Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a single L3Out profile. In APIC, release 2.3(1f) and later, you can configure transit routing with a single L3Out profile, with the following limitations:
- If the VRF is unenforced, an external subnet (l3extSubnet) of 0.0.0.0/0 can be used to allow traffic between the routers sharing the same L3EPG.
- If the VRF is enforced, an external default subnet (0.0.0.0/0) cannot be used to match both source and destination prefixes for traffic within the same L3EPG. To match all traffic within the same L3EPG, the following prefixes are supported:
- IPv4
- 0.0.0.0/1—with External Subnets for the External EPG
- 128.0.0.0/1—with External Subnets for the External EPG
- 0.0.0.0/0—with Import Route Control Subnet, Aggregate Import
- IPv6
- 0::0/1—with External Subnets for the External EPG
- 8000::0/1—with External Subnets for the External EPG
- :0:0/0—with Import Route Control Subnet, Aggregate Import
- Alternatively, a single default subnet (0.0.0.0/0) can be used when combined with a VzAny contract. For example:
- Use a VzAny providing contract and an L3EPG consuming contract (matching 0.0.0.0/0), or a VzAny consuming contract and L3EPG providing contract (matching 0.0.0.0/0).
- And use the subnet 0.0.0.0/0—with Import/Export Route Control Subnet, Aggregate Import, and Aggregate Export.
The external documentation was also updated yesterday by the doc team
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/kb/b_KB_Transit_Routing.html#concept_CBBCBA5750D84E4BB49CD727FDCF547A