ACI Multi-Site Intersite L3Out
Multi-Site Intersite L3Out
Cisco ACI Intersite L3Out functions is supported on ACI release 4.2(1) with MSO release 2.2(1) onwards.
If any enterprise have requirement such that Endpoint at site 1 want to communicate to External resources at Site via Site 2 L3out, then in that case Intersite L3out function can be useful.
Below are some use case defined where Intersite L3Out functionality can be very much used.
Refer figure describes Endoint to Remote L3Out communication (Intra/Inter VRF)
Refer figure describes Intersite transit routing (Intra/Inter VRF)
The above figure describes, when intersite L3out is enabled , Endpoints connected to specific sites will be able to communicate with external network entities like WAN , Mainframes, Service nodes, deployed in separate side via remote L3Out Connection ( both via Intra VRF or Inter VRF)
Intersite L3Out Guidelines
- If you are using ACI release 5.0(1), you need to follow below guideline while designing Intersite L3Out.
- For ACI Sites, minimum ACI release for Intersite L3Out communication is ACI 4.2(1)
- In-Order to support use cases described in above section figure, Designer must use ACI release 4.2(2) or later
- Intersite L3Out is only supported on Border leaf L3Outs and not on GOLF L3Outs.
- When we deploy Multi-Site with Remote Leaf, Intersite L3Out is not supported.
- CloudSec traffic encryption is not supported over Intersite L3Out.
Intersite Control & Data Plane
If we are planning to deploy Intersite L3out, it is mandatory to deploy separate TEP pool referred as external TEP Pool (Other from INFRA TEP Pool) for each Site who are part of ACI Multi—Site Architecture. The Configuration and management of External TEP pool will be done from MSO only.
Once External TEP pool is assigned, MSO will assigned a dedicate External TEP IP address to each Border Leaf ,doing so a dedicated leaf to leaf VXLAN Tunnel will be created and communication between endpoint in a site and external resources via L3Out connection happens.