L3Out for Routing to L4-L7 Devices

L3Out for Routing to L4-L7 Devices

L3Out for Routing to L4-L7 Devices

If NAT is not an option and you still want to send the traffic to end points which are behind FW or Load Balancer, you can have two options:

  • Use Service Graph Redirect
  • Configure Static or Dynamic Routing via L3Out Connection

Static Routing and Dynamic Routing work well on the L3Out SVI via vPC. Now if you are using the static routing then in that case a secondary IP address for SVI and vPC configuration must be done. This Secondary IP address will be used as Next Hop for static routing.

Now if we are using more than two leafs for L3Out then based on Leaf hardware and its software release, there are some restriction and these restriction apply if:

  • L3Out connection consists of more than two leaf with the SVI in same VLAN Encapsulation
  • Border switch is using static routing to connect to external devices.
  • vPC is being used to connect external device to fabric.

These restriction are because, traffic gets routed to L3Out connection but may be switched or bridged on external Bridge domain on another L3out connection.

Below is the topology choices, in which on left topology choices works well with both first generation and second generation leaf switches. On the right side the topology is designed if we have EX and FX 9300 platform switches. In topology L3Out connection is used for static routing to route traffic to external device which is configured on HA pair (active-standby). 


    You are will be the first.


Please login here to comment.