L3out

L3out Node and Interface Profiles can either be auto-generated, one per L3out, or can be defined explicitly.

Note: Whether an interface is an svi, routed sub-interface, or routed depends on the following configuration:

svi - vlan: <not null>, svi: true, ip: <not null>

routed sub-interface - vlan: <not null>, svi: false, ip: <not null>

routed interface - vlan: <null>, svi: false, ip: <not null>

The following table maps the subnet flags of external endpoint groups to the corresponding GUI terminology:

Subnet Flag	GUI Terminology
`import_security`	`External Subnets for External EPG`
`shared_security`	`Shared Security Import Subnet`
`import_route_control`	`Import Route Control Subnet`
`export_route_control`	`Export Route Control Subnet`
`shared_route_control`	`Shared Route Control Subnet`
`aggregate_import_route_control`	`Aggregate Import`
`aggregate_export_route_control`	`Aggregate Export`
`aggregate_shared_route_control`	`Aggregate Shared Routes`

Location in GUI:

Tenants » XXX » Networking » L3outs

Diagram

Classes

tenants (apic)

Name	Type	Constraint	Mandatory	Default Value
l3outs	List	`[l3outs]`	No

l3outs (apic.tenants)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
ndo_managed	Boolean	`true`, `false`	No	`false`
alias	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
target_dscp	Any	Choice[`CS0`, `CS1`, `AF11`, `AF12`, `AF13`, `CS2`, `AF21`, `AF22`, `AF23`, `CS3`, `AF31`, `AF32`, `AF33`, `CS4`, `AF41`, `AF42`, `AF43`, `CS5`, `VA`, `EF`, `CS6`, `CS7`, `unspecified`] or Integer[min: `0`, max: `63`]	No	`unspecified`
vrf	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
domain	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
bgp	Class	`[bgp]`	No
ospf	Class	`[ospf]`	No
eigrp	Class	`[eigrp]`	No
bfd_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
bgp_peers	List	`[bgp_peers]`	No
nodes	List	`[nodes]`	No
node_profiles	List	`[node_profiles]`	No
external_endpoint_groups	List	`[external_endpoint_groups]`	No
import_route_map	Class	`[import_route_map]`	No
export_route_map	Class	`[export_route_map]`	No
interleak_route_map	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
default_route_leak_policy	Class	`[default_route_leak_policy]`	No
dampening_ipv4_route_map	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
dampening_ipv6_route_map	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
redistribution_route_maps	List	`[redistribution_route_maps]`	No
l3_multicast_ipv4	Boolean	`true`, `false`	No	`false`
pim_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
igmp_interface_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
qos_class	Choice	`level1`, `level2`, `level3`, `level4`, `level5`, `level6`, `unspecified`	No	`unspecified`
custom_qos_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
nd_interface_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
ingress_data_plane_policing_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
egress_data_plane_policing_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
multipod	Boolean	`true`, `false`	No	`true`
remote_leaf	Boolean	`true`, `false`	No	`false`
import_route_control_enforcement	Boolean	`true`, `false`	No	`false`
export_route_control_enforcement	Boolean	`true`, `false`	No	`true`
dhcp_labels	List	`[dhcp_labels]`	No
route_maps	List	`[route_maps]`	No
bfd_multihop_node_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
bfd_multihop_auth	Class	`[bfd_multihop_auth]`	No
netflow_monitor_policies	List	`[netflow_monitor_policies]`	No

bgp (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
timer_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
as_path_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

ospf (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory	Default Value
ospf_interface_profile_name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
area	Any	Integer[min: `0`, max: `4294967295`] or Choice[`backbone`] or IP	Yes
area_type	Choice	`regular`, `stub`, `nssa`	No	`regular`
area_cost	Integer	min: `1`, max: `16777215`	No	`1`
area_control_redistribute	Boolean	`true`, `false`	No	`true`
area_control_summary	Boolean	`true`, `false`	No	`true`
area_control_suppress_fa	Boolean	`true`, `false`	No	`false`
auth_type	Choice	`none`, `simple`, `md5`	No	`none`
auth_key	String		No
auth_key_id	Integer	min: `1`, max: `255`	No	`1`
policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

eigrp (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory
interface_profile_name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
asn	Integer	min: `1`, max: `65535`	Yes
interface_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

