L3out
L3out Node and Interface Profiles can either be auto-generated, one per L3out, or can be defined explicitly.
Note: Whether an interface is an
svi,routed sub-interface, orrouteddepends on the following configuration:
svi - vlan: <not null>, svi: true, ip: <not null>
routed sub-interface - vlan: <not null>, svi: false, ip: <not null>
routed interface - vlan: <null>, svi: false, ip: <not null>
The following table maps the subnet flags of external endpoint groups to the corresponding GUI terminology:
| Subnet Flag | GUI Terminology |
|---|---|
import_security | External Subnets for External EPG |
shared_security | Shared Security Import Subnet |
import_route_control | Import Route Control Subnet |
export_route_control | Export Route Control Subnet |
shared_route_control | Shared Route Control Subnet |
aggregate_import_route_control | Aggregate Import |
aggregate_export_route_control | Aggregate Export |
aggregate_shared_route_control | Aggregate Shared Routes |
L3out BGP Peering can be estabilished via Interface Profiles or Node Profiles.
The infra tenant differentiates between BGP Infra Peers, which are configured in the Node Profile, and BGP Peers, which are configured in the Interface Profile.
BGP Infra Peers are limited only to Node Profiles in infra Tenant.
BGP Infra Peer Type and Source Interface Loopback cannot be modified.
The following table maps the BGP Peer Type of BGP Infra Peer to the corresponding GUI terminology:
| Peer Type | GUI Terminology |
|---|---|
wan | WAN Connectivity. By default every infra peer is a wan peer. Example use-case: Remote-Leaf or IPN. |
mdp-wan | MDP Connectivity. IPN/ISN use-case with BGW to interconnect multiple ACI pods or sites. |
If IP SLA Policy is not existing in configured Tenant’s Data Model and it exists in common Tenant Data Model, then relation for ip_sla_policy attribute will reflect IP SLA Policy in common Tenant.
Location in GUI:
Tenants»XXX»Networking»L3outs
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”tenants (apic)
Section titled “tenants (apic)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| l3outs | List | [l3outs] | No |
l3outs (apic.tenants)
Section titled “l3outs (apic.tenants)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| ndo_managed | Boolean | true, false | No | false |
| alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| target_dscp | Any | Choice[CS0, CS1, AF11, AF12, AF13, CS2, AF21, AF22, AF23, CS3, AF31, AF32, AF33, CS4, AF41, AF42, AF43, CS5, VA, EF, CS6, CS7, unspecified] or Integer[min: 0, max: 63] | No | unspecified |
| vrf | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| bgp | Class | [bgp] | No | |
| ospf | Class | [ospf] | No | |
| eigrp | Class | [eigrp] | No | |
| bfd_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| bgp_peers | List | [bgp_peers] | No | |
| bgp_infra_peers | List | [bgp_infra_peers] | No | |
| nodes | List | [nodes] | No | |
| node_profiles | List | [node_profiles] | No | |
| external_endpoint_groups | List | [external_endpoint_groups] | No | |
| import_route_map | Class | [import_route_map] | No | |
| export_route_map | Class | [export_route_map] | No | |
| interleak_route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| default_route_leak_policy | Class | [default_route_leak_policy] | No | |
| dampening_ipv4_route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| dampening_ipv6_route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| redistribution_route_maps | List | [redistribution_route_maps] | No | |
| l3_multicast_ipv4 | Boolean | true, false | No | false |
| pim_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| igmp_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| qos_class | Choice | level1, level2, level3, level4, level5, level6, unspecified | No | unspecified |
| custom_qos_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| nd_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ingress_data_plane_policing_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| egress_data_plane_policing_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| multipod | Boolean | true, false | No | true |
| remote_leaf | Boolean | true, false | No | false |
| import_route_control_enforcement | Boolean | true, false | No | false |
| export_route_control_enforcement | Boolean | true, false | No | true |
| dhcp_labels | List | [dhcp_labels] | No | |
| route_maps | List | [route_maps] | No | |
| bfd_multihop_node_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| bfd_multihop_auth | Class | [bfd_multihop_auth] | No | |
| netflow_monitor_policies | List | [netflow_monitor_policies] | No |
bgp (apic.tenants.l3outs)
Section titled “bgp (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| timer_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| as_path_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
ospf (apic.tenants.l3outs)
Section titled “ospf (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ospf_interface_profile_name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| area | Any | Integer[min: 0, max: 4294967295] or Choice[backbone] or IP | Yes | |
| area_type | Choice | regular, stub, nssa | No | regular |
| area_cost | Integer | min: 1, max: 16777215 | No | 1 |
| area_control_redistribute | Boolean | true, false | No | true |
| area_control_summary | Boolean | true, false | No | true |
| area_control_suppress_fa | Boolean | true, false | No | false |
| auth_type | Choice | none, simple, md5 | No | none |
| auth_key | String | No | ||
| auth_key_id | Integer | min: 1, max: 255 | No | 1 |
| policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
eigrp (apic.tenants.l3outs)
Section titled “eigrp (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| interface_profile_name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| asn | Integer | min: 1, max: 65535 | Yes | |
| interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
bgp_peers (apic.tenants.l3outs)
Section titled “bgp_peers (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| remote_as | Integer | min: 0, max: 4294967295 | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| allow_self_as | Boolean | true, false | No | false |
| as_override | Boolean | true, false | No | false |
| disable_peer_as_check | Boolean | true, false | No | false |
| next_hop_self | Boolean | true, false | No | false |
| send_community | Boolean | true, false | No | false |
| send_ext_community | Boolean | true, false | No | false |
| password | String | No | ||
| allowed_self_as_count | Integer | min: 1, max: 10 | No | 3 |
| bfd | Boolean | true, false | No | false |
| disable_connected_check | Boolean | true, false | No | false |
| ttl | Integer | min: 1, max: 255 | No | 1 |
| weight | Integer | min: 0, max: 65535 | No | 0 |
| remove_all_private_as | Boolean | true, false | No | false |
| remove_private_as | Boolean | true, false | No | false |
| replace_private_as_with_local_as | Boolean | true, false | No | false |
| unicast_address_family | Boolean | true, false | No | true |
| multicast_address_family | Boolean | true, false | No | true |
| admin_state | Boolean | true, false | No | true |
| local_as | Integer | min: 0, max: 4294967295 | No | |
| as_propagate | Choice | none, no-prepend, replace-as, dual-as | No | none |
| peer_prefix_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| export_route_control | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| import_route_control | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
bgp_infra_peers (apic.tenants.l3outs)
Section titled “bgp_infra_peers (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| remote_as | Integer | min: 0, max: 4294967295 | Yes | |
| allow_self_as | Boolean | true, false | No | false |
| disable_peer_as_check | Boolean | true, false | No | false |
| as_override | Boolean | true, false | No | false |
| next_hop_self | Boolean | true, false | No | false |
| send_community | Boolean | true, false | No | false |
| send_ext_community | Boolean | true, false | No | false |
| ttl | Integer | min: 1, max: 255 | No | 2 |
| bfd | Boolean | true, false | No | false |
| password | String | No | ||
| peer_prefix_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| peer_type | Choice | wan, mdp-wan | No | wan |
| admin_state | Boolean | true, false | No | true |
| local_as | Integer | min: 0, max: 4294967295 | No | |
| as_propagate | Choice | none, no-prepend, replace-as, dual-as | No | none |
| source_interface_type | Choice | l3out-loopback, routable-loopback | No | l3out-loopback |
| data_plane_address | IP | No |
nodes (apic.tenants.l3outs)
Section titled “nodes (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| node_id | Integer | min: 1, max: 4000 | Yes | |
| pod_id | Integer | min: 1, max: 255 | No | |
| router_id | IP | Yes | ||
| router_id_as_loopback | Boolean | true, false | No | true |
| loopbacks | List | IP | No | |
| static_routes | List | [static_routes] | No | |
| interfaces | List | [interfaces] | No |
node_profiles (apic.tenants.l3outs)
Section titled “node_profiles (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| bgp | Class | [bgp] | No | |
| bgp_peers | List | [bgp_peers] | No | |
| bgp_infra_peers | List | [bgp_infra_peers] | No | |
| nodes | List | [nodes] | No | |
| interface_profiles | List | [interface_profiles] | No | |
| bfd_multihop_node_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| bfd_multihop_auth | Class | [bfd_multihop_auth] | No |
external_endpoint_groups (apic.tenants.l3outs)
Section titled “external_endpoint_groups (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| ndo_managed | Boolean | true, false | No | false |
| alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| preferred_group | Boolean | true, false | No | false |
| qos_class | Choice | level1, level2, level3, level4, level5, level6, unspecified | No | unspecified |
| target_dscp | Any | Choice[CS0, CS1, AF11, AF12, AF13, CS2, AF21, AF22, AF23, CS3, AF31, AF32, AF33, CS4, AF41, AF42, AF43, CS5, VA, EF, CS6, CS7, unspecified] or Integer[min: 0, max: 63] | No | unspecified |
| subnets | List | [subnets] | No | |
| contracts | Class | [contracts] | No | |
| route_control_profiles | List | [route_control_profiles] | No |
import_route_map (apic.tenants.l3outs)
Section titled “import_route_map (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| type | Choice | combinable, global | No | global |
| contexts | List | [contexts] | No |
export_route_map (apic.tenants.l3outs)
Section titled “export_route_map (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| type | Choice | combinable, global | No | global |
| contexts | List | [contexts] | No |
default_route_leak_policy (apic.tenants.l3outs)
Section titled “default_route_leak_policy (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| always | Boolean | true, false | No | false |
| criteria | Choice | only, in-addition | No | only |
| context_scope | Boolean | true, false | No | false |
| outside_scope | Boolean | true, false | No | true |
redistribution_route_maps (apic.tenants.l3outs)
Section titled “redistribution_route_maps (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| source | Choice | direct, attached-host, static | No | static |
| route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes |
dhcp_labels (apic.tenants.l3outs)
Section titled “dhcp_labels (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| dhcp_relay_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| dhcp_option_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| scope | Choice | infra, tenant | No | infra |
route_maps (apic.tenants.l3outs)
Section titled “route_maps (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| type | Choice | combinable, global | No | combinable |
| contexts | List | [contexts] | No |
bfd_multihop_auth (apic.tenants.l3outs)
Section titled “bfd_multihop_auth (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | none, sha1 | No | none |
| key_id | Integer | min: 1, max: 255 | No | 1 |
| key | String | No |
netflow_monitor_policies (apic.tenants.l3outs)
Section titled “netflow_monitor_policies (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ip_filter_type | Choice | ipv4, ipv6, ce, unspecified | No | ipv4 |
static_routes (apic.tenants.l3outs.nodes)
Section titled “static_routes (apic.tenants.l3outs.nodes)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| prefix | IP | Yes | ||
| preference | Integer | min: 1, max: 255 | No | 1 |
| bfd | Boolean | true, false | No | false |
| next_hops | List | [next_hops] | No | |
