Re: border and normal leaf

Mary · ‎12-12-2017

if we ssh into the leaf, how to identify from configuration that the leaf is border leaf not normal leaf

Beau Poehls · ‎12-12-2017

Hello,

In ACI, there isn't a specific configuration required to make a Leaf a border leaf. Rather, it is a term used to described or reference a Leaf in the fabric, which is typically dedicated to be the Layer-3 or Layer-2 Ingress/Egress point of the ACI fabric. E.g. - where you would configure External Routed Networks (L3Outs) with dynamic routing protocol(s) to peer with external layer-3 devices.

Please reference the Routing design section of this document for more detail.

Cisco ACI Best Practices - Routing Design

Mary · ‎12-12-2017

under external routed network xyz\network, i found L3out epg, but there is no tab called l3 configuration, under my application profile, there are quite a lot of server epgs, but i have difficult to spot L3 out epg.

also in bridged domain, a lot, so how to find gateway ip in l3 configuration?

gkumark · ‎12-12-2017

Hi,

Looks like you are confused about l3out EPG and normal application EPG. The EPG's you see under the application profile are application EPG. When you go under Tenant -> Networking -> External Routed Networks -> your L3out Profile -> Networks, you would see the l3out EPG.

If you are looking for a specific gateway IP in ACI, it would be defined under Bridge Domain -> L3 Configuration.

Hope this helps.

-GK

Mary · ‎12-13-2017

Hi, I'm not confused by l3out epg, my problem is to to find those application epgs out of 500-600 EPGs, I can't double click every epg, and find the L3 configuration gateway. this is time consuming, pls help to find a better way to search those epg with gateway configured since not all epgs have L3 gateway configured

Beau Poehls · ‎12-13-2017

If the Subnet IP address is configured under the BD, you can use the moquery tool on the APIC to collect this information. Check this guide out for examples -

http://www.layerzero.nl/blog/2016/10/querying-the-aci-object-database-with-moquery/

An example that may work -

moquery -c fvBD -x 'rsp-subtree=children rsp-subtree-class=fvSubnet' | egrep '^dn|ip(.*)\/' | awk '{print $3}

This moquery is checking for all fvBD (Bridge domains) and the fvBD children object fvSubnet (DFGW/Subnet IP on Bridge Domain). The rest is some just to match the dn parameter of fvBD and ip parameter of fvSubnet, so only those are printed to the screen. Please note if there are layer-2 only BDs without a Subnet configured on them, this will still display those, but they won't have an IP address printed on the next line.

Hope this helps.

Mary · ‎12-13-2017

moquery -c fvBD -x 'rsp-subtree=children rsp-subtree-class=fvSubnet'

no mos found.

I don't know gateway ip, so how to use moquery and find the BD or EPG with gateway configured?

sumitdhyani1 · ‎06-09-2020

Hi All,

If we have two tenants A and B and we need to have communication between both the tenants via a physical Firewall. The connectivity through leaf towards firewall wil it be via border leaf on normal leaf ?

Regards,

Sumit