bgp_peers (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory	Default Value
ip	IP		Yes
remote_as	Integer	min: `0`, max: `4294967295`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
allow_self_as	Boolean	`true`, `false`	No	`false`
as_override	Boolean	`true`, `false`	No	`false`
disable_peer_as_check	Boolean	`true`, `false`	No	`false`
next_hop_self	Boolean	`true`, `false`	No	`false`
send_community	Boolean	`true`, `false`	No	`false`
send_ext_community	Boolean	`true`, `false`	No	`false`
password	String		No
allowed_self_as_count	Integer	min: `1`, max: `10`	No	`3`
bfd	Boolean	`true`, `false`	No	`false`
disable_connected_check	Boolean	`true`, `false`	No	`false`
ttl	Integer	min: `1`, max: `255`	No	`1`
weight	Integer	min: `0`, max: `65535`	No	0
remove_all_private_as	Boolean	`true`, `false`	No	`false`
remove_private_as	Boolean	`true`, `false`	No	`false`
replace_private_as_with_local_as	Boolean	`true`, `false`	No	`false`
unicast_address_family	Boolean	`true`, `false`	No	`true`
multicast_address_family	Boolean	`true`, `false`	No	`true`
admin_state	Boolean	`true`, `false`	No	`true`
local_as	Integer	min: `0`, max: `4294967295`	No
as_propagate	Choice	`none`, `no-prepend`, `replace-as`, `dual-as`	No	`none`
peer_prefix_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
export_route_control	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
import_route_control	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

nodes (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory	Default Value
node_id	Integer	min: `1`, max: `4000`	Yes
pod_id	Integer	min: `1`, max: `255`	No
router_id	IP		Yes
router_id_as_loopback	Boolean	`true`, `false`	No	`true`
loopbacks	List	IP	No
static_routes	List	`[static_routes]`	No
interfaces	List	`[interfaces]`	No

node_profiles (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
bgp	Class	`[bgp]`	No
bgp_peers	List	`[bgp_peers]`	No
nodes	List	`[nodes]`	No
interface_profiles	List	`[interface_profiles]`	No
bfd_multihop_node_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
bfd_multihop_auth	Class	`[bfd_multihop_auth]`	No

external_endpoint_groups (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
ndo_managed	Boolean	`true`, `false`	No	`false`
alias	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
preferred_group	Boolean	`true`, `false`	No	`false`
qos_class	Choice	`level1`, `level2`, `level3`, `level4`, `level5`, `level6`, `unspecified`	No	`unspecified`
target_dscp	Any	Choice[`CS0`, `CS1`, `AF11`, `AF12`, `AF13`, `CS2`, `AF21`, `AF22`, `AF23`, `CS3`, `AF31`, `AF32`, `AF33`, `CS4`, `AF41`, `AF42`, `AF43`, `CS5`, `VA`, `EF`, `CS6`, `CS7`, `unspecified`] or Integer[min: `0`, max: `63`]	No	`unspecified`
subnets	List	`[subnets]`	No
contracts	Class	`[contracts]`	No
route_control_profiles	List	`[route_control_profiles]`	No

import_route_map (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
type	Choice	`combinable`, `global`	No	`global`
contexts	List	`[contexts]`	No

export_route_map (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
type	Choice	`combinable`, `global`	No	`global`
contexts	List	`[contexts]`	No

default_route_leak_policy (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory	Default Value
always	Boolean	`true`, `false`	No	`false`
criteria	Choice	`only`, `in-addition`	No	`only`
context_scope	Boolean	`true`, `false`	No	`false`
outside_scope	Boolean	`true`, `false`	No	`true`

redistribution_route_maps (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory	Default Value
source	Choice	`direct`, `attached-host`, `static`	No	`static`
route_map	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes

dhcp_labels (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory	Default Value
dhcp_relay_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
dhcp_option_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
scope	Choice	`infra`, `tenant`	No	`infra`

route_maps (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
type	Choice	`combinable`, `global`	No	`combinable`
contexts	List	`[contexts]`	No

bfd_multihop_auth (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`none`, `sha1`	No	`none`
key_id	Integer	min: `1`, max: `255`	No	`1`
key	String		No

netflow_monitor_policies (apic.tenants.l3outs)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
ip_filter_type	Choice	`ipv4`, `ipv6`, `ce`, `unspecified`	No	`ipv4`

static_routes (apic.tenants.l3outs.nodes)

Name	Type	Constraint	Mandatory	Default Value
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
prefix	IP		Yes
preference	Integer	min: `1`, max: `255`	No	`1`
bfd	Boolean	`true`, `false`	No	`false`
next_hops	List	`[next_hops]`	No
track_list	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

interfaces (apic.tenants.l3outs.nodes)

Name	Type	Constraint	Mandatory	Default Value
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
node_id	Integer	min: `1`, max: `4000`	No
node2_id	Integer	min: `1`, max: `4000`	No
port	Integer	min: `1`, max: `127`	No
sub_port	Integer	min: `1`, max: `16`	No
module	Integer	min: `1`, max: `9`	No	`1`
channel	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
ip	IP		No	`0.0.0.0`
svi	Boolean	`true`, `false`	No	`false`
multipod_direct	Boolean	`true`, `false`	No	`false`
autostate	Boolean	`true`, `false`	No	`false`
floating_svi	Boolean	`true`, `false`	No	`false`
vlan	Integer	min: `1`, max: `4096`	No
mac	MAC		No	`00:22:BD:F8:19:FF`
mtu	Any	Choice[`inherit`] or Integer[min: `576`, max: `9216`]	No	`inherit`
ip_a	IP		No
ip_b	IP		No
ip_shared	IP		No
ip_shared_dhcp_relay	IP		No	`false`
link_local_address	IP		No
bgp_peers	List	`[bgp_peers]`	No
paths	List	`[paths]`	No
mode	Choice	`regular`, `native`, `untagged`	No	`regular`
state	Choice	`local`, `vrf`	No
micro_bfd	Class	`[micro_bfd]`	No

bgp (apic.tenants.l3outs.node_profiles)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
timer_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
as_path_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

bgp_peers (apic.tenants.l3outs.node_profiles)

Name	Type	Constraint	Mandatory	Default Value
ip	IP		Yes
remote_as	Integer	min: `0`, max: `4294967295`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
allow_self_as	Boolean	`true`, `false`	No	`false`
as_override	Boolean	`true`, `false`	No	`false`
disable_peer_as_check	Boolean	`true`, `false`	No	`false`
next_hop_self	Boolean	`true`, `false`	No	`false`
send_community	Boolean	`true`, `false`	No	`false`
send_ext_community	Boolean	`true`, `false`	No	`false`
password	String		No
allowed_self_as_count	Integer	min: `1`, max: `10`	No	`3`
bfd	Boolean	`true`, `false`	No	`false`
disable_connected_check	Boolean	`true`, `false`	No	`false`
ttl	Integer	min: `1`, max: `255`	No	`1`
weight	Integer	min: `0`, max: `65535`	No	0
remove_all_private_as	Boolean	`true`, `false`	No	`false`
remove_private_as	Boolean	`true`, `false`	No	`false`
replace_private_as_with_local_as	Boolean	`true`, `false`	No	`false`
unicast_address_family	Boolean	`true`, `false`	No	`true`
multicast_address_family	Boolean	`true`, `false`	No	`true`
admin_state	Boolean	`true`, `false`	No	`true`
local_as	Integer	min: `0`, max: `4294967295`	No
as_propagate	Choice	`none`, `no-prepend`, `replace-as`, `dual-as`	No	`none`
peer_prefix_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
export_route_control	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
import_route_control	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

nodes (apic.tenants.l3outs.node_profiles)

Name	Type	Constraint	Mandatory	Default Value
node_id	Integer	min: `1`, max: `4000`	Yes
pod_id	Integer	min: `1`, max: `255`	No
router_id	IP		Yes
router_id_as_loopback	Boolean	`true`, `false`	No	`true`
loopbacks	List	IP	No
static_routes	List	`[static_routes]`	No

interface_profiles (apic.tenants.l3outs.node_profiles)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
bfd_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
ospf	Class	`[ospf]`	No
eigrp	Class	`[eigrp]`	No
pim_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
igmp_interface_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
qos_class	Choice	`level1`, `level2`, `level3`, `level4`, `level5`, `level6`, `unspecified`	No	`unspecified`
custom_qos_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
nd_interface_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
ingress_data_plane_policing_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
egress_data_plane_policing_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
interfaces	List	`[interfaces]`	No
dhcp_labels	List	`[dhcp_labels]`	No
netflow_monitor_policies	List	`[netflow_monitor_policies]`	No

subnets (apic.tenants.l3outs.external_endpoint_groups)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
ndo_managed	Boolean	`true`, `false`	No	`false`
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
prefix	IP		Yes
import_route_control	Boolean	`true`, `false`	No	`false`
export_route_control	Boolean	`true`, `false`	No	`false`
shared_route_control	Boolean	`true`, `false`	No	`false`
import_security	Boolean	`true`, `false`	No	`true`
shared_security	Boolean	`true`, `false`	No	`false`
aggregate_import_route_control	Boolean	`true`, `false`	No	`false`
aggregate_export_route_control	Boolean	`true`, `false`	No	`false`
aggregate_shared_route_control	Boolean	`true`, `false`	No	`false`
bgp_route_summarization	Boolean	`true`, `false`	No	`false`
bgp_route_summarization_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
ospf_route_summarization	Boolean	`true`, `false`	No	`false`
eigrp_route_summarization	Boolean	`true`, `false`	No	`false`
route_control_profiles	List	`[route_control_profiles]`	No

contracts (apic.tenants.l3outs.external_endpoint_groups)

Name	Type	Constraint	Mandatory
consumers	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
providers	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
imported_consumers	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No

route_control_profiles (apic.tenants.l3outs.external_endpoint_groups)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
direction	Choice	`import`, `export`	No	`import`

contexts (apic.tenants.l3outs.import_route_map)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
action	Choice	`permit`, `deny`	No	`permit`
order	Integer	min: `0`, max: `9`	No	0
match_rules	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
set_rule	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

contexts (apic.tenants.l3outs.export_route_map)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
action	Choice	`permit`, `deny`	No	`permit`
order	Integer	min: `0`, max: `9`	No	0
match_rules	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
set_rule	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

contexts (apic.tenants.l3outs.route_maps)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
action	Choice	`permit`, `deny`	No	`permit`
order	Integer	min: `0`, max: `9`	No	0
match_rules	List	String[Regex: `^[a-zA-Z0-9_.:-]{1,64}$`]	No
set_rule	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

next_hops (apic.tenants.l3outs.nodes.static_routes)

Name	Type	Constraint	Mandatory	Default Value
ip	IP		Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
preference	Integer	min: `0`, max: `255`	No	`1`
type	Choice	`prefix`, `none`	No	`prefix`
ip_sla_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
track_list	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

bgp_peers (apic.tenants.l3outs.nodes.interfaces)

Name	Type	Constraint	Mandatory	Default Value
ip	IP		Yes
remote_as	Integer	min: `0`, max: `4294967295`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
allow_self_as	Boolean	`true`, `false`	No	`false`
as_override	Boolean	`true`, `false`	No	`false`
disable_peer_as_check	Boolean	`true`, `false`	No	`false`
next_hop_self	Boolean	`true`, `false`	No	`false`
send_community	Boolean	`true`, `false`	No	`false`
send_ext_community	Boolean	`true`, `false`	No	`false`
password	String		No
allowed_self_as_count	Integer	min: `1`, max: `10`	No	`3`
bfd	Boolean	`true`, `false`	No	`false`
disable_connected_check	Boolean	`true`, `false`	No	`false`
ttl	Integer	min: `1`, max: `255`	No	`1`
weight	Integer	min: `0`, max: `65535`	No	0
remove_all_private_as	Boolean	`true`, `false`	No	`false`
remove_private_as	Boolean	`true`, `false`	No	`false`
replace_private_as_with_local_as	Boolean	`true`, `false`	No	`false`
unicast_address_family	Boolean	`true`, `false`	No	`true`
multicast_address_family	Boolean	`true`, `false`	No	`true`
admin_state	Boolean	`true`, `false`	No	`true`
local_as	Integer	min: `0`, max: `4294967295`	No
as_propagate	Choice	`none`, `no-prepend`, `replace-as`, `dual-as`	No	`none`
peer_prefix_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
export_route_control	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
import_route_control	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

paths (apic.tenants.l3outs.nodes.interfaces)

Name	Type	Constraint	Mandatory
physical_domain	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
vmware_vmm_domain	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
elag	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
floating_ip	IP		Yes
vlan	Integer	min: `1`, max: `4096`	No

micro_bfd (apic.tenants.l3outs.nodes.interfaces)

Name	Type	Constraint	Mandatory	Default Value
destination_ip	IP		Yes
start_timer	Any	Integer[min: `60`, max: `3600`] or Integer[min: `0`, max: `0`]	No	0

static_routes (apic.tenants.l3outs.node_profiles.nodes)

Name	Type	Constraint	Mandatory	Default Value
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
prefix	IP		Yes
preference	Integer	min: `1`, max: `255`	No	`1`
bfd	Boolean	`true`, `false`	No	`false`
next_hops	List	`[next_hops]`	No
track_list	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

ospf (apic.tenants.l3outs.node_profiles.interface_profiles)

Name	Type	Constraint	Mandatory	Default Value
ospf_interface_profile_name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
auth_type	Choice	`none`, `simple`, `md5`	No	`none`
auth_key	String		No
auth_key_id	Integer	min: `1`, max: `255`	No	`1`
policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

eigrp (apic.tenants.l3outs.node_profiles.interface_profiles)