| track_list | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
interfaces (apic.tenants.l3outs.nodes)
Section titled “interfaces (apic.tenants.l3outs.nodes)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| node_id | Integer | min: 1, max: 4000 | No | |
| node2_id | Integer | min: 1, max: 4000 | No | |
| port | Integer | min: 1, max: 127 | No | |
| sub_port | Integer | min: 1, max: 16 | No | |
| module | Integer | min: 1, max: 9 | No | 1 |
| channel | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ip | IP | No | 0.0.0.0 | |
| svi | Boolean | true, false | No | false |
| multipod_direct | Boolean | true, false | No | false |
| autostate | Boolean | true, false | No | false |
| floating_svi | Boolean | true, false | No | false |
| vlan | Integer | min: 1, max: 4096 | No | |
| mac | MAC | No | 00:22:BD:F8:19:FF | |
| mtu | Any | Choice[inherit] or Integer[min: 576, max: 9216] | No | inherit |
| ip_a | IP | No | ||
| ip_b | IP | No | ||
| ip_shared | IP | No | ||
| ip_shared_dhcp_relay | Boolean | true, false | No | false |
| link_local_address | IP | No | ||
| bgp_peers | List | [bgp_peers] | No | |
| paths | List | [paths] | No | |
| mode | Choice | regular, native, untagged | No | regular |
| state | Choice | local, vrf | No | |
| micro_bfd | Class | [micro_bfd] | No |
interface_profiles (apic.tenants.l3outs.node_profiles)
Section titled “interface_profiles (apic.tenants.l3outs.node_profiles)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| bfd_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ospf | Class | [ospf] | No | |
| eigrp | Class | [eigrp] | No | |
| pim_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| igmp_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| qos_class | Choice | level1, level2, level3, level4, level5, level6, unspecified | No | unspecified |
| custom_qos_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| nd_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ingress_data_plane_policing_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| egress_data_plane_policing_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| interfaces | List | [interfaces] | No | |
| dhcp_labels | List | [dhcp_labels] | No | |
| netflow_monitor_policies | List | [netflow_monitor_policies] | No |
subnets (apic.tenants.l3outs.external_endpoint_groups)
Section titled “subnets (apic.tenants.l3outs.external_endpoint_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ndo_managed | Boolean | true, false | No | false |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| prefix | IP | Yes | ||
| import_route_control | Boolean | true, false | No | false |
| export_route_control | Boolean | true, false | No | false |
| shared_route_control | Boolean | true, false | No | false |
| import_security | Boolean | true, false | No | true |
| shared_security | Boolean | true, false | No | false |
| aggregate_import_route_control | Boolean | true, false | No | false |
| aggregate_export_route_control | Boolean | true, false | No | false |
| aggregate_shared_route_control | Boolean | true, false | No | false |
| bgp_route_summarization | Boolean | true, false | No | false |
| bgp_route_summarization_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ospf_route_summarization | Boolean | true, false | No | false |
| ospf_route_summarization_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| eigrp_route_summarization | Boolean | true, false | No | false |
| route_control_profiles | List | [route_control_profiles] | No |
contracts (apic.tenants.l3outs.external_endpoint_groups)
Section titled “contracts (apic.tenants.l3outs.external_endpoint_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| consumers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| providers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| imported_consumers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| masters | List | [masters] | No |
route_control_profiles (apic.tenants.l3outs.external_endpoint_groups)
Section titled “route_control_profiles (apic.tenants.l3outs.external_endpoint_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| direction | Choice | import, export | No | import |
contexts (apic.tenants.l3outs.import_route_map)
Section titled “contexts (apic.tenants.l3outs.import_route_map)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| action | Choice | permit, deny | No | permit |
| order | Integer | min: 0, max: 9 | No | 0 |
| match_rules | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| set_rule | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
next_hops (apic.tenants.l3outs.nodes.static_routes)
Section titled “next_hops (apic.tenants.l3outs.nodes.static_routes)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| preference | Integer | min: 0, max: 255 | No | 1 |
| type | Choice | prefix, none | No | prefix |
| ip_sla_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| track_list | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
paths (apic.tenants.l3outs.nodes.interfaces)
Section titled “paths (apic.tenants.l3outs.nodes.interfaces)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| physical_domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| vmware_vmm_domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| elag | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| floating_ip | IP | Yes | ||
| forged_transmit | Boolean | true, false | No | |
| mac_change | Boolean | true, false | No | |
| promiscous_mode | Boolean | true, false | No | |
| vlan | Integer | min: 1, max: 4096 | No |
micro_bfd (apic.tenants.l3outs.nodes.interfaces)
Section titled “micro_bfd (apic.tenants.l3outs.nodes.interfaces)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| destination_ip | IP | Yes | ||
| start_timer | Any | Integer[min: 60, max: 3600] or Integer[min: 0, max: 0] | No | 0 |
masters (apic.tenants.l3outs.external_endpoint_groups.contracts)
Section titled “masters (apic.tenants.l3outs.external_endpoint_groups.contracts)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| l3out | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| external_endpoint_group | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes |
Examples
Section titled “Examples”Simple example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 track_list: TRACK_POL interfaces: - node_id: 101 port: 10 vlan: 301 ip: 14.14.14.1/24 bgp_peers: - ip: 14.14.14.14 remote_as: 65010 external_endpoint_groups: - name: EXT-EPG1 subnets: - prefix: 0.0.0.0/0 contracts: consumers: - CON1External EPG with contract masters (inherit contracts from another L3out external EPG):
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 external_endpoint_groups: - name: EXT-EPG1 subnets: - prefix: 0.0.0.0/0 - name: EXT-EPG2 subnets: - prefix: 10.0.0.0/8 contracts: masters: - l3out: L3OUT1 external_endpoint_group: EXT-EPG1SVI example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 vlan: 301 svi: true ip: 14.14.14.1/24Routed Sub-interface example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 vlan: 301 svi: false ip: 14.14.14.1/24Routed Interface example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 ip: 14.14.14.1/24Example with explicit profiles:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 description: Node Profile 101 bgp: name: BGP_PROT1 timer_policy: BGP_TIMER1 as_path_policy: BGP_AS_PATH1 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 track_list: TRACK_POL interface_profiles: - name: NODE_101 description: NODE_101 Description ingress_data_plane_policing_policy: DPP1 egress_data_plane_policing_policy: DPP2 dhcp_labels: - dhcp_relay_policy: DHCP-RELAY1 dhcp_option_policy: DHCP-OPTION1 scope: tenant netflow_monitor_policies: - name: MONITOR1 ip_filter_type: ipv4 interfaces: - node_id: 101 port: 10 vlan: 301 ip: 14.14.14.1/24 bgp_peers: - ip: 14.14.14.14 remote_as: 65010 external_endpoint_groups: - name: EXT-EPG1 subnets: - prefix: 0.0.0.0/0Example with Node BGP Peering (BGP Infra Peers) for Remote Leaf use-case in infra Tenant.
In case of Interface BGP Peering, bgp_peers instead of bgp_infra_peers must be used:
apic: tenants: - name: infra l3outs: - name: intersite vrf: overlay-1 domain: ROUTED1 node_profiles: - name: NODE_101 bgp: name: BGP_PROT1 timer_policy: BGP_TIMER1 as_path_policy: BGP_AS_PATH1 nodes: - node_id: 101 router_id: 5.5.5.5 bgp_infra_peers: - ip: 10.10.10.10 remote_as: 61111 peer-type: wan ttl: 10 local_as: 31200 allow_self_as: true disable_peer_as_check: true password: admin peer_prefix_policy: BGP_PP1 bfd: true interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 ip: 14.14.14.1/24 external_endpoint_groups: - name: RL_EPGExample with BGP Peers for IPN
apic: tenants: - name: infra l3outs: - name: L3OUT1 vrf: overlay-1 domain: IPN node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 ip: 14.14.14.1/24 vlan: 4 svi: false bgp_peers: - ip: 10.10.10.10 remote_as: 61111 external_endpoint_groups: - name: intersiteFull example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 alias: L3OUT1-ALIAS description: My Desc target_dscp: AF13 qos_class: level3 import_route_control_enforcement: true export_route_control_enforcement: true custom_qos_policy: QOS_POLICY ingress_data_plane_policing_policy: DPP1 egress_data_plane_policing_policy: DPP2 vrf: VRF1 domain: ROUTED1 bfd_policy: BFD1 dhcp_labels: - dhcp_relay_policy: DHCP-RELAY1 dhcp_option_policy: DHCP-OPTION1 scope: tenant netflow_monitor_policies: - name: MONITOR1 ip_filter_type: ipv4 bgp: timer_policy: BGP_TIMER1 as_path_policy: BGP_AS_PATH1 ospf: area: 0 area_type: regular area_cost: 1 auth_type: simple auth_key: cisco auth_key_id: 1 policy: OIP1 interleak_route_map: ROUTE_MAP1 default_route_leak_policy: always: false criteria: 'in-addition' context_scope: false outside_scope: false redistribution_route_maps: - source: direct route_map: ROUTE_MAP2 dampening_ipv4_route_map: ROUTE_MAP3 dampening_ipv6_route_map: ROUTE_MAP4 bfd_multihop_node_policy: BFD-NODE1 bfd_multihop_auth: type: sha1 key_id: 1 key: Secure123 nodes: - node_id: 101 router_id: 5.5.5.5 router_id_as_loopback: true static_routes: - prefix: 2.2.2.0/24 description: My Desc preference: 1 next_hops: - ip: 6.6.6.6 description: My Next Hop Desc ip_sla_policy: IP_SLA1 interfaces: - channel: VPC1 svi: true scope: local vlan: 301 ip_a: 14.14.14.1/24 ip_b: 14.14.14.2/24 ip_shared: 14.14.14.3/24 ip_shared_dhcp_relay: true link_local_address: fe80::ffff:ffff:ffff:ffff mode: native bgp_peers: - ip: 14.14.14.14 remote_as: 65010 description: My Desc allow_self_as: true as_override: true bfd: true disable_connected_check: true remove_private_as: true remove_all_private_as: true multicast_address_family: true ttl: 1 weight: 0 password: C1sco123 local_as: 1234 as_propagate: dual-as peer_prefix_policy: BGP_PP1 export_route_control: ROUTE_MAP1 import_route_control: ROUTE_MAP2 - channel: PC1 vlan: 311 ip: 24.24.24.1/24 bgp_peers: - ip: 24.24.24.2 remote_as: 65010 micro_bfd: destination_ip: 24.24.24.2 start_timer: 120 import_route_map: name: example-import-name description: desc type: global contexts: - name: CONTEXT1 description: desc1 action: deny order: 2 match_rules: - MATCH1 set_rule: SET1 route_maps: - name: example-name description: desc type: global contexts: - name: CONTEXT1 description: desc1 action: deny order: 2 match_rules: - MATCH1 set_rule: SET1 export_route_map: name: example-export-name contexts: - name: CONTEXT1 match_rules: - MATCH2 set_rule: SET2 external_endpoint_groups: - name: EXT-EPG1 alias: ABC-EXT-EPG1 description: My Desc preferred_group: false qos_class: level4 target_dscp: CS5 route_control_profiles: - name: IMPORT-RCP1 direction: import subnets: - name: ALL prefix: 0.0.0.0/0 import_route_control: false export_route_control: false shared_route_control: false import_security: true shared_security: false route_control_profiles: - name: EXPORT-RCP1 direction: export contracts: consumers: - CON1 providers: - CON1 imported_consumers: - IMPORT-CON1example: This example shows how to configure an L3out with IPv4/IPv6 dual stack and a VIP on the SVI. The configuration includes static routes and external EPGs for the L3out, and is typically used when deploying a high-availability (HA) pair of firewalls with a NAT pool. The L3out is configured as SVI Vlan ‘100’ on Port ‘10’ of Node ‘1001’ and Node ‘1002’. Each node has its own IPv4, IPv6, and shared VIP addresses, and the shared VIP address is used as the gateway for APP1. Static routing is used as a routing protocol, and an External EPG is configured to permit communication from those routes.
