SR MPLS L3out

The following table maps the subnet flags of external endpoint groups to the corresponding GUI terminology:

Subnet Flag	GUI Terminology
import_security	External Subnets for External EPG
shared_security	Shared Security Import Subnet
import_route_control	Import Route Control Subnet
export_route_control	Export Route Control Subnet
shared_route_control	Shared Route Control Subnet
aggregate_import_route_control	Aggregate Export
aggregate_export_route_control	Aggregate Import
aggregate_shared_route_control	Aggregate Shared Routes

Location in GUI:

• Tenants » XXX » Networking » SR MPLS VRF L3Outs

Diagram

Classes

tenants (apic)

Name	Type	Constraint	Mandatory	Default Value
sr_mpls_l3outs	List	[sr_mpls_l3outs]	No

sr_mpls_l3outs (apic.tenants)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	Yes
alias	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	No
description	String	Regex: ^[a-zA-Z0-9\!#$%()*,-./:;@ _{|}~?&+]{1,128}$	No
vrf	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	No
domain	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	No
transport_data_plane	Choice	sr_mpls, mpls	No	sr_mpls
node_profiles	List	[node_profiles]	No
external_endpoint_groups	List	[external_endpoint_groups]	No
sr_mpls_infra_l3outs	List	[sr_mpls_infra_l3outs]	No

node_profiles (apic.tenants.sr_mpls_l3outs)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	Yes
mpls_custom_qos_policy	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	No
bfd_multihop_node_policy	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	No
nodes	List	[nodes]	No
interface_profiles	List	[interface_profiles]	No
evpn_connectivity	List	[evpn_connectivity]	No

external_endpoint_groups (apic.tenants.sr_mpls_l3outs)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	Yes
alias	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	No
description	String	Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$	No
preferred_group	Boolean	true, false	No	false
subnets	List	[subnets]	No
contracts	Class	[contracts]	No

sr_mpls_infra_l3outs (apic.tenants.sr_mpls_l3outs)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	Yes
inbound_route_map	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	No
outbound_route_map	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	Yes
external_endpoint_groups	List	String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$]	Yes

nodes (apic.tenants.sr_mpls_l3outs.node_profiles)

Name	Type	Constraint	Mandatory	Default Value
node_id	Integer	min: 1, max: 4000	Yes
pod_id	Integer	min: 1, max: 255	No	1
router_id	IP		No
bgp_evpn_loopback	IP		Yes
mpls_transport_loopback	IP		Yes
segment_id_index	Integer	min: 0, max: 4294967295	Yes

interface_profiles (apic.tenants.sr_mpls_l3outs.node_profiles)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	Yes
description	String	Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$	No
bfd_policy	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	No
interfaces	List	[interfaces]	No

evpn_connectivity (apic.tenants.sr_mpls_l3outs.node_profiles)

Name	Type	Constraint	Mandatory	Default Value
ip	IP		Yes
description	String	Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$	No
remote_as	Integer	min: 0, max: 4294967295	Yes
allow_self_as	Boolean	true, false	No	false
disable_peer_as_check	Boolean	true, false	No	false
ttl	Integer	min: 1, max: 255	No	2
bfd	Boolean	true, false	No	false
password	String		No
peer_prefix_policy	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	No
admin_state	Boolean	true, false	No	true
local_as	Integer	min: 0, max: 4294967295	No
as_propagate	Choice	none, no-prepend, replace-as, dual-as	No	none

subnets (apic.tenants.sr_mpls_l3outs.external_endpoint_groups)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	No
prefix	IP		Yes
route_leaking	Boolean	true, false	No	false
security	Boolean	true, false	No	false
aggregate_shared_route_control	Boolean	true, false	No	false

contracts (apic.tenants.sr_mpls_l3outs.external_endpoint_groups)

Name	Type	Constraint	Mandatory	Default Value
consumers	List	String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$]	No
providers	List	String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$]	No
imported_consumers	List	String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$]	No

interfaces (apic.tenants.sr_mpls_l3outs.node_profiles.interface_profiles)

Name	Type	Constraint	Mandatory	Default Value
description	String	Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$	No
node_id	Integer	min: 1, max: 4000	No
pod_id	Integer	min: 1, max: 255	No	1
module	Integer	min: 1, max: 9	No	1
port	Integer	min: 1, max: 127	No
channel	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	No
ip	IP		No
vlan	Integer	min: 1, max: 4096	No
mac	MAC		No	00:22:BD:F8:19:FF
mtu	Any	Choice[inherit] or Integer[min: 576, max: 9216]	No	inherit
bgp_peers	List	[bgp_peers]	No

bgp_peers (apic.tenants.sr_mpls_l3outs.node_profiles.interface_profiles.interfaces)

Name	Type	Constraint	Mandatory	Default Value
ip	IP		Yes
remote_as	Integer	min: 0, max: 4294967295	Yes
description	String	Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$	No
allow_self_as	Boolean	true, false	No	false
send_community	Boolean	true, false	No	false
send_ext_community	Boolean	true, false	No	false
password	String		No
bfd	Boolean	true, false	No	false
unicast_address_family	Boolean	true, false	No	true
admin_state	Boolean	true, false	No	true
local_as	Integer	min: 0, max: 4294967295	No
peer_prefix_policy	String	Regex: ^[a-zA-Z0-9_.:-]{1,64}$	No

Examples

SR MPLS L3Out in infra tenant:

apic:
  tenants:
    - name: infra
      sr_mpls_l3outs:
        - name: INFRA_SR_MPLS_L3
          description: Infra SR-MPLS L3out
          domain: ROUTED1
          transport_data_plane: mpls  
          node_profiles:
            - name: SR_MPLS_NP
              mpls_custom_qos_policy: MPLS_QOS
              bfd_multihop_node_policy: BFD_POL
              nodes: 
                - node_id: 101
                  router_id: 126.126.126.126
                  bgp_evpn_loopback: 127.31.2.26
                  mpls_transport_loopback: 172.31.2.26
                  segment_id: 206
              evpn_connectivity:
                - ip: 172.31.2.54
                  remote_as: 64001
                  ttl: 10
                  local_as: 31200
                  allow_self_as: true
                  disable_peer_as_check: true 
                  password: C1sco123
                  as_propagate: dual-as
                  peer_prefix_policy: BGP_PP1
              interface_profiles:
                - name: int_prof 
                  bfd_policy: BFD_POL
                  interfaces:
                    - node_id: 101
                      port: 10
                      mtu: 9000
                      ip: 5.5.5.5/24
                      bgp_peers:
                        - ip: 10.10.10.1
                          remote_as: 65123
                    - node_id: 102
                      channel: PC1
                      vlan: 101
                      ip: 6.6.6.6/24

SR MPLS L3Out in user tenant:

apic:
  tenants:
    - name: ABC
      sr_mpls_l3outs:
        - name: ABC_SR_MPLS_L3OUT 
          vrf: VRF1
          sr_mpls_infra_l3outs:
            - name: INFRA_SR_MPLS_L3
              outbound_route_map: export-map
              inbound_route_map: import-map
              external_endpoint_groups:
                - ext-epg
                - ext-epg2
          external_endpoint_groups:
            - name: ext-epg
              subnets:
                - name: ALL
                  prefix: 0.0.0.0/0
                  route_leaking: true
                  security: true
                  aggregate_shared_route_control: true
              contracts:
                consumers:
                  - CON1
                providers:
                  - CON1
                imported_consumers:
                  - IMPORT-CON1