Name	Type	Constraint	Mandatory
interface_profile_name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
interface_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
keychain_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

interfaces (apic.tenants.l3outs.node_profiles.interface_profiles)

Name	Type	Constraint	Mandatory	Default Value
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
node_id	Integer	min: `1`, max: `4000`	No
node2_id	Integer	min: `1`, max: `4000`	No
pod_id	Integer	min: `1`, max: `255`	No
module	Integer	min: `1`, max: `9`	No	`1`
port	Integer	min: `1`, max: `127`	No
sub_port	Integer	min: `1`, max: `16`	No
channel	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
ip	IP		No	`0.0.0.0`
multipod_direct	Boolean	`true`, `false`	No	`false`
svi	Boolean	`true`, `false`	No	`false`
autostate	Boolean	`true`, `false`	No	`false`
floating_svi	Boolean	`true`, `false`	No	`false`
vlan	Integer	min: `1`, max: `4096`	No
mac	MAC		No	`00:22:BD:F8:19:FF`
mtu	Any	Choice[`inherit`] or Integer[min: `576`, max: `9216`]	No	`inherit`
ip_a	IP		No
ip_b	IP		No
ip_shared	IP		No
ip_shared_dhcp_relay	Boolean	`true`, `false`	No	`false`
link_local_address	IP		No
bgp_peers	List	`[bgp_peers]`	No
paths	List	`[paths]`	No
mode	Choice	`regular`, `native`, `untagged`	No	`regular`
scope	Choice	`local`, `vrf`	No	`local`

route_control_profiles (apic.tenants.l3outs.external_endpoint_groups.subnets)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
direction	Choice	`import`, `export`	No	`import`

next_hops (apic.tenants.l3outs.node_profiles.nodes.static_routes)

Name	Type	Constraint	Mandatory	Default Value
ip	IP		Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
preference	Integer	min: `0`, max: `255`	No	`1`
type	Choice	`prefix`, `none`	No	`prefix`
ip_sla_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
track_list	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

bgp_peers (apic.tenants.l3outs.node_profiles.interface_profiles.interfaces)

Name	Type	Constraint	Mandatory	Default Value
ip	IP		Yes
remote_as	Integer	min: `0`, max: `4294967295`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
allow_self_as	Boolean	`true`, `false`	No	`false`
as_override	Boolean	`true`, `false`	No	`false`
disable_peer_as_check	Boolean	`true`, `false`	No	`false`
next_hop_self	Boolean	`true`, `false`	No	`false`
send_community	Boolean	`true`, `false`	No	`false`
send_ext_community	Boolean	`true`, `false`	No	`false`
password	String		No
allowed_self_as_count	Integer	min: `1`, max: `10`	No	`3`
bfd	Boolean	`true`, `false`	No	`false`
disable_connected_check	Boolean	`true`, `false`	No	`false`
ttl	Integer	min: `1`, max: `255`	No	`1`
weight	Integer	min: `0`, max: `65535`	No	0
remove_all_private_as	Boolean	`true`, `false`	No	`false`
remove_private_as	Boolean	`true`, `false`	No	`false`
replace_private_as_with_local_as	Boolean	`true`, `false`	No	`false`
unicast_address_family	Boolean	`true`, `false`	No	`true`
multicast_address_family	Boolean	`true`, `false`	No	`true`
admin_state	Boolean	`true`, `false`	No	`true`
local_as	Integer	min: `0`, max: `4294967295`	No
as_propagate	Choice	`none`, `no-prepend`, `replace-as`, `dual-as`	No	`none`
peer_prefix_policy	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
export_route_control	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
import_route_control	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No

paths (apic.tenants.l3outs.node_profiles.interface_profiles.interfaces)

Name	Type	Constraint	Mandatory
physical_domain	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
vmware_vmm_domain	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
elag	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
floating_ip	IP		Yes
vlan	Integer	min: `1`, max: `4096`	No

Examples

Simple example:

apic:
  tenants:
    - name: ABC
      l3outs:
        - name: L3OUT1
          vrf: VRF1
          domain: ROUTED1
          nodes:
            - node_id: 101
              router_id: 5.5.5.5
              static_routes:
                - prefix: 2.2.2.0/24
                  description: My Desc
                  next_hops:
                    - ip: 6.6.6.6
                  track_list: TRACK_POL
              interfaces:
                - node_id: 101
                  port: 10
                  vlan: 301
                  ip: 14.14.14.1/24
                  bgp_peers:
                    - ip: 14.14.14.14
                      remote_as: 65010
          external_endpoint_groups:
            - name: EXT-EPG1
              subnets:
                - prefix: 0.0.0.0/0
              contracts:
                consumers:
                  - CON1