apic: tenants: - name: TENANT1 l3outs: - name: 'APP1-L3out' description: Interface for APP1 vrf: VRF1 domain: DOMAIN1 node_profiles: - name: 'APP1-NodeProf' nodes: - node_id: 1001 router_id: 10.1.1.1 router_id_as_loopback: false static_routes: - prefix: 2001:db8:1234:1000::/64 next_hops: - ip: 2001:db8:1234:2000::10 - prefix: 192.168.1.0/24 next_hops: - ip: 192.168.2.10 - node_id: 1002 router_id: 10.1.1.2 router_id_as_loopback: false static_routes: - prefix: 192.168.1.0/24 next_hops: - ip: 192.168.2.10 - prefix: 2001:db8:1234:1000::/64 next_hops: - ip: 2001:db8:1234:2000::10 interface_profiles: - name: 'APP1-IPv6-IntProf' description: IPv6 Interface Profile for APP1 interfaces: - node_id: 1001 port: 10 ip: 2001:db8:1234:2000::1/64 svi: true vlan: 100 ip_shared: 2001:db8:1234:2000::3/64 - node_id: 1002 port: 10 ip: 2001:db8:1234:2000::2/64 svi: true vlan: 100 ip_shared: 2001:db8:1234:2000::3/64 - name: 'APP1-IPv4-IntProf' description: IPv4 Interface Profile for APP1 interfaces: - node_id: 1001 port: 10 ip: 192.168.2.1/24 svi: true vlan: 100 ip_shared: 192.168.2.3/24 - node_id: 1002 port: 10 ip: 192.168.2.2/24 svi: true vlan: 100 ip_shared: 192.168.2.3/24 external_endpoint_groups: - name: 'APP1-ExtEPG' subnets: - prefix: 2001:db8:1234:1000::/64 - prefix: 192.168.1.0/24example: In this example, BGP is used as dynamic routing protocol. The BGP parameters are configured as follows: BGP remote-as ‘65530’, IPv6 neighbor address ‘2001:db8:1234:2000::10’, IPv4 neighbor address ‘192.168.2.10’, bfd is enabled with the policy ‘BFD-Policy’. ACI advertises default route ’::/0’ and ‘0.0.0.0/0’ to the BGP neighbor and is assumed to receive ‘2001:db8:1234:1000::/64’ and ‘192.168.1.0/24’ from it.
apic: tenants: - name: TENANT1 l3outs: - name: 'APP1-L3out' description: Interface for APP1 vrf: VRF1 domain: DOMAIN1 node_profiles: - name: 'APP1-NodeProf' nodes: - node_id: 1001 router_id: 10.1.1.1 router_id_as_loopback: false - node_id: 1002 router_id: 10.1.1.2 router_id_as_loopback: false interface_profiles: - name: 'APP1-IPv6-IntProf' description: IPv6 Interface Profile for APP1 bfd_policy: BFD-Policy interfaces: - node_id: 1001 port: 10 ip: 2001:db8:1234:2000::1/64 svi: true vlan: 100 bgp_peers: - ip: 2001:db8:1234:2000::10 remote_as: 65530 description: BGP Peer for APP1 bfd: true multicast_address_family: false - node_id: 1002 port: 10 ip: 2001:db8:1234:2000::2/64 svi: true vlan: 100 bgp_peers: - ip: 2001:db8:1234:2000::10 remote_as: 65530 description: BGP Peer for APP1 bfd: true multicast_address_family: false - name: 'APP1-IPv4-IntProf' description: IPv4 Interface Profile for APP1 interfaces: - node_id: 1001 port: 10 ip: 192.168.2.1/24 svi: true vlan: 100 bgp_peers: - ip: 192.168.2.10 remote_as: 65530 description: BGP Peer for APP1 bfd: true multicast_address_family: false - node_id: 1002 port: 10 ip: 192.168.2.2/24 svi: true vlan: 100 bgp_peers: - ip: 192.168.2.10 remote_as: 65530 description: BGP Peer for APP1 bfd: true multicast_address_family: false external_endpoint_groups: - name: 'APP1-ExtEPG' subnets: - prefix: 2001:db8:1234:1000::/64 - prefix: 192.168.1.0/24 - prefix: ::/0 export_route_control: true import_security: false - prefix: 0.0.0.0/0 export_route_control: true import_security: falseExample: This example show the L3OUT configuration using floating svi and security attributes forged transmit, mac address chamnge and promiscous mode.
apic: tenants: - name: ABC vrfs: - name: VRF1 l3outs: #This example shows the sample config yaml file to use the auto-generated floating svi using the security attributes. - name: L3OUT_SVI vrf: VRF1 domain: ROUTED1 nodes: - node_id: 101 router_id: 5.5.5.5 router_id_as_loopback: false interfaces: - floating_svi: true node_id: 101 ip: 1.1.1.2/24 vlan: 134 paths: - floating_ip: 1.1.1.1/24 forged_transmit: true promiscous_mode: true mac_change: true vmware_vmm_domain: VMM1 elag: ELAGDefault #The example below shows config yaml structure to use logical interfaces profiles to configure the floating svi security attributes. - name: L3OUT_SVI2 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NP1 nodes: - node_id: 103 router_id: 10.10.10.10 router_id_as_loopback: false - node_id: 104 router_id: 12.12.12.12 router_id_as_loopback: false interface_profiles: - name: IP1 interfaces: - floating_svi: true node_id: 103 ip: 3.1.1.1/24 vlan: 135 paths: - floating_ip: 4.1.1.1/24 forged_transmit: true promiscous_mode: true mac_change: true vmware_vmm_domain: VMM1 elag: ELAGDefaultL3out Node and Interface Profiles can either be auto-generated, one per L3out, or can be defined explicitly.
Note: Whether an interface is an
svi,routed sub-interface, orrouteddepends on the following configuration:
svi - vlan: <not null>, svi: true, ip: <not null>
routed sub-interface - vlan: <not null>, svi: false, ip: <not null>
routed interface - vlan: <null>, svi: false, ip: <not null>
The following table maps the subnet flags of external endpoint groups to the corresponding GUI terminology:
| Subnet Flag | GUI Terminology |
|---|---|
import_security | External Subnets for External EPG |
shared_security | Shared Security Import Subnet |
import_route_control | Import Route Control Subnet |
export_route_control | Export Route Control Subnet |
shared_route_control | Shared Route Control Subnet |
aggregate_import_route_control | Aggregate Import |
aggregate_export_route_control | Aggregate Export |
aggregate_shared_route_control | Aggregate Shared Routes |
L3out BGP Peering can be estabilished via Interface Profiles or Node Profiles.
The infra tenant differentiates between BGP Infra Peers, which are configured in the Node Profile, and BGP Peers, which are configured in the Interface Profile.
BGP Infra Peers are limited only to Node Profiles in infra Tenant.
BGP Infra Peer Type and Source Interface Loopback cannot be modified.
The following table maps the BGP Peer Type of BGP Infra Peer to the corresponding GUI terminology:
| Peer Type | GUI Terminology |
|---|---|
wan | WAN Connectivity. By default every infra peer is a wan peer. Example use-case: Remote-Leaf or IPN. |
mdp-wan | MDP Connectivity. IPN/ISN use-case with BGW to interconnect multiple ACI pods or sites. |
Location in GUI:
Tenants»XXX»Networking»L3outs
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”tenants (apic)
Section titled “tenants (apic)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| l3outs | List | [l3outs] | No |
l3outs (apic.tenants)
Section titled “l3outs (apic.tenants)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| ndo_managed | Boolean | true, false | No | false |
| alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| target_dscp | Any | Choice[CS0, CS1, AF11, AF12, AF13, CS2, AF21, AF22, AF23, CS3, AF31, AF32, AF33, CS4, AF41, AF42, AF43, CS5, VA, EF, CS6, CS7, unspecified] or Integer[min: 0, max: 63] | No | unspecified |
| vrf | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| bgp | Class | [bgp] | No | |
| ospf | Class | [ospf] | No | |
| eigrp | Class | [eigrp] | No | |
| bfd_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| bgp_peers | List | [bgp_peers] | No | |
| bgp_infra_peers | List | [bgp_infra_peers] | No | |
| nodes | List | [nodes] | No | |
| node_profiles | List | [node_profiles] | No | |
| external_endpoint_groups | List | [external_endpoint_groups] | No | |
| import_route_map | Class | [import_route_map] | No | |
| export_route_map | Class | [export_route_map] | No | |
| interleak_route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| default_route_leak_policy | Class | [default_route_leak_policy] | No | |
| dampening_ipv4_route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| dampening_ipv6_route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| redistribution_route_maps | List | [redistribution_route_maps] | No | |
| l3_multicast_ipv4 | Boolean | true, false | No | false |
| pim_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| igmp_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| qos_class | Choice | level1, level2, level3, level4, level5, level6, unspecified | No | unspecified |
| custom_qos_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| nd_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ingress_data_plane_policing_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| egress_data_plane_policing_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| multipod | Boolean | true, false | No | true |
| remote_leaf | Boolean | true, false | No | false |
| import_route_control_enforcement | Boolean | true, false | No | false |
| export_route_control_enforcement | Boolean | true, false | No | true |
| dhcp_labels | List | [dhcp_labels] | No | |
| route_maps | List | [route_maps] | No | |
| bfd_multihop_node_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| bfd_multihop_auth | Class | [bfd_multihop_auth] | No | |
| netflow_monitor_policies | List | [netflow_monitor_policies] | No |
bgp (apic.tenants.l3outs)
Section titled “bgp (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| timer_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| as_path_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
ospf (apic.tenants.l3outs)
Section titled “ospf (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ospf_interface_profile_name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| area | Any | Integer[min: 0, max: 4294967295] or Choice[backbone] or IP | Yes | |
| area_type | Choice | regular, stub, nssa | No | regular |
| area_cost | Integer | min: 1, max: 16777215 | No | 1 |
| area_control_redistribute | Boolean | true, false | No | true |
| area_control_summary | Boolean | true, false | No | true |
| area_control_suppress_fa | Boolean | true, false | No | false |
| auth_type | Choice | none, simple, md5 | No | none |
| auth_key | String | No | ||
| auth_key_id | Integer | min: 1, max: 255 | No | 1 |
| policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
eigrp (apic.tenants.l3outs)
Section titled “eigrp (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| interface_profile_name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| asn | Integer | min: 1, max: 65535 | Yes | |
| interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
bgp_peers (apic.tenants.l3outs)
Section titled “bgp_peers (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| remote_as | Integer | min: 0, max: 4294967295 | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| allow_self_as | Boolean | true, false | No | false |
| as_override | Boolean | true, false | No | false |
| disable_peer_as_check | Boolean | true, false | No | false |
| next_hop_self | Boolean | true, false | No | false |
| send_community | Boolean | true, false | No | false |
| send_ext_community | Boolean | true, false | No | false |
| password | String | No | ||
| allowed_self_as_count | Integer | min: 1, max: 10 | No | 3 |
| bfd | Boolean | true, false | No | false |
| disable_connected_check | Boolean | true, false | No | false |
| ttl | Integer | min: 1, max: 255 | No | 1 |
| weight | Integer | min: 0, max: 65535 | No | 0 |
| remove_all_private_as | Boolean | true, false | No | false |
| remove_private_as | Boolean | true, false | No | false |
| replace_private_as_with_local_as | Boolean | true, false | No | false |
| unicast_address_family | Boolean | true, false | No | true |
| multicast_address_family | Boolean | true, false | No | true |
| admin_state | Boolean | true, false | No | true |
| local_as | Integer | min: 0, max: 4294967295 | No | |
| as_propagate | Choice | none, no-prepend, replace-as, dual-as | No | none |
| peer_prefix_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| export_route_control | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| import_route_control | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
bgp_infra_peers (apic.tenants.l3outs)
Section titled “bgp_infra_peers (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| remote_as | Integer | min: 0, max: 4294967295 | Yes | |
