07-29-2021 06:40 AM
Unlike EPGs, the ESGs don't seem to respect multi-site contracts. An ESG at site 1 won't talk to an ESG at site 2 even with an allow all filter and contract between them.
Has anyone found a way around this, like going through an l2/l3 out to go through the ISN?
Trying to find a good grouping mechanism to allow default communication between new subnets / vlans. vzAny and Preferred group don't give enough granularity for me, being as they go after the entire vrf or a single subset of it. ESGs sound good, but getting it to work between sites seems to be the issue.
07-29-2021 06:48 AM
ESGs are currently not exposed/supported with MSO. Even if you're trying to use an MSO-created contract with APIC-create ESGs. The cross-site translation is what is not yet supported.
Robert
07-29-2021 06:50 AM - edited 07-29-2021 06:51 AM
Hi @wskinner1
ESG is not supported **YET** in multi-site.
I made a request for this feature to be supported a long time ago, not sure if and when will be supported.
Maybe @Robert Burns can give us some hope ^_^
EDIT: haha seems like Robert replied faster then me
Thanks,
Sergiu
07-29-2021 07:00 AM
Yup, knew it wasn't "supported", just curious if someone found a work around. Like ESG -> ExtEPG -> ISN -> ExtEPG ->ESG
ESGs don't look like they got any attention in 5.1 or 5.2 releases. Still IP selector only, and no mso integration.
07-29-2021 07:20 AM
Honestly, your best bet currently would be to leverage standard contracts. You get the support and granularity you need. You can even leverage inherited contracts if wanted. I wouldn't recommend the L3out option as you lose all the policy granularity, vrf containment, cross-site visibility etc.
Robert
P.S. Not that it applies to your situation, but ESGs have been improved in APIC 5.2 where now you can base ESG membership on Tag, and EPG membership in addition to IP subnets.
07-29-2021 10:30 PM
I was thinking at the L3out option as well, which at the moment sounds the only option.
When it comes to policy enforcement granularity, playing with ExtEPGs & subnets for ExtEPGs wouldn't help?
08-06-2021 07:23 AM
@Sergiu.Daniluk You could make it work, just would be clunky and a very manual process as you'd have to manually tie both side's policies together to achieve the result. ESGs & Standard contracts have better matching options compared solely to L3 LPMs.
Robert
08-06-2021 07:57 AM
Totally agree with you about ESGs & Contracts, but since ESG is not available for msite, I guess, it's not much else that can be done.
07-29-2021 07:10 AM
Its on the roadmap for next year, but not yet committed. This means we need to hear the request from more customers to prioritize ESG support. I've created an enhancement request to help track this. CSCvz17670. Please open a quick TAC SR, and simply ask them to link this to the case - it will help improve prioritization.
Robert
07-29-2021 10:32 PM
I'll definitely open a service request! @wskinner1 please open a case as well. The more cases are attached to the enhancement request, the better.
Thanks,
Sergiu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide