External Routers

external_router_icon External Router Overview

External routers represent AOS-managed switches that the network uses for traffic exiting and entering the data center fabric (via BGP). AOS ensures that proper routing is in place by peering leafs or spines with external routers (via ASNs and loopback IPs).

Characteristics and Requirements

  • External router points are defined per security zone (as opposed to the entire blueprint) (as of AOS version 3.0.0).
  • Leaf and external router point connectivity can be via an L2 or L3 interface.
  • L2 interfaces can be in a bond such as MLAG or vPC.
  • Specify custom import prefix-lists per security zone or per external connectivity point (ECP) (for different external routers).
  • Static Routing and IS-IS for external router connectivity is not directly supported.

BGP Specific Requirements

  • IPv6 peering to external routers is supported (as of AOS version 3.0.0).
  • AOS does not support Bidirectional Forwarding Detection (BFD) for external routers (since not all vendors support BFD).
  • AOS BGP timers are 1 second for keepalive interval, 3 seconds for hold time, and 5 seconds for connect time.
  • The external router role must be assigned to a device (specified in a logical device) to enable it to be deployed as an external router.
  • Choose between BGP loopback (eBGP multi-hop) or BGP interface peering.

OSPF Specific Requirements

  • OSPF is supported on Cisco NX-OS, Arista EOS, and Cumulus Linux devices.

  • IPv6 peering to external routers is not supported for OSPF (as of version 3.2.0).

  • Bidirectional Forwarding Detection (BFD) for external routers with OSPF is supported. It is disabled by default.

  • The default values for Cisco NX-OS, Arista EOS, and Cumulus Linux OSPF Hello/Dead timers can be customized (when assigning external connectivity points in the security zone).

  • The external router role must be assigned to a device (specified in a logical device) to enable it to be deployed as an external router.

    Note

    • Border leafs are always OSPF ASBRs and always part of a non-backbone area.
    • The external routers are OSPF ABRs and part of the backbone area.
    • OSPF v2 must be supported (OSPFv3 is not supported)
    • OSPF External Router connections are not yet supported for Junos devices.

Policies

External router connections have one or more external connectivity points (ECPs). ECPs can be fine-tuned with complex custom routing policies to control traffic entering and exiting a pod or security zone. ECPs are defined per L3 Group, rather than the entire blueprint.

You can disable the export of spine-leaf links, L3 edge server links, L2 edge subnets and loopbacks, based on the security zone or per ECP (for different external routers).

Routing Policy

Default only (0.0.0.0/0) - at least one default routing policy is expected for each external router in a blueprint (for telemetry)

All (accept all incoming routes)

Overlay Control Protocol (specified in the template)
Static VXLAN
External routers can peer with spine or leaf devices configured with external connections.
MP-EBGP EVPN
External routers must peer with leaf devices configured with external connections.

External Router Config - BGP Example

Below is an example of BGP configuration for an external router that generates a default route facing AOS. It has the following characteristics:

  • The ASN of the external router is 100.
  • The loopback IP of the external router is 9.0.0.1.
  • The external router is connected to two spine switches.
  • The ASN of Spine1 is 65416.
  • The loopback IP of Spine1 is 172.20.0.4.
  • The ASN of Spine2 is 65417.
  • The loopback IP of Spine1 is 172.20.0.6.
  • L3 fabric link facing spine1 is 10.0.0.1/31.
  • L3 fabric link facing spine2 is 10.0.0.3/31.

The prefix-list PREPEND-FABRIC-PREFIX prepends the external router’s ASN multiple times, which eliminates the fabric preferring the external router for internal fabric prefixes. This is just one resolution and is not the required method.