SVI example:

apic:
  tenants:
    - name: ABC
      l3outs:
        - name: L3OUT1
          vrf: VRF1
          domain: ROUTED1
          node_profiles:
            - name: NODE_101
              nodes:
                - node_id: 101
                  router_id: 5.5.5.5
                  static_routes:
                    - prefix: 2.2.2.0/24
                      description: My Desc
                      next_hops:
                        - ip: 6.6.6.6
              interface_profiles:
                - name: NODE_101
                  interfaces:
                    - node_id: 101
                      port: 10
                      vlan: 301
                      svi: true
                      ip: 14.14.14.1/24

Routed Sub-interface example:

apic:
  tenants:
    - name: ABC
      l3outs:
        - name: L3OUT1
          vrf: VRF1
          domain: ROUTED1
          node_profiles:
            - name: NODE_101
              nodes:
                - node_id: 101
                  router_id: 5.5.5.5
                  static_routes:
                    - prefix: 2.2.2.0/24
                      description: My Desc
                      next_hops:
                        - ip: 6.6.6.6
              interface_profiles:
                - name: NODE_101
                  interfaces:
                    - node_id: 101
                      port: 10
                      vlan: 301
                      svi: false
                      ip: 14.14.14.1/24

Routed Interface example:

apic:
  tenants:
    - name: ABC
      l3outs:
        - name: L3OUT1
          vrf: VRF1
          domain: ROUTED1
          node_profiles:
            - name: NODE_101
              nodes:
                - node_id: 101
                  router_id: 5.5.5.5
                  static_routes:
                    - prefix: 2.2.2.0/24
                      description: My Desc
                      next_hops:
                        - ip: 6.6.6.6
              interface_profiles:
                - name: NODE_101
                  interfaces:
                    - node_id: 101
                      port: 10
                      ip: 14.14.14.1/24

Example with explicit profiles:

apic:
  tenants:
    - name: ABC
      l3outs:
        - name: L3OUT1
          vrf: VRF1
          domain: ROUTED1
          node_profiles:
            - name: NODE_101
              bgp:
                name: BGP_PROT1
                timer_policy: BGP_TIMER1
                as_path_policy: BGP_AS_PATH1
              nodes:
                - node_id: 101
                  router_id: 5.5.5.5
                  static_routes:
                    - prefix: 2.2.2.0/24
                      description: My Desc
                      next_hops:
                        - ip: 6.6.6.6
                          track_list: TRACK_POL
              interface_profiles:
                - name: NODE_101
                  description: NODE_101 Description
                  ingress_data_plane_policing_policy: DPP1
                  egress_data_plane_policing_policy: DPP2
                  dhcp_labels:
                    - dhcp_relay_policy: DHCP-RELAY1
                      dhcp_option_policy: DHCP-OPTION1
                      scope: tenant
                  netflow_monitor_policies:
                    - name: MONITOR1
                      ip_filter_type: ipv4
                  interfaces:
                    - node_id: 101
                      port: 10
                      vlan: 301
                      ip: 14.14.14.1/24
                      bgp_peers:
                        - ip: 14.14.14.14
                          remote_as: 65010
          external_endpoint_groups:
            - name: EXT-EPG1
              subnets:
                - prefix: 0.0.0.0/0

Full example:

