRP>
</bgpInstPol>
<fabricFuncP>
<fabricPodPGrp name="bgpRRPodGrp1">
<fabricRsPodPGrpBGPRRP tnBgpInstPolName="default"/>
</fabricPodPGrp>
</fabricFuncP>
<fabricPodP name="default">
<fabricPodS name="default" type="ALL">
<fabricRsPodPGrp tDn="uni/fabric/funcprof/podpgrp-bgpRRPodGrp1"/>
</fabricPodS>
</fabricPodP>
</polUni>
REST API Example: L3Out
The following example provides a merged version of the steps to configure an L3Out using the REST API.
<?xml version="1.0" encoding="UTF8"?>
<!-- api/policymgr/mo/.xml -->
<polUni>
<fvTenant name="t1">
<fvCtx name="v1"/>
<fvBD name="bd1">
<fvRsCtx tnFvCtxName="v1"/>
<fvSubnet ip="44.44.44.1/24" scope="public"/>
<fvRsBDToOut tnL3extOutName="l3out1"/>
</fvBD>
<fvAp name="app1">
<fvAEPg name="epg1">
<fvRsDomAtt instrImedcy="immediate" tDn="uni/phys-dom1"/>
<fvRsBd tnFvBDName="bd1" />
<fvRsPathAtt encap="vlan-2011" instrImedcy="immediate" mode="regular" tDn="topology/pod-1/paths-101/pathep-[eth1/3]"/>
<fvRsCons tnVzBrCPName="httpCtrct"/>
</fvAEPg>
</fvAp>
<l3extOut name="l3out1">
<l3extRsEctx tnFvCtxName="v1"/>
<l3extLNodeP name="nodep1">
<l3extRsNodeL3OutAtt rtrId="11.11.11.103" tDn="topology/pod-1/node-103"/>
<l3extLIfP name="ifp1">
<l3extRsPathL3OutAtt addr="12.12.12.3/24" ifInstT="l3-port" tDn="topology/pod-1/paths-103/pathep-[eth1/3]"/>
</l3extLIfP>
<bgpPeerP addr="15.15.15.2">
<bgpAsP asn="100"/>
</bgpPeerP>
</l3extLNodeP>
<l3extRsL3DomAtt tDn="uni/l3dom-dom1"/>
<bgpExtP/>
<ospfExtP areaId="0.0.0.0" areaType="regular"/>
<l3extInstP name="extnw1" >
<l3extSubnet ip="20.20.20.0/24" scope="import-security"/>
<l3extRsInstPToProfile direction="export" tnRtctrlProfileName="rp1"/>
<fvRsProv tnVzBrCPName="httpCtrct"/>
</l3extInstP>
<rtctrlProfile name="rp1">
<rtctrlCtxP name="ctxp1" action="permit" order="0">
<rtctrlScope>
<rtctrlRsScopeToAttrP tnRtctrlAttrPName="attrp1"/>
</rtctrlScope>
<rtctrlRsCtxPToSubjP tnRtctrlSubjPName="match-rule1"/>
</rtctrlCtxP>
</rtctrlProfile>
</l3extOut>
<rtctrlSubjP name="match-rule1">
<rtctrlMatchRtDest ip="200.3.2.0/24"/>
</rtctrlSubjP>
<rtctrlAttrP name="attrp1">
<rtctrlSetASPath criteria="prepend">
<rtctrlSetASPathASN asn="100" order="2"/>
<rtctrlSetASPathASN asn="200" order="1"/>
</rtctrlSetASPath>
</rtctrlAttrP>
<vzFilter name='http-filter'>
<vzEntry name="http-e" etherT="ip" prot="tcp"/>
</vzFilter>
<vzBrCP name="httpCtrct" scope="context">
<vzSubj name="subj1">
<vzRsSubjFiltAtt tnVzFilterName="http-filter"/>
</vzSubj>
</vzBrCP>
</fvTenant>
</polUni>