| allow_self_as | Boolean | true, false | No | false |
| disable_peer_as_check | Boolean | true, false | No | false |
| as_override | Boolean | true, false | No | false |
| next_hop_self | Boolean | true, false | No | false |
| send_community | Boolean | true, false | No | false |
| send_ext_community | Boolean | true, false | No | false |
| ttl | Integer | min: 1, max: 255 | No | 2 |
| bfd | Boolean | true, false | No | false |
| password | String | No | ||
| peer_prefix_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| peer_type | Choice | wan, mdp-wan | No | wan |
| admin_state | Boolean | true, false | No | true |
| local_as | Integer | min: 0, max: 4294967295 | No | |
| as_propagate | Choice | none, no-prepend, replace-as, dual-as | No | none |
| source_interface_type | Choice | l3out-loopback, routable-loopback | No | l3out-loopback |
| data_plane_address | IP | No |
nodes (apic.tenants.l3outs)
Section titled “nodes (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| node_id | Integer | min: 1, max: 4000 | Yes | |
| pod_id | Integer | min: 1, max: 255 | No | |
| router_id | IP | Yes | ||
| router_id_as_loopback | Boolean | true, false | No | true |
| loopbacks | List | IP | No | |
| static_routes | List | [static_routes] | No | |
| interfaces | List | [interfaces] | No |
node_profiles (apic.tenants.l3outs)
Section titled “node_profiles (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| bgp | Class | [bgp] | No | |
| bgp_peers | List | [bgp_peers] | No | |
| bgp_infra_peers | List | [bgp_infra_peers] | No | |
| nodes | List | [nodes] | No | |
| interface_profiles | List | [interface_profiles] | No | |
| bfd_multihop_node_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| bfd_multihop_auth | Class | [bfd_multihop_auth] | No |
external_endpoint_groups (apic.tenants.l3outs)
Section titled “external_endpoint_groups (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| ndo_managed | Boolean | true, false | No | false |
| alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| preferred_group | Boolean | true, false | No | false |
| qos_class | Choice | level1, level2, level3, level4, level5, level6, unspecified | No | unspecified |
| target_dscp | Any | Choice[CS0, CS1, AF11, AF12, AF13, CS2, AF21, AF22, AF23, CS3, AF31, AF32, AF33, CS4, AF41, AF42, AF43, CS5, VA, EF, CS6, CS7, unspecified] or Integer[min: 0, max: 63] | No | unspecified |
| subnets | List | [subnets] | No | |
| contracts | Class | [contracts] | No | |
| route_control_profiles | List | [route_control_profiles] | No |
import_route_map (apic.tenants.l3outs)
Section titled “import_route_map (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| type | Choice | combinable, global | No | global |
| contexts | List | [contexts] | No |
export_route_map (apic.tenants.l3outs)
Section titled “export_route_map (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| type | Choice | combinable, global | No | global |
| contexts | List | [contexts] | No |
default_route_leak_policy (apic.tenants.l3outs)
Section titled “default_route_leak_policy (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| always | Boolean | true, false | No | false |
| criteria | Choice | only, in-addition | No | only |
| context_scope | Boolean | true, false | No | false |
| outside_scope | Boolean | true, false | No | true |
redistribution_route_maps (apic.tenants.l3outs)
Section titled “redistribution_route_maps (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| source | Choice | direct, attached-host, static | No | static |
| route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes |
dhcp_labels (apic.tenants.l3outs)
Section titled “dhcp_labels (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| dhcp_relay_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| dhcp_option_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| scope | Choice | infra, tenant | No | infra |
route_maps (apic.tenants.l3outs)
Section titled “route_maps (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| type | Choice | combinable, global | No | combinable |
| contexts | List | [contexts] | No |
bfd_multihop_auth (apic.tenants.l3outs)
Section titled “bfd_multihop_auth (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| type | Choice | none, sha1 | No | none |
| key_id | Integer | min: 1, max: 255 | No | 1 |
| key | String | No |
netflow_monitor_policies (apic.tenants.l3outs)
Section titled “netflow_monitor_policies (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ip_filter_type | Choice | ipv4, ipv6, ce, unspecified | No | ipv4 |
static_routes (apic.tenants.l3outs.nodes)
Section titled “static_routes (apic.tenants.l3outs.nodes)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| prefix | IP | Yes | ||
| preference | Integer | min: 1, max: 255 | No | 1 |
| bfd | Boolean | true, false | No | false |
| next_hops | List | [next_hops] | No | |
| track_list | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
interfaces (apic.tenants.l3outs.nodes)
Section titled “interfaces (apic.tenants.l3outs.nodes)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| node_id | Integer | min: 1, max: 4000 | No | |
| node2_id | Integer | min: 1, max: 4000 | No | |
| port | Integer | min: 1, max: 127 | No | |
| sub_port | Integer | min: 1, max: 16 | No | |
| module | Integer | min: 1, max: 9 | No | 1 |
| channel | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ip | IP | No | 0.0.0.0 | |
| svi | Boolean | true, false | No | false |
| multipod_direct | Boolean | true, false | No | false |
| autostate | Boolean | true, false | No | false |
| floating_svi | Boolean | true, false | No | false |
| vlan | Integer | min: 1, max: 4096 | No | |
| mac | MAC | No | 00:22:BD:F8:19:FF | |
| mtu | Any | Choice[inherit] or Integer[min: 576, max: 9216] | No | inherit |
| ip_a | IP | No | ||
| ip_b | IP | No | ||
| ip_shared | IP | No | ||
| ip_shared_dhcp_relay | IP | No | false | |
| link_local_address | IP | No | ||
| bgp_peers | List | [bgp_peers] | No | |
| paths | List | [paths] | No | |
| mode | Choice | regular, native, untagged | No | regular |
| state | Choice | local, vrf | No | |
| micro_bfd | Class | [micro_bfd] | No |
interface_profiles (apic.tenants.l3outs.node_profiles)
Section titled “interface_profiles (apic.tenants.l3outs.node_profiles)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| bfd_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ospf | Class | [ospf] | No | |
| eigrp | Class | [eigrp] | No | |
| pim_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| igmp_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| qos_class | Choice | level1, level2, level3, level4, level5, level6, unspecified | No | unspecified |
| custom_qos_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| nd_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ingress_data_plane_policing_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| egress_data_plane_policing_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| interfaces | List | [interfaces] | No | |
| dhcp_labels | List | [dhcp_labels] | No | |
| netflow_monitor_policies | List | [netflow_monitor_policies] | No |
subnets (apic.tenants.l3outs.external_endpoint_groups)
Section titled “subnets (apic.tenants.l3outs.external_endpoint_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ndo_managed | Boolean | true, false | No | false |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| prefix | IP | Yes | ||
| import_route_control | Boolean | true, false | No | false |
| export_route_control | Boolean | true, false | No | false |
| shared_route_control | Boolean | true, false | No | false |
| import_security | Boolean | true, false | No | true |
| shared_security | Boolean | true, false | No | false |
| aggregate_import_route_control | Boolean | true, false | No | false |
| aggregate_export_route_control | Boolean | true, false | No | false |
| aggregate_shared_route_control | Boolean | true, false | No | false |
| bgp_route_summarization | Boolean | true, false | No | false |
| bgp_route_summarization_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ospf_route_summarization | Boolean | true, false | No | false |
| ospf_route_summarization_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| eigrp_route_summarization | Boolean | true, false | No | false |
| route_control_profiles | List | [route_control_profiles] | No |
contracts (apic.tenants.l3outs.external_endpoint_groups)
Section titled “contracts (apic.tenants.l3outs.external_endpoint_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| consumers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| providers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| imported_consumers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No |
route_control_profiles (apic.tenants.l3outs.external_endpoint_groups)
Section titled “route_control_profiles (apic.tenants.l3outs.external_endpoint_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| direction | Choice | import, export | No | import |
contexts (apic.tenants.l3outs.import_route_map)
Section titled “contexts (apic.tenants.l3outs.import_route_map)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| action | Choice | permit, deny | No | permit |
| order | Integer | min: 0, max: 9 | No | 0 |
| match_rules | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| set_rule | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
next_hops (apic.tenants.l3outs.nodes.static_routes)
Section titled “next_hops (apic.tenants.l3outs.nodes.static_routes)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| preference | Integer | min: 0, max: 255 | No | 1 |
| type | Choice | prefix, none | No | prefix |
| ip_sla_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| track_list | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
paths (apic.tenants.l3outs.nodes.interfaces)
Section titled “paths (apic.tenants.l3outs.nodes.interfaces)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| physical_domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| vmware_vmm_domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| elag | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| floating_ip | IP | Yes | ||
| vlan | Integer | min: 1, max: 4096 | No |
micro_bfd (apic.tenants.l3outs.nodes.interfaces)
Section titled “micro_bfd (apic.tenants.l3outs.nodes.interfaces)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| destination_ip | IP | Yes | ||
| start_timer | Any | Integer[min: 60, max: 3600] or Integer[min: 0, max: 0] | No | 0 |
Examples
Section titled “Examples”Simple example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 track_list: TRACK_POL interfaces: - node_id: 101 port: 10 vlan: 301 ip: 14.14.14.1/24 bgp_peers: - ip: 14.14.14.14 remote_as: 65010 external_endpoint_groups: - name: EXT-EPG1 subnets: - prefix: 0.0.0.0/0 contracts: consumers: - CON1SVI example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 vlan: 301 svi: true ip: 14.14.14.1/24Routed Sub-interface example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 vlan: 301 svi: false ip: 14.14.14.1/24Routed Interface example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 ip: 14.14.14.1/24Example with explicit profiles:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 bgp: name: BGP_PROT1 timer_policy: BGP_TIMER1 as_path_policy: BGP_AS_PATH1 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 track_list: TRACK_POL interface_profiles: - name: NODE_101 description: NODE_101 Description ingress_data_plane_policing_policy: DPP1 egress_data_plane_policing_policy: DPP2 dhcp_labels: - dhcp_relay_policy: DHCP-RELAY1 dhcp_option_policy: DHCP-OPTION1 scope: tenant netflow_monitor_policies: - name: MONITOR1 ip_filter_type: ipv4 interfaces: - node_id: 101 port: 10 vlan: 301 ip: 14.14.14.1/24 bgp_peers: - ip: 14.14.14.14 remote_as: 65010 external_endpoint_groups: - name: EXT-EPG1 subnets: - prefix: 0.0.0.0/0Example with Node BGP Peering (BGP Infra Peers) for Remote Leaf use-case in infra Tenant.
In case of Interface BGP Peering, bgp_peers instead of bgp_infra_peers must be used:
apic: tenants: - name: infra l3outs: - name: intersite vrf: overlay-1 domain: ROUTED1 node_profiles: - name: NODE_101 bgp: name: BGP_PROT1 timer_policy: BGP_TIMER1 as_path_policy: BGP_AS_PATH1 nodes: - node_id: 101 router_id: 5.5.5.5 bgp_infra_peers: - ip: 10.10.10.10 remote_as: 61111 peer-type: wan ttl: 10 local_as: 31200 allow_self_as: true disable_peer_as_check: true password: admin peer_prefix_policy: BGP_PP1 bfd: true interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 ip: 14.14.14.1/24 external_endpoint_groups: - name: RL_EPGExample with BGP Peers for IPN
apic: tenants: - name: infra l3outs: - name: L3OUT1 vrf: overlay-1 domain: IPN node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 ip: 14.14.14.1/24 vlan: 4 svi: false bgp_peers: - ip: 10.10.10.10 remote_as: 61111 external_endpoint_groups: - name: intersiteFull example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 alias: L3OUT1-ALIAS description: My Desc target_dscp: AF13 qos_class: level3 import_route_control_enforcement: true export_route_control_enforcement: true custom_qos_policy: QOS_POLICY ingress_data_plane_policing_policy: DPP1 egress_data_plane_policing_policy: DPP2 vrf: VRF1 domain: ROUTED1 bfd_policy: BFD1 dhcp_labels: - dhcp_relay_policy: DHCP-RELAY1 dhcp_option_policy: DHCP-OPTION1 scope: tenant netflow_monitor_policies: - name: MONITOR1 ip_filter_type: ipv4 bgp: timer_policy: BGP_TIMER1 as_path_policy: BGP_AS_PATH1 ospf: area: 0 area_type: regular area_cost: 1 auth_type: simple auth_key: cisco auth_key_id: 1 policy: OIP1 interleak_route_map: ROUTE_MAP1 default_route_leak_policy: always: false criteria: 'in-addition' context_scope: false outside_scope: false redistribution_route_maps: - source: direct route_map: ROUTE_MAP2 dampening_ipv4_route_map: ROUTE_MAP3 dampening_ipv6_route_map: ROUTE_MAP4 bfd_multihop_node_policy: BFD-NODE1 bfd_multihop_auth: type: sha1 key_id: 1 key: Secure123 nodes: - node_id: 101 router_id: 5.5.5.5 router_id_as_loopback: true static_routes: - prefix: 2.2.2.0/24 description: My Desc preference: 1 next_hops: - ip: 6.6.6.6 description: My Next Hop Desc ip_sla_policy: IP_SLA1 interfaces: - channel: VPC1 svi: true scope: local vlan: 301 ip_a: 14.14.14.1/24 ip_b: 14.14.14.2/24 ip_shared: 14.14.14.3/24 ip_shared_dhcp_relay: true link_local_address: fe80::ffff:ffff:ffff:ffff mode: native bgp_peers: - ip: 14.14.14.14 remote_as: 65010 description: My Desc allow_self_as: true as_override: true bfd: true disable_connected_check: true remove_private_as: true remove_all_private_as: true multicast_address_family: true ttl: 1 weight: 0 password: C1sco123 local_as: 1234 as_propagate: dual-as peer_prefix_policy: BGP_PP1 export_route_control: ROUTE_MAP1 import_route_control: ROUTE_MAP2 - channel: PC1 vlan: 311 ip: 24.24.24.1/24 bgp_peers: - ip: 24.24.24.2 remote_as: 65010 micro_bfd: destination_ip: 24.24.24.2 start_timer: 120 import_route_map: name: example-import-name description: desc type: global contexts: - name: CONTEXT1 description: desc1 action: deny order: 2 match_rules: - MATCH1 set_rule: SET1 route_maps: - name: example-name description: desc type: global contexts: - name: CONTEXT1 description: desc1 action: deny order: 2 match_rules: - MATCH1 set_rule: SET1 export_route_map: name: example-export-name contexts: - name: CONTEXT1 match_rules: - MATCH2 set_rule: SET2 external_endpoint_groups: - name: EXT-EPG1 alias: ABC-EXT-EPG1 description: My Desc preferred_group: false qos_class: level4 target_dscp: CS5 route_control_profiles: - name: IMPORT-RCP1 direction: import subnets: - name: ALL prefix: 0.0.0.0/0 import_route_control: false export_route_control: false shared_route_control: false import_security: true shared_security: false route_control_profiles: - name: EXPORT-RCP1 direction: export contracts: consumers: - CON1 providers: - CON1 imported_consumers: - IMPORT-CON1example: This example shows how to configure an L3out with IPv4/IPv6 dual stack and a VIP on the SVI. The configuration includes static routes and external EPGs for the L3out, and is typically used when deploying a high-availability (HA) pair of firewalls with a NAT pool. The L3out is configured as SVI Vlan ‘100’ on Port ‘10’ of Node ‘1001’ and Node ‘1002’. Each node has its own IPv4, IPv6, and shared VIP addresses, and the shared VIP address is used as the gateway for APP1. Static routing is used as a routing protocol, and an External EPG is configured to permit communication from those routes.
apic: tenants: - name: TENANT1 l3outs: - name: 'APP1-L3out' description: Interface for APP1 vrf: VRF1 domain: DOMAIN1 node_profiles: - name: 'APP1-NodeProf' nodes: - node_id: 1001 router_id: 10.1.1.1 router_id_as_loopback: false static_routes: - prefix: 2001:db8:1234:1000::/64 next_hops: - ip: 2001:db8:1234:2000::10 - prefix: 192.168.1.0/24 next_hops: - ip: 192.168.2.10 - node_id: 1002 router_id: 10.1.1.2 router_id_as_loopback: false static_routes: - prefix: 192.168.1.0/24 next_hops: - ip: 192.168.2.10 - prefix: 2001:db8:1234:1000::/64 next_hops: - ip: 2001:db8:1234:2000::10 interface_profiles: - name: 'APP1-IPv6-IntProf' description: IPv6 Interface Profile for APP1 interfaces: - node_id: 1001 port: 10 ip: 2001:db8:1234:2000::1/64 svi: true vlan: 100 ip_shared: 2001:db8:1234:2000::3/64 - node_id: 1002 port: 10 ip: 2001:db8:1234:2000::2/64 svi: true vlan: 100 ip_shared: 2001:db8:1234:2000::3/64 - name: 'APP1-IPv4-IntProf' description: IPv4 Interface Profile for APP1 interfaces: - node_id: 1001 port: 10 ip: 192.168.2.1/24 svi: true vlan: 100 ip_shared: 192.168.2.3/24 - node_id: 1002 port: 10 ip: 192.168.2.2/24 svi: true vlan: 100 ip_shared: 192.168.2.3/24 external_endpoint_groups: - name: 'APP1-ExtEPG' subnets: - prefix: 2001:db8:1234:1000::/64 - prefix: 192.168.1.0/24example: In this example, BGP is used as dynamic routing protocol. The BGP parameters are configured as follows: BGP remote-as ‘65530’, IPv6 neighbor address ‘2001:db8:1234:2000::10’, IPv4 neighbor address ‘192.168.2.10’, bfd is enabled with the policy ‘BFD-Policy’. ACI advertises default route ’::/0’ and ‘0.0.0.0/0’ to the BGP neighbor and is assumed to receive ‘2001:db8:1234:1000::/64’ and ‘192.168.1.0/24’ from it.
apic: tenants: - name: TENANT1 l3outs: - name: 'APP1-L3out' description: Interface for APP1 vrf: VRF1 domain: DOMAIN1 node_profiles: - name: 'APP1-NodeProf' nodes: - node_id: 1001 router_id: 10.1.1.1 router_id_as_loopback: false - node_id: 1002 router_id: 10.1.1.2 router_id_as_loopback: false interface_profiles: - name: 'APP1-IPv6-IntProf' description: IPv6 Interface Profile for APP1 bfd_policy: BFD-Policy interfaces: - node_id: 1001 port: 10 ip: 2001:db8:1234:2000::1/64 svi: true vlan: 100 bgp_peers: - ip: 2001:db8:1234:2000::10 remote_as: 65530 description: BGP Peer for APP1 bfd: true multicast_address_family: false - node_id: 1002 port: 10 ip: 2001:db8:1234:2000::2/64 svi: true vlan: 100 bgp_peers: - ip: 2001:db8:1234:2000::10 remote_as: 65530 description: BGP Peer for APP1 bfd: true multicast_address_family: false - name: 'APP1-IPv4-IntProf' description: IPv4 Interface Profile for APP1 interfaces: - node_id: 1001 port: 10 ip: 192.168.2.1/24 svi: true vlan: 100 bgp_peers: - ip: 192.168.2.10 remote_as: 65530 description: BGP Peer for APP1 bfd: true multicast_address_family: false - node_id: 1002 port: 10 ip: 192.168.2.2/24 svi: true vlan: 100 bgp_peers: - ip: 192.168.2.10 remote_as: 65530 description: BGP Peer for APP1 bfd: true multicast_address_family: false external_endpoint_groups: - name: 'APP1-ExtEPG' subnets: - prefix: 2001:db8:1234:1000::/64 - prefix: 192.168.1.0/24 - prefix: ::/0 export_route_control: true import_security: false - prefix: 0.0.0.0/0 export_route_control: true import_security: falseL3out Node and Interface Profiles can either be auto-generated, one per L3out, or can be defined explicitly.
