Here are the steps to configure OSPF routing between ACI fabric and an external router. The part on the external router is not mentioned in this blog post, since I focus here only on ACI.

If our network design involves BGP Route Reflectors, then we need to have a BGP Route Reflector Policy set before configuring external OSPF routed network.

Our network design here dictates that the tenant has its own L3out block.

Configure OSPF Interface Policy

Configure a VLAN Pool

see my blog post on VLAN Pools first.

Configure a static allocation for VLAN Pool that defines the VLAN ID on the leaf port between ACI fabric and the external router:

It will be a one-VLAN range.

Configure an Interface Policy Group

Configure an Interface Profile

Configure a Switch Profile and associate it with the Interface Policy Group

Configure a L3 Domain (aka External Routed Domain)

Configure an AAEP and associate it with the created L3 Domain and the created Interface Policy Group

Configure an External Routed Network under the Tenant

click OK.

Click Next

We associate our OSPF Interface Profile to our previously created OSPF Interface Policy:

Click Next.

We select which type of L3 interface we will run OSPF onto.

Click OK and return back to the menu Create Interface Profile

Click OK and return back to the menu Create Node Profile

OK to return back to the L3 Routed Outside menu. We see now that the Node and Interface Protocol Profile field is filled:

Now we are going to define the external subnets, aka the subnets that constitute the external EPG:

These are the subnets that are allowed to be visible to the fabric. Click Next.

We manually add the individual external subnets:

Defining a Contract Between the External EPG and an Internal EPG

Up to this point there is still no communication allowed between the fabric internal subnets and the external subnets. Remember that every communication in ACI is ruled by contracts and here is no exception. So we define the internal EPG to provide the contract and the external EPG to consume it.

Categories: Cisco DCACI

Keyboard Banger

Keyboard Banger is a network engineer from Africa. He has been working in network support and administration since 2008. He started writing study notes about certification exams and technology topics a couple of years ago. When he's not writing articles, he can be found wandering on technical forums.


Leave a Reply

Your email address will not be published. Required fields are marked *