Linux Quagga External Router Example
router bgp 100
  bgp router-id 9.0.0.1
  neighbor 172.20.0.4 remote-as 65416
  neighbor 172.20.0.4 ebgp-multihop 2
  neighbor 172.20.0.4 timers 1 3
  neighbor 172.20.0.4 timers connect 5
  neighbor 172.20.0.4 default-originate
  neighbor 172.20.0.4 soft-reconfiguration inbound
  neighbor 172.20.0.4 update-source lo:1
  neighbor 172.20.0.4 route-map PREPEND-FABRIC-PREFIX out

  neighbor 172.20.0.6 remote-as 65417
  neighbor 172.20.0.6 ebgp-multihop 2
  neighbor 172.20.0.6 timers 1 3
  neighbor 172.20.0.6 timers connect 5
  neighbor 172.20.0.6 default-originate
  neighbor 172.20.0.6 soft-reconfiguration inbound
  neighbor 172.20.0.6 update-source lo:1
  neighbor 172.20.0.6 route-map PREPEND-FABRIC-PREFIX out
!
ip route 172.20.0.4/32 10.0.0.0
ip route 172.20.0.5/32 10.0.0.2
!
route-map PREPEND-FABRIC-PREFIX permit 10
  set as-path prepend 100 100 100 100

External Router Config - OSPF Example

Below is an example of OSPF configuration for an external router that generates a default route facing AOS. It has the following characteristics:

  • The OSPF area of the external router is 51.
  • The loopback IP of the external router is 9.0.0.1.
  • The external router is connected to two border leaf switches.
  • AOS border leaf is an ASBR.
  • AOS border leaf is NOT part of a backbone area.
  • External router is an ABR attached to the backbone area.
  • AOS border leaf to be configured with MTU ignore.
  • OSPF network type is broadcast.
  • OSPF Hello/Dead interval timers are default.
  • L3 fabric link IP on border leaf router is is 10.61.60.1/24.
  • L3 fabric link IP on external router is 10.61.60.254/24.
Linux Quagga External Router Example
ip route 10.0.0.2/32 10.60.61.1 bond0.61
ip route 10.0.0.3/32 10.61.61.1 bond1.61
ip route 10.0.0.4/32 10.60.62.1 bond0.62
ip route 10.0.0.5/32 10.61.62.1 bond1.62
ip route 10.0.0.6/32 10.60.60.1 bond0.60
ip route 10.0.0.7/32 10.61.60.1 bond1.60
ipv6 route ::/0 Null0
!
interface bond0.60
 ip ospf area 51
!
interface bond0.62
 ip ospf area 51
!
interface bond1.60
 ip ospf area 51
!
interface bond1.62
 ip ospf area 51
!
router ospf
 redistribute static route-map STATIC_TO_OSPF
!
ip prefix-list DEFAULT_V4 seq 5 permit 0.0.0.0/0
ipv6 prefix-list DEFAULT_V6 seq 5 permit ::/0
!
route-map STATIC_TO_OSPF permit 10
 match ip address prefix-list DEFAULT_V4
!
route-map STATIC_TO_OSPF permit 20
 match ipv6 address prefix-list DEFAULT_V6

External Router Details

External routers include the following details:

Name
64 characters or fewer
IPv4 Address
IPv4 Address of the external router. For BGP loopback peering, AOS uses this for eBGP multi-hop peering.
IPv6 Address (available for AOS version 3.0 and later)
Optional IPv6 Address of the external router. For BGP loopback peering, AOS uses this for eBGP multi-hop peering.
ASN
AOS automatically generates eBGP peer configuration facing this router Autonomous System Number (ASN).
_images/external_routers_330.png

Creating External Router

  1. From the blueprint, navigate to External Systems / External Routers, then click Create External Router.
  2. Enter a name, IPv4 address, IPv6 Address (optional), and ASN.
  3. Click Create (bottom-right) to create the external router and add it to the global catalog. It is now available for importing and assigning in a blueprint.

Editing External Router

Changes to external routers in the global catalog do not affect external routers that have already been used in blueprints, thereby preventing potentially unintended changes to those blueprints. If your intent is for the blueprint to use an updated external router, then you must delete it from the blueprint, re-import it after it has been updated, and re-assign the link to it. See below for the steps for updating an external router.

  1. Either from the list view (External Systems / External Routers) or the details view, click the Edit button for external router to edit.
  2. Make your changes.
  3. Click Update (bottom-right) to update the external router in the global catalog and return to the list view.

Deleting External Router

  1. Either from the list view (External Systems / External Routers) or the details view, click the Delete button for the external router to delete.
  2. Click Delete External Router to delete the external router from the global catalog.