Note: Whether an interface is an
svi,routed sub-interface, orrouteddepends on the following configuration:
svi - vlan: <not null>, svi: true, ip: <not null>
routed sub-interface - vlan: <not null>, svi: false, ip: <not null>
routed interface - vlan: <null>, svi: false, ip: <not null>
The following table maps the subnet flags of external endpoint groups to the corresponding GUI terminology:
| Subnet Flag | GUI Terminology |
|---|---|
import_security | External Subnets for External EPG |
shared_security | Shared Security Import Subnet |
import_route_control | Import Route Control Subnet |
export_route_control | Export Route Control Subnet |
shared_route_control | Shared Route Control Subnet |
aggregate_import_route_control | Aggregate Import |
aggregate_export_route_control | Aggregate Export |
aggregate_shared_route_control | Aggregate Shared Routes |
Location in GUI:
Tenants»XXX»Networking»L3outs
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”tenants (apic)
Section titled “tenants (apic)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| l3outs | List | [l3outs] | No |
l3outs (apic.tenants)
Section titled “l3outs (apic.tenants)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| ndo_managed | Boolean | true, false | No | false |
| alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| target_dscp | Any | Choice[CS0, CS1, AF11, AF12, AF13, CS2, AF21, AF22, AF23, CS3, AF31, AF32, AF33, CS4, AF41, AF42, AF43, CS5, VA, EF, CS6, CS7, unspecified] or Integer[min: 0, max: 63] | No | unspecified |
| vrf | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| bgp | Class | [bgp] | No | |
| ospf | Class | [ospf] | No | |
| eigrp | Class | [eigrp] | No | |
| bfd_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| bgp_peers | List | [bgp_peers] | No | |
| nodes | List | [nodes] | No | |
| node_profiles | List | [node_profiles] | No | |
| external_endpoint_groups | List | [external_endpoint_groups] | No | |
| import_route_map | Class | [import_route_map] | No | |
| export_route_map | Class | [export_route_map] | No | |
| interleak_route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| default_route_leak_policy | Class | [default_route_leak_policy] | No | |
| dampening_ipv4_route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| dampening_ipv6_route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| redistribution_route_maps | List | [redistribution_route_maps] | No | |
| l3_multicast_ipv4 | Boolean | true, false | No | false |
| pim_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| igmp_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| qos_class | Choice | level1, level2, level3, level4, level5, level6, unspecified | No | unspecified |
| custom_qos_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| nd_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| multipod | Boolean | true, false | No | true |
| remote_leaf | Boolean | true, false | No | false |
| import_route_control_enforcement | Boolean | true, false | No | false |
| export_route_control_enforcement | Boolean | true, false | No | true |
| dhcp_labels | List | [dhcp_labels] | No | |
| route_maps | List | [route_maps] | No |
bgp (apic.tenants.l3outs)
Section titled “bgp (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| timer_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| as_path_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
ospf (apic.tenants.l3outs)
Section titled “ospf (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ospf_interface_profile_name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| area | Any | Integer[min: 0, max: 4294967295] or Choice[backbone] or IP | Yes | |
| area_type | Choice | regular, stub, nssa | No | regular |
| area_cost | Integer | min: 1, max: 16777215 | No | 1 |
| area_control_redistribute | Boolean | true, false | No | true |
| area_control_summary | Boolean | true, false | No | true |
| area_control_suppress_fa | Boolean | true, false | No | false |
| auth_type | Choice | none, simple, md5 | No | none |
| auth_key | String | No | ||
| auth_key_id | Integer | min: 1, max: 255 | No | 1 |
| policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
eigrp (apic.tenants.l3outs)
Section titled “eigrp (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| interface_profile_name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| asn | Integer | min: 1, max: 65535 | Yes | |
| interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
bgp_peers (apic.tenants.l3outs)
Section titled “bgp_peers (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| remote_as | Integer | min: 0, max: 4294967295 | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| allow_self_as | Boolean | true, false | No | false |
| as_override | Boolean | true, false | No | false |
| disable_peer_as_check | Boolean | true, false | No | false |
| next_hop_self | Boolean | true, false | No | false |
| send_community | Boolean | true, false | No | false |
| send_ext_community | Boolean | true, false | No | false |
| password | String | No | ||
| allowed_self_as_count | Integer | min: 1, max: 10 | No | 3 |
| bfd | Boolean | true, false | No | false |
| disable_connected_check | Boolean | true, false | No | false |
| ttl | Integer | min: 1, max: 255 | No | 1 |
| weight | Integer | min: 0, max: 65535 | No | 0 |
| remove_all_private_as | Boolean | true, false | No | false |
| remove_private_as | Boolean | true, false | No | false |
| replace_private_as_with_local_as | Boolean | true, false | No | false |
| unicast_address_family | Boolean | true, false | No | true |
| multicast_address_family | Boolean | true, false | No | true |
| admin_state | Boolean | true, false | No | true |
| local_as | Integer | min: 0, max: 4294967295 | No | |
| as_propagate | Choice | none, no-prepend, replace-as, dual-as | No | none |
| peer_prefix_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| export_route_control | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| import_route_control | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
nodes (apic.tenants.l3outs)
Section titled “nodes (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| node_id | Integer | min: 1, max: 4000 | Yes | |
| pod_id | Integer | min: 1, max: 255 | No | |
| router_id | IP | Yes | ||
| router_id_as_loopback | Boolean | true, false | No | true |
| loopbacks | List | IP | No | |
| static_routes | List | [static_routes] | No | |
| interfaces | List | [interfaces] | No |
node_profiles (apic.tenants.l3outs)
Section titled “node_profiles (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| bgp | Class | [bgp] | No | |
| bgp_peers | List | [bgp_peers] | No | |
| nodes | List | [nodes] | No | |
| interface_profiles | List | [interface_profiles] | No |
external_endpoint_groups (apic.tenants.l3outs)
Section titled “external_endpoint_groups (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| ndo_managed | Boolean | true, false | No | false |
| alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| preferred_group | Boolean | true, false | No | false |
| qos_class | Choice | level1, level2, level3, level4, level5, level6, unspecified | No | unspecified |
| target_dscp | Any | Choice[CS0, CS1, AF11, AF12, AF13, CS2, AF21, AF22, AF23, CS3, AF31, AF32, AF33, CS4, AF41, AF42, AF43, CS5, VA, EF, CS6, CS7, unspecified] or Integer[min: 0, max: 63] | No | unspecified |
| subnets | List | [subnets] | No | |
| contracts | Class | [contracts] | No | |
| route_control_profiles | List | [route_control_profiles] | No |
import_route_map (apic.tenants.l3outs)
Section titled “import_route_map (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| type | Choice | combinable, global | No | global |
| contexts | List | [contexts] | No |
export_route_map (apic.tenants.l3outs)
Section titled “export_route_map (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| type | Choice | combinable, global | No | global |
| contexts | List | [contexts] | No |
default_route_leak_policy (apic.tenants.l3outs)
Section titled “default_route_leak_policy (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| always | Boolean | true, false | No | false |
| criteria | Choice | only, in-addition | No | only |
| context_scope | Boolean | true, false | No | false |
| outside_scope | Boolean | true, false | No | true |
redistribution_route_maps (apic.tenants.l3outs)
Section titled “redistribution_route_maps (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| source | Choice | direct, attached-host, static | No | static |
| route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes |
dhcp_labels (apic.tenants.l3outs)
Section titled “dhcp_labels (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| dhcp_relay_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| dhcp_option_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| scope | Choice | infra, tenant | No | infra |
route_maps (apic.tenants.l3outs)
Section titled “route_maps (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| type | Choice | combinable, global | No | combinable |
| contexts | List | [contexts] | No |
static_routes (apic.tenants.l3outs.nodes)
Section titled “static_routes (apic.tenants.l3outs.nodes)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| prefix | IP | Yes | ||
| preference | Integer | min: 1, max: 255 | No | 1 |
| bfd | Boolean | true, false | No | false |
| next_hops | List | [next_hops] | No | |
| track_list | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
interfaces (apic.tenants.l3outs.nodes)
Section titled “interfaces (apic.tenants.l3outs.nodes)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| node_id | Integer | min: 1, max: 4000 | No | |
| node2_id | Integer | min: 1, max: 4000 | No | |
| port | Integer | min: 1, max: 127 | No | |
| sub_port | Integer | min: 1, max: 16 | No | |
| module | Integer | min: 1, max: 9 | No | 1 |
| channel | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ip | IP | No | 0.0.0.0 | |
| svi | Boolean | true, false | No | false |
| multipod_direct | Boolean | true, false | No | false |
| autostate | Boolean | true, false | No | false |
| floating_svi | Boolean | true, false | No | false |
| vlan | Integer | min: 1, max: 4096 | No | |
| mac | MAC | No | 00:22:BD:F8:19:FF | |
| mtu | Any | Choice[inherit] or Integer[min: 576, max: 9216] | No | inherit |
| ip_a | IP | No | ||
| ip_b | IP | No | ||
| ip_shared | IP | No | ||
| ip_shared_dhcp_relay | IP | No | false | |
| link_local_address | IP | No | ||
| bgp_peers | List | [bgp_peers] | No | |
| paths | List | [paths] | No | |
| mode | Choice | regular, native, untagged | No | regular |
| state | Choice | local, vrf | No | |
| micro_bfd | Class | [micro_bfd] | No |
interface_profiles (apic.tenants.l3outs.node_profiles)
Section titled “interface_profiles (apic.tenants.l3outs.node_profiles)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| bfd_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ospf | Class | [ospf] | No | |
| eigrp | Class | [eigrp] | No | |
| pim_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| igmp_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| qos_class | Choice | level1, level2, level3, level4, level5, level6, unspecified | No | unspecified |
| custom_qos_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| nd_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| interfaces | List | [interfaces] | No | |
| dhcp_labels | List | [dhcp_labels] | No |
subnets (apic.tenants.l3outs.external_endpoint_groups)
Section titled “subnets (apic.tenants.l3outs.external_endpoint_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ndo_managed | Boolean | true, false | No | false |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| prefix | IP | Yes | ||
| import_route_control | Boolean | true, false | No | false |
| export_route_control | Boolean | true, false | No | false |
| shared_route_control | Boolean | true, false | No | false |
| import_security | Boolean | true, false | No | true |
| shared_security | Boolean | true, false | No | false |
| aggregate_import_route_control | Boolean | true, false | No | false |
| aggregate_export_route_control | Boolean | true, false | No | false |
| aggregate_shared_route_control | Boolean | true, false | No | false |
| bgp_route_summarization | Boolean | true, false | No | false |
| bgp_route_summarization_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ospf_route_summarization | Boolean | true, false | No | false |
| eigrp_route_summarization | Boolean | true, false | No | false |
| route_control_profiles | List | [route_control_profiles] | No |