apic:
  tenants:
    - name: ABC
      l3outs:
        - name: L3OUT1
          alias: L3OUT1-ALIAS
          description: My Desc
          target_dscp: AF13
          qos_class: level3
          import_route_control_enforcement: true
          export_route_control_enforcement: true
          custom_qos_policy: QOS_POLICY
          ingress_data_plane_policing_policy: DPP1
          egress_data_plane_policing_policy: DPP2
          vrf: VRF1
          domain: ROUTED1
          bfd_policy: BFD1
          dhcp_labels:
            - dhcp_relay_policy: DHCP-RELAY1
              dhcp_option_policy: DHCP-OPTION1
              scope: tenant
          netflow_monitor_policies:
            - name: MONITOR1
              ip_filter_type: ipv4
          bgp:
            timer_policy: BGP_TIMER1
            as_path_policy: BGP_AS_PATH1
          ospf:
            area: 0
            area_type: regular
            area_cost: 1
            auth_type: simple
            auth_key: cisco
            auth_key_id: 1
            policy: OIP1
          interleak_route_map: ROUTE_MAP1
          default_route_leak_policy:
            always: false
            criteria: 'in-addition'
            context_scope: false
            outside_scope: false
          redistribution_route_maps:
            - source: direct
              route_map: ROUTE_MAP2
          dampening_ipv4_route_map: ROUTE_MAP3
          dampening_ipv6_route_map: ROUTE_MAP4
          bfd_multihop_node_policy: BFD-NODE1
          bfd_multihop_auth:
            type: sha1
            key_id: 1
            key: Secure123
          nodes:
            - node_id: 101
              router_id: 5.5.5.5
              router_id_as_loopback: true
              static_routes:
                - prefix: 2.2.2.0/24
                  description: My Desc
                  preference: 1
                  next_hops:
                    - ip: 6.6.6.6
                      description: My Next Hop Desc
                      ip_sla_policy: IP_SLA1
              interfaces:
                - channel: VPC1
                  svi: true
                  scope: local
                  vlan: 301
                  ip_a: 14.14.14.1/24
                  ip_b: 14.14.14.2/24
                  ip_shared: 14.14.14.3/24
                  ip_shared_dhcp_relay: true
                  link_local_address: fe80::ffff:ffff:ffff:ffff
                  mode: native
                  bgp_peers:
                    - ip: 14.14.14.14
                      remote_as: 65010
                      description: My Desc
                      allow_self_as: true
                      as_override: true
                      bfd: true
                      disable_connected_check: true
                      remove_private_as: true
                      remove_all_private_as: true
                      multicast_address_family: true
                      ttl: 1
                      weight: 0
                      password: C1sco123
                      local_as: 1234
                      as_propagate: dual-as
                      peer_prefix_policy: BGP_PP1
                      export_route_control: ROUTE_MAP1
                      import_route_control: ROUTE_MAP2
                - channel: PC1
                  vlan: 311
                  ip: 24.24.24.1/24
                  bgp_peers:
                    - ip: 24.24.24.2
                      remote_as: 65010
                  micro_bfd:
                    destination_ip: 24.24.24.2
                    start_timer: 120
          import_route_map:
            name: example-import-name
            description: desc
            type: global
            contexts:
              - name: CONTEXT1
                description: desc1
                action: deny
                order: 2
                match_rules:
                - MATCH1
                set_rule: SET1
          route_maps:
            - name: example-name
              description: desc
              type: global
              contexts:
              - name: CONTEXT1
                  description: desc1
                  action: deny
                  order: 2
                  match_rules:
                  - MATCH1
                  set_rule: SET1
          export_route_map:
            name: example-export-name
            contexts:
              - name: CONTEXT1
                match_rules:
                - MATCH2
                set_rule: SET2
          external_endpoint_groups:
            - name: EXT-EPG1
              alias: ABC-EXT-EPG1
              description: My Desc
              preferred_group: false
              qos_class: level4
              target_dscp: CS5
              route_control_profiles:
                - name: IMPORT-RCP1
                  direction: import
              subnets:
                - name: ALL
                  prefix: 0.0.0.0/0
                  import_route_control: false
                  export_route_control: false
                  shared_route_control: false
                  import_security: true
                  shared_security: false
                  route_control_profiles:
                    - name: EXPORT-RCP1
                      direction: export
              contracts:
                consumers:
                  - CON1
                providers:
                  - CON1
                imported_consumers:
                  - IMPORT-CON1

example: This example shows how to configure an L3out with IPv4/IPv6 dual stack and a VIP on the SVI. The configuration includes static routes and external EPGs for the L3out, and is typically used when deploying a high-availability (HA) pair of firewalls with a NAT pool. The L3out is configured as SVI Vlan ‘100’ on Port ‘10’ of Node ‘1001’ and Node ‘1002’. Each node has its own IPv4, IPv6, and shared VIP addresses, and the shared VIP address is used as the gateway for APP1. Static routing is used as a routing protocol, and an External EPG is configured to permit communication from those routes.

