Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
927
Views
0
Helpful
0
Replies

Apply route leaking and security filter with contracts concurrently?

SIMMN
Spotlight
Spotlight

‎11-23-2021 07:40 PM

I have this unique use case and I can not figure out how to make it work...Hope someone could share some lights. Maybe it is not possible...But anyway:

 

I have two ACI sites managed by MSO/NDO as multi-site. Site A has VRF1, EPG1 and BD1 besides other dozens site-local EPG/BD pairs; Site B has VRF2, EPG2 and BD2 beside other dozen site-local EPG/BD pairs. ACI fabric runs the default gateway for each local EPG/BD and each site uses vzAny...No EPG/BD multi-site L2 Stretch.

 

I have configured Inter-VRF route leaking using contract to make Site A EPG1/BD1 L3 communicate with Site B EPG2/BD2 via ISN. However there are these new requirements coming in:

  • Workloads under Site A EGP1/BD1 can only communicate bi-directionaly with workloads under Site B EPG2/BD2.
  • Workloads under Site A EPG1/BD1 can not communicate with workloads under other Site A EPG/BDs.
  • Workloads under Site A EPG1/BD1 can not be accessible by workloads under other Site A EPG/BDs.

I might be able to add Site A EGP1/BD1 into a different VRF in Site A tenant and leave all other local EPG/BD in the existing VRF to meet the requirements...But any possible way to still use contracts to accomplish the new requirements?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License