contracts (apic.tenants.l3outs.external_endpoint_groups)
Section titled “contracts (apic.tenants.l3outs.external_endpoint_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| consumers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| providers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| imported_consumers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No |
route_control_profiles (apic.tenants.l3outs.external_endpoint_groups)
Section titled “route_control_profiles (apic.tenants.l3outs.external_endpoint_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| direction | Choice | import, export | No | import |
contexts (apic.tenants.l3outs.import_route_map)
Section titled “contexts (apic.tenants.l3outs.import_route_map)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| action | Choice | permit, deny | No | permit |
| order | Integer | min: 0, max: 9 | No | 0 |
| match_rules | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| set_rule | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
next_hops (apic.tenants.l3outs.nodes.static_routes)
Section titled “next_hops (apic.tenants.l3outs.nodes.static_routes)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| preference | Integer | min: 0, max: 255 | No | 1 |
| type | Choice | prefix, none | No | prefix |
| ip_sla_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| track_list | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
paths (apic.tenants.l3outs.nodes.interfaces)
Section titled “paths (apic.tenants.l3outs.nodes.interfaces)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| physical_domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| vmware_vmm_domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| elag | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| floating_ip | IP | Yes | ||
| vlan | Integer | min: 1, max: 4096 | No |
micro_bfd (apic.tenants.l3outs.nodes.interfaces)
Section titled “micro_bfd (apic.tenants.l3outs.nodes.interfaces)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| destination_ip | IP | Yes | ||
| start_timer | Any | Integer[min: 60, max: 3600] or Integer[min: 0, max: 0] | No | 0 |
Examples
Section titled “Examples”Simple example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 track_list: TRACK_POL interfaces: - node_id: 101 port: 10 vlan: 301 ip: 14.14.14.1/24 bgp_peers: - ip: 14.14.14.14 remote_as: 65010 external_endpoint_groups: - name: EXT-EPG1 subnets: - prefix: 0.0.0.0/0 contracts: consumers: - CON1SVI example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 vlan: 301 svi: true ip: 14.14.14.1/24Routed Sub-interface example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 vlan: 301 svi: false ip: 14.14.14.1/24Routed Interface example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 ip: 14.14.14.1/24Example with explicit profiles:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 bgp: name: BGP_PROT1 timer_policy: BGP_TIMER1 as_path_policy: BGP_AS_PATH1 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 track_list: TRACK_POL interface_profiles: - name: NODE_101 description: NODE_101 Description dhcp_labels: - dhcp_relay_policy: DHCP-RELAY1 dhcp_option_policy: DHCP-OPTION1 scope: tenant interfaces: - node_id: 101 port: 10 vlan: 301 ip: 14.14.14.1/24 bgp_peers: - ip: 14.14.14.14 remote_as: 65010 external_endpoint_groups: - name: EXT-EPG1 subnets: - prefix: 0.0.0.0/0Full example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 alias: L3OUT1-ALIAS description: My Desc target_dscp: AF13 qos_class: level3 import_route_control_enforcement: true export_route_control_enforcement: true custom_qos_policy: QOS_POLICY vrf: VRF1 domain: ROUTED1 bfd_policy: BFD1 dhcp_labels: - dhcp_relay_policy: DHCP-RELAY1 dhcp_option_policy: DHCP-OPTION1 scope: tenant bgp: timer_policy: BGP_TIMER1 as_path_policy: BGP_AS_PATH1 ospf: area: 0 area_type: regular area_cost: 1 auth_type: simple auth_key: cisco auth_key_id: 1 policy: OIP1 interleak_route_map: ROUTE_MAP1 default_route_leak_policy: always: false criteria: 'in-addition' context_scope: false outside_scope: false redistribution_route_maps: - source: direct route_map: ROUTE_MAP2 dampening_ipv4_route_map: ROUTE_MAP3 dampening_ipv6_route_map: ROUTE_MAP4 nodes: - node_id: 101 router_id: 5.5.5.5 router_id_as_loopback: true static_routes: - prefix: 2.2.2.0/24 description: My Desc preference: 1 next_hops: - ip: 6.6.6.6 description: My Next Hop Desc ip_sla_policy: IP_SLA1 interfaces: - channel: VPC1 svi: true scope: local vlan: 301 ip_a: 14.14.14.1/24 ip_b: 14.14.14.2/24 ip_shared: 14.14.14.3/24 ip_shared_dhcp_relay: true link_local_address: fe80::ffff:ffff:ffff:ffff mode: native bgp_peers: - ip: 14.14.14.14 remote_as: 65010 description: My Desc allow_self_as: true as_override: true bfd: true disable_connected_check: true remove_private_as: true remove_all_private_as: true multicast_address_family: true ttl: 1 weight: 0 password: C1sco123 local_as: 1234 as_propagate: dual-as peer_prefix_policy: BGP_PP1 export_route_control: ROUTE_MAP1 import_route_control: ROUTE_MAP2 - channel: PC1 vlan: 311 ip: 24.24.24.1/24 bgp_peers: - ip: 24.24.24.2 remote_as: 65010 micro_bfd: destination_ip: 24.24.24.2 start_timer: 120 import_route_map: name: example-import-name description: desc type: global contexts: - name: CONTEXT1 description: desc1 action: deny order: 2 match_rules: - MATCH1 set_rule: SET1 route_maps: - name: example-name description: desc type: global contexts: - name: CONTEXT1 description: desc1 action: deny order: 2 match_rules: - MATCH1 set_rule: SET1 export_route_map: name: example-export-name contexts: - name: CONTEXT1 match_rules: - MATCH2 set_rule: SET2 external_endpoint_groups: - name: EXT-EPG1 alias: ABC-EXT-EPG1 description: My Desc preferred_group: false qos_class: level4 target_dscp: CS5 route_control_profiles: - name: IMPORT-RCP1 direction: import subnets: - name: ALL prefix: 0.0.0.0/0 import_route_control: false export_route_control: false shared_route_control: false import_security: true shared_security: false route_control_profiles: - name: EXPORT-RCP1 direction: export contracts: consumers: - CON1 providers: - CON1 imported_consumers: - IMPORT-CON1L3out Node and Interface Profiles can either be auto-generated, one per L3out, or can be defined explicitly.
Note: Whether an interface is an
svi,routed sub-interface, orrouteddepends on the following configuration:
svi - vlan: <not null>, svi: true, ip: <not null>
routed sub-interface - vlan: <not null>, svi: false, ip: <not null>
routed interface - vlan: <null>, svi: false, ip: <not null>
The following table maps the subnet flags of external endpoint groups to the corresponding GUI terminology:
| Subnet Flag | GUI Terminology |
|---|---|
import_security | External Subnets for External EPG |
shared_security | Shared Security Import Subnet |
import_route_control | Import Route Control Subnet |
export_route_control | Export Route Control Subnet |
shared_route_control | Shared Route Control Subnet |
aggregate_import_route_control | Aggregate Import |
aggregate_export_route_control | Aggregate Export |
aggregate_shared_route_control | Aggregate Shared Routes |
Location in GUI:
Tenants»XXX»Networking»L3outs
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”tenants (apic)
Section titled “tenants (apic)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| l3outs | List | [l3outs] | No |
l3outs (apic.tenants)
Section titled “l3outs (apic.tenants)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| ndo_managed | Boolean | true, false | No | false |
| alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| target_dscp | Any | Choice[CS0, CS1, AF11, AF12, AF13, CS2, AF21, AF22, AF23, CS3, AF31, AF32, AF33, CS4, AF41, AF42, AF43, CS5, VA, EF, CS6, CS7, unspecified] or Integer[min: 0, max: 63] | No | unspecified |
| vrf | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| bgp | Class | [bgp] | No | |
| ospf | Class | [ospf] | No | |
| eigrp | Class | [eigrp] | No | |
| bfd_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| bgp_peers | List | [bgp_peers] | No | |
| nodes | List | [nodes] | No | |
| node_profiles | List | [node_profiles] | No | |
| external_endpoint_groups | List | [external_endpoint_groups] | No | |
| import_route_map | Class | [import_route_map] | No | |
| export_route_map | Class | [export_route_map] | No | |
| interleak_route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| default_route_leak_policy | Class | [default_route_leak_policy] | No | |
| dampening_ipv4_route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| dampening_ipv6_route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| redistribution_route_maps | List | [redistribution_route_maps] | No | |
| l3_multicast_ipv4 | Boolean | true, false | No | false |
| pim_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| igmp_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| qos_class | Choice | level1, level2, level3, level4, level5, level6, unspecified | No | unspecified |
| custom_qos_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| nd_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| multipod | Boolean | true, false | No | true |
| remote_leaf | Boolean | true, false | No | false |
| import_route_control_enforcement | Boolean | true, false | No | false |
| export_route_control_enforcement | Boolean | true, false | No | true |
| dhcp_labels | List | [dhcp_labels] | No | |
| route_maps | List | [route_maps] | No |
bgp (apic.tenants.l3outs)
Section titled “bgp (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| timer_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| as_path_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
ospf (apic.tenants.l3outs)
Section titled “ospf (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ospf_interface_profile_name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| area | Any | Integer[min: 0, max: 4294967295] or Choice[backbone] or IP | Yes | |
| area_type | Choice | regular, stub, nssa | No | regular |
| area_cost | Integer | min: 1, max: 16777215 | No | 1 |
| area_control_redistribute | Boolean | true, false | No | true |
| area_control_summary | Boolean | true, false | No | true |
| area_control_suppress_fa | Boolean | true, false | No | false |
| auth_type | Choice | none, simple, md5 | No | none |
| auth_key | String | No | ||
| auth_key_id | Integer | min: 1, max: 255 | No | 1 |
| policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
eigrp (apic.tenants.l3outs)
Section titled “eigrp (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| interface_profile_name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| asn | Integer | min: 1, max: 65535 | Yes | |
| interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
bgp_peers (apic.tenants.l3outs)
Section titled “bgp_peers (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| remote_as | Integer | min: 0, max: 4294967295 | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| allow_self_as | Boolean | true, false | No | false |
| as_override | Boolean | true, false | No | false |
| disable_peer_as_check | Boolean | true, false | No | false |
| next_hop_self | Boolean | true, false | No | false |
| send_community | Boolean | true, false | No | false |
| send_ext_community | Boolean | true, false | No | false |
| password | String | No | ||
| allowed_self_as_count | Integer | min: 1, max: 10 | No | 3 |
| bfd | Boolean | true, false | No | false |
| disable_connected_check | Boolean | true, false | No | false |
| ttl | Integer | min: 1, max: 255 | No | 1 |
| weight | Integer | min: 0, max: 65535 | No | 0 |
| remove_all_private_as | Boolean | true, false | No | false |
| remove_private_as | Boolean | true, false | No | false |
| replace_private_as_with_local_as | Boolean | true, false | No | false |
| unicast_address_family | Boolean | true, false | No | true |
| multicast_address_family | Boolean | true, false | No | true |
| admin_state | Boolean | true, false | No | true |
| local_as | Integer | min: 0, max: 4294967295 | No | |
| as_propagate | Choice | none, no-prepend, replace-as, dual-as | No | none |
| peer_prefix_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| export_route_control | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| import_route_control | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
nodes (apic.tenants.l3outs)
Section titled “nodes (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| node_id | Integer | min: 1, max: 4000 | Yes | |
| pod_id | Integer | min: 1, max: 255 | No | |
| router_id | IP | Yes | ||
| router_id_as_loopback | Boolean | true, false | No | true |
| loopbacks | List | IP | No | |
| static_routes | List | [static_routes] | No | |
| interfaces | List | [interfaces] | No |
node_profiles (apic.tenants.l3outs)
Section titled “node_profiles (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| bgp | Class | [bgp] | No | |
| bgp_peers | List | [bgp_peers] | No | |
| nodes | List | [nodes] | No | |
| interface_profiles | List | [interface_profiles] | No |
external_endpoint_groups (apic.tenants.l3outs)
Section titled “external_endpoint_groups (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| ndo_managed | Boolean | true, false | No | false |
| alias | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| preferred_group | Boolean | true, false | No | false |
| qos_class | Choice | level1, level2, level3, level4, level5, level6, unspecified | No | unspecified |
| target_dscp | Any | Choice[CS0, CS1, AF11, AF12, AF13, CS2, AF21, AF22, AF23, CS3, AF31, AF32, AF33, CS4, AF41, AF42, AF43, CS5, VA, EF, CS6, CS7, unspecified] or Integer[min: 0, max: 63] | No | unspecified |
| subnets | List | [subnets] | No | |
| contracts | Class | [contracts] | No | |
| route_control_profiles | List | [route_control_profiles] | No |
import_route_map (apic.tenants.l3outs)
Section titled “import_route_map (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| type | Choice | combinable, global | No | global |
| contexts | List | [contexts] | No |
export_route_map (apic.tenants.l3outs)
Section titled “export_route_map (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| type | Choice | combinable, global | No | global |
| contexts | List | [contexts] | No |
default_route_leak_policy (apic.tenants.l3outs)
Section titled “default_route_leak_policy (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| always | Boolean | true, false | No | false |
| criteria | Choice | only, in-addition | No | only |
| context_scope | Boolean | true, false | No | false |
| outside_scope | Boolean | true, false | No | true |
redistribution_route_maps (apic.tenants.l3outs)
Section titled “redistribution_route_maps (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| source | Choice | direct, attached-host, static | No | static |
| route_map | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes |
dhcp_labels (apic.tenants.l3outs)
Section titled “dhcp_labels (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| dhcp_relay_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| dhcp_option_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| scope | Choice | infra, tenant | No | infra |
route_maps (apic.tenants.l3outs)
Section titled “route_maps (apic.tenants.l3outs)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| type | Choice | combinable, global | No | combinable |
| contexts | List | [contexts] | No |
static_routes (apic.tenants.l3outs.nodes)
Section titled “static_routes (apic.tenants.l3outs.nodes)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| prefix | IP | Yes | ||
| preference | Integer | min: 1, max: 255 | No | 1 |
| bfd | Boolean | true, false | No | false |
| next_hops | List | [next_hops] | No | |
| track_list | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
interfaces (apic.tenants.l3outs.nodes)
Section titled “interfaces (apic.tenants.l3outs.nodes)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| node_id | Integer | min: 1, max: 4000 | No | |
| node2_id | Integer | min: 1, max: 4000 | No | |
| port | Integer | min: 1, max: 127 | No | |
| sub_port | Integer | min: 1, max: 16 | No | |
| module | Integer | min: 1, max: 9 | No | 1 |
| channel | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ip | IP | No | 0.0.0.0 | |
| svi | Boolean | true, false | No | false |
| multipod_direct | Boolean | true, false | No | false |
| autostate | Boolean | true, false | No | false |
| floating_svi | Boolean | true, false | No | false |
| vlan | Integer | min: 1, max: 4096 | No | |
| mac | MAC | No | 00:22:BD:F8:19:FF | |
| mtu | Any | Choice[inherit] or Integer[min: 576, max: 9216] | No | inherit |
| ip_a | IP | No | ||
| ip_b | IP | No | ||
| ip_shared | IP | No | ||
| ip_shared_dhcp_relay | IP | No | false | |
| link_local_address | IP | No | ||
| bgp_peers | List | [bgp_peers] | No | |
| paths | List | [paths] | No | |
| mode | Choice | regular, native, untagged | No | regular |
| state | Choice | local, vrf | No | |
| micro_bfd | Class | [micro_bfd] | No |
interface_profiles (apic.tenants.l3outs.node_profiles)
Section titled “interface_profiles (apic.tenants.l3outs.node_profiles)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| bfd_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ospf | Class | [ospf] | No | |
| eigrp | Class | [eigrp] | No | |
| pim_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| igmp_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| qos_class | Choice | level1, level2, level3, level4, level5, level6, unspecified | No | unspecified |
| custom_qos_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| nd_interface_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| interfaces | List | [interfaces] | No | |
| dhcp_labels | List | [dhcp_labels] | No |
subnets (apic.tenants.l3outs.external_endpoint_groups)
Section titled “subnets (apic.tenants.l3outs.external_endpoint_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ndo_managed | Boolean | true, false | No | false |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| prefix | IP | Yes | ||
| import_route_control | Boolean | true, false | No | false |
| export_route_control | Boolean | true, false | No | false |
| shared_route_control | Boolean | true, false | No | false |
| import_security | Boolean | true, false | No | true |
| shared_security | Boolean | true, false | No | false |
| aggregate_import_route_control | Boolean | true, false | No | false |
| aggregate_export_route_control | Boolean | true, false | No | false |
| aggregate_shared_route_control | Boolean | true, false | No | false |
| bgp_route_summarization | Boolean | true, false | No | false |
| bgp_route_summarization_policy | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| ospf_route_summarization | Boolean | true, false | No | false |
| eigrp_route_summarization | Boolean | true, false | No | false |
| route_control_profiles | List | [route_control_profiles] | No |
contracts (apic.tenants.l3outs.external_endpoint_groups)
Section titled “contracts (apic.tenants.l3outs.external_endpoint_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| consumers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| providers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| imported_consumers | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No |
route_control_profiles (apic.tenants.l3outs.external_endpoint_groups)
Section titled “route_control_profiles (apic.tenants.l3outs.external_endpoint_groups)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| direction | Choice | import, export | No | import |
contexts (apic.tenants.l3outs.import_route_map)
Section titled “contexts (apic.tenants.l3outs.import_route_map)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | Yes | |
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| action | Choice | permit, deny | No | permit |
| order | Integer | min: 0, max: 9 | No | 0 |
| match_rules | List | String[Regex: ^[a-zA-Z0-9_.:-]{1,64}$] | No | |
| set_rule | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No |
next_hops (apic.tenants.l3outs.nodes.static_routes)
Section titled “next_hops (apic.tenants.l3outs.nodes.static_routes)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip | IP | Yes | ||
| description | String | Regex: ^[a-zA-Z0-9\\!#$%()*,-./:;@ _{|}~?&+]{1,128}$ | No | |
| preference | Integer | min: 0, max: 255 | No | 1 |
| type | Choice | prefix, none | No | prefix |
paths (apic.tenants.l3outs.nodes.interfaces)
Section titled “paths (apic.tenants.l3outs.nodes.interfaces)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| physical_domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| vmware_vmm_domain | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| elag | String | Regex: ^[a-zA-Z0-9_.:-]{1,64}$ | No | |
| floating_ip | IP | Yes | ||
| vlan | Integer | min: 1, max: 4096 | No |
micro_bfd (apic.tenants.l3outs.nodes.interfaces)
Section titled “micro_bfd (apic.tenants.l3outs.nodes.interfaces)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| destination_ip | IP | Yes | ||
| start_timer | Any | Integer[min: 60, max: 3600] or Integer[min: 0, max: 0] | No | 0 |
Examples
Section titled “Examples”Simple example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 track_list: TRACK_POL interfaces: - node_id: 101 port: 10 vlan: 301 ip: 14.14.14.1/24 bgp_peers: - ip: 14.14.14.14 remote_as: 65010 external_endpoint_groups: - name: EXT-EPG1 subnets: - prefix: 0.0.0.0/0 contracts: consumers: - CON1SVI example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 vlan: 301 svi: true ip: 14.14.14.1/24Routed Sub-interface example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 vlan: 301 svi: false ip: 14.14.14.1/24Routed Interface example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 interfaces: - node_id: 101 port: 10 ip: 14.14.14.1/24Example with explicit profiles:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 vrf: VRF1 domain: ROUTED1 node_profiles: - name: NODE_101 bgp: name: BGP_PROT1 timer_policy: BGP_TIMER1 as_path_policy: BGP_AS_PATH1 nodes: - node_id: 101 router_id: 5.5.5.5 static_routes: - prefix: 2.2.2.0/24 description: My Desc next_hops: - ip: 6.6.6.6 interface_profiles: - name: NODE_101 description: NODE_101 Description dhcp_labels: - dhcp_relay_policy: DHCP-RELAY1 dhcp_option_policy: DHCP-OPTION1 scope: tenant interfaces: - node_id: 101 port: 10 vlan: 301 ip: 14.14.14.1/24 bgp_peers: - ip: 14.14.14.14 remote_as: 65010 external_endpoint_groups: - name: EXT-EPG1 subnets: - prefix: 0.0.0.0/0Full example:
apic: tenants: - name: ABC l3outs: - name: L3OUT1 alias: L3OUT1-ALIAS description: My Desc target_dscp: AF13 qos_class: level3 import_route_control_enforcement: true export_route_control_enforcement: true custom_qos_policy: QOS_POLICY vrf: VRF1 domain: ROUTED1 bfd_policy: BFD1 dhcp_labels: - dhcp_relay_policy: DHCP-RELAY1 dhcp_option_policy: DHCP-OPTION1 scope: tenant bgp: timer_policy: BGP_TIMER1 as_path_policy: BGP_AS_PATH1 ospf: area: 0 area_type: regular area_cost: 1 auth_type: simple auth_key: cisco auth_key_id: 1 policy: OIP1 interleak_route_map: ROUTE_MAP1 default_route_leak_policy: always: false criteria: 'in-addition' context_scope: false outside_scope: false redistribution_route_maps: - source: direct route_map: ROUTE_MAP2 dampening_ipv4_route_map: ROUTE_MAP3 dampening_ipv6_route_map: ROUTE_MAP4 nodes: - node_id: 101 router_id: 5.5.5.5 router_id_as_loopback: true static_routes: - prefix: 2.2.2.0/24 description: My Desc preference: 1 next_hops: - ip: 6.6.6.6 description: My Next Hop Desc interfaces: - channel: VPC1 svi: true scope: local vlan: 301 ip_a: 14.14.14.1/24 ip_b: 14.14.14.2/24 ip_shared: 14.14.14.3/24 ip_shared_dhcp_relay: true link_local_address: fe80::ffff:ffff:ffff:ffff mode: native bgp_peers: - ip: 14.14.14.14 remote_as: 65010 description: My Desc allow_self_as: true as_override: true bfd: true disable_connected_check: true remove_private_as: true remove_all_private_as: true multicast_address_family: true ttl: 1 weight: 0 password: C1sco123 local_as: 1234 as_propagate: dual-as peer_prefix_policy: BGP_PP1 export_route_control: ROUTE_MAP1 import_route_control: ROUTE_MAP2 - channel: PC1 vlan: 311 ip: 24.24.24.1/24 bgp_peers: - ip: 24.24.24.2 remote_as: 65010 micro_bfd: destination_ip: 24.24.24.2 start_timer: 120 import_route_map: name: example-import-name description: desc type: global contexts: - name: CONTEXT1 description: desc1 action: deny order: 2 match_rules: - MATCH1 set_rule: SET1 route_maps: - name: example-name description: desc type: global contexts: - name: CONTEXT1 description: desc1 action: deny order: 2 match_rules: - MATCH1 set_rule: SET1 export_route_map: name: example-export-name contexts: - name: CONTEXT1 match_rules: - MATCH2 set_rule: SET2 external_endpoint_groups: - name: EXT-EPG1 alias: ABC-EXT-EPG1 description: My Desc preferred_group: false qos_class: level4 target_dscp: CS5 route_control_profiles: - name: IMPORT-RCP1 direction: import subnets: - name: ALL prefix: 0.0.0.0/0 import_route_control: false export_route_control: false shared_route_control: false import_security: true shared_security: false route_control_profiles: - name: EXPORT-RCP1 direction: export contracts: consumers: - CON1 providers: - CON1 imported_consumers: - IMPORT-CON1