apic:
  tenants:
    - name: TENANT1
      l3outs:
        - name: 'APP1-L3out'
          description: Interface for APP1
          vrf: VRF1
          domain: DOMAIN1
          node_profiles:
            - name: 'APP1-NodeProf'
              nodes:
                - node_id: 1001
                  router_id: 10.1.1.1
                  router_id_as_loopback: false
                  static_routes:
                    - prefix: 2001:db8:1234:1000::/64
                      next_hops:
                        - ip: 2001:db8:1234:2000::10
                    - prefix: 192.168.1.0/24
                      next_hops:
                        - ip: 192.168.2.10
                - node_id: 1002
                  router_id: 10.1.1.2
                  router_id_as_loopback: false
                  static_routes:
                    - prefix: 192.168.1.0/24
                      next_hops:
                        - ip: 192.168.2.10
                    - prefix: 2001:db8:1234:1000::/64
                      next_hops:
                        - ip: 2001:db8:1234:2000::10
              interface_profiles:
                - name: 'APP1-IPv6-IntProf'
                  description: IPv6 Interface Profile for APP1
                  interfaces:
                    - node_id: 1001
                      port: 10
                      ip: 2001:db8:1234:2000::1/64
                      svi: true
                      vlan: 100
                      ip_shared: 2001:db8:1234:2000::3/64
                    - node_id: 1002
                      port: 10
                      ip: 2001:db8:1234:2000::2/64
                      svi: true
                      vlan: 100
                      ip_shared: 2001:db8:1234:2000::3/64
                - name: 'APP1-IPv4-IntProf'
                  description: IPv4 Interface Profile for APP1
                  interfaces:
                    - node_id: 1001
                      port: 10
                      ip: 192.168.2.1/24
                      svi: true
                      vlan: 100
                      ip_shared: 192.168.2.3/24
                    - node_id: 1002
                      port: 10
                      ip: 192.168.2.2/24
                      svi: true
                      vlan: 100
                      ip_shared: 192.168.2.3/24
          external_endpoint_groups:
            - name: 'APP1-ExtEPG'
              subnets:
                - prefix: 2001:db8:1234:1000::/64
                - prefix: 192.168.1.0/24

example: In this example, BGP is used as dynamic routing protocol. The BGP parameters are configured as follows: BGP remote-as ‘65530’, IPv6 neighbor address ‘2001:db8:1234:2000::10’, IPv4 neighbor address ‘192.168.2.10’, bfd is enabled with the policy ‘BFD-Policy’. ACI advertises default route ’::/0’ and ‘0.0.0.0/0’ to the BGP neighbor and is assumed to receive ‘2001:db8:1234:1000::/64’ and ‘192.168.1.0/24’ from it.

apic:
  tenants:
    - name: TENANT1
      l3outs:
        - name: 'APP1-L3out'
          description: Interface for APP1
          vrf: VRF1
          domain: DOMAIN1
          node_profiles:
            - name: 'APP1-NodeProf'
              nodes:
                - node_id: 1001
                  router_id: 10.1.1.1
                  router_id_as_loopback: false
                - node_id: 1002
                  router_id: 10.1.1.2
                  router_id_as_loopback: false
              interface_profiles:
                - name: 'APP1-IPv6-IntProf'
                  description: IPv6 Interface Profile for APP1
                  bfd_policy: BFD-Policy
                  interfaces:
                    - node_id: 1001
                      port: 10
                      ip: 2001:db8:1234:2000::1/64
                      svi: true
                      vlan: 100
                      bgp_peers:
                        - ip: 2001:db8:1234:2000::10
                          remote_as: 65530
                          description: BGP Peer for APP1
                          bfd: true
                          multicast_address_family: false
                    - node_id: 1002
                      port: 10
                      ip: 2001:db8:1234:2000::2/64
                      svi: true
                      vlan: 100
                      bgp_peers:
                        - ip: 2001:db8:1234:2000::10
                          remote_as: 65530
                          description: BGP Peer for APP1
                          bfd: true
                          multicast_address_family: false
                - name: 'APP1-IPv4-IntProf'
                  description: IPv4 Interface Profile for APP1
                  interfaces:
                    - node_id: 1001
                      port: 10
                      ip: 192.168.2.1/24
                      svi: true
                      vlan: 100
                      bgp_peers:
                        - ip: 192.168.2.10
                          remote_as: 65530
                          description: BGP Peer for APP1
                          bfd: true
                          multicast_address_family: false
                    - node_id: 1002
                      port: 10
                      ip: 192.168.2.2/24
                      svi: true
                      vlan: 100
                      bgp_peers:
                        - ip: 192.168.2.10
                          remote_as: 65530
                          description: BGP Peer for APP1
                          bfd: true
                          multicast_address_family: false
          external_endpoint_groups:
            - name: 'APP1-ExtEPG'
              subnets:
                - prefix: 2001:db8:1234:1000::/64
                - prefix: 192.168.1.0/24
                - prefix: ::/0
                  export_route_control: true
                  import_security: false
                - prefix: 0.0.0.0/0
                  export_route_control: true
                  import_security: false