1. Have you ever tried creating a BD without associating with VRF for Scenario-1?
2. If BD to VRF association is so mandatory; why it is not mentioned in Red rectangular box?

Hi @AshSe ,

You have outlined two slightly different questions:

Question 1:  "if two EPs in the same EPG and in the same subnet need to communicate with each other (bridge communication), then we may avoid attaching BD with VRF."

This is correct, but ONLY if the BD does not have an IP address, so as per your diagram (and Question 2)

Question 2: "Is the above understanding correct?"

This is NOT correct, because your diagram shows a GW IP address on the BD.  Should an endpoint ever send a packet to its default gateway (10.1.1.254 in your diagram) it will NOT be able to route it because the BD is not associated with a VRF. However, if Arp flooding is enabled hosts A & B (in your diagram) will still be able to communicate with each other.

So stick with @Sergiu.Daniluk 's advice - consider BD to VRF association mandatory - and in fact it was mandatory for BDs that had no subnets until about APIC v4.??? or maybe even 5.??

Hi @RedNectar , I liked your answer. Unfortunately, I don't have access to test this solution in the lab with physical devices. By chance, if you have access to a test lab with physical devices, can you please test?

Hi @AshSe ,

OK. I set up a test - and it didn't work the way I expected!!! Which kind of blows the whole theory of being able to create purely L2 BDs out of the water.  Seems @Sergiu.Daniluk was right all along (and great to see @Sergiu.Daniluk back on the forum).

Anyway, I videoed my experiment - and you'll see that I wan't able to get two EPs on the same EPG pinging each other until I connected the BD to a VRF!!

Dear @RedNectar Here are my comments:

• You Started from my diagram but moved to your IP addresses
• How comes you attached EPG with BD when BD was not created?
• Missing subnet/gateway in the BD
• Client EPs not learned in EPG
• All Mandatory selections in APIC are marked in Red box, but this (BD to VRF) association is not marked as mandatory

I will be convinced when I will do it myself.

Hi @AshSe ,

Regarding your comments:

• You Started from my diagram but moved to your IP addresses

Yes. I have my lab set up that I can build with scripts is a couple of minutes using the IP addresses you see. It would have added 30 mins or more to build it again with your IPs

• How comes you attached EPG with BD when BD was not created?

Well, the BD was created and attached using the scripts, then I deleted the BD - so it still showed as being attached in the EPG, but if we'd looked into it, we'd have seem "missing target"

• Missing subnet/gateway in the BD

Based on your initial statement "avoid attaching BD with VRF" I tried to "avoid attaching BD with VRF" - which can't be done if there is a subnet/gateway in the BD. And that makes perfect sense - OF COURSE you have to have a VRF if you want to assigne an IP to a BD!!

• Client EPs not learned in EPG

I expected that Client IPs would not be learned because the BD didn't have and IP address, but I (wrongly) thought that MAC addresses of the EPs would be learned - but that didn't happen until AFTER I'd linked the BD to a VRF - but I didn't capture that in the video

• All Mandatory selections in APIC are marked in Red box, but this (BD to VRF) association is not marked as mandatory

I will be convinced when I will do it myself.

As I mentioned before (and @Sergiu.Daniluk confirmed) BD to VRF association is NOT mandatory, but as far as I can see, a BD that is NOT associated with a VRF is pretty useless. I WRONGLY thought that BD that is NOT associated with a VRF would still allow EPs on the same subnet to communicate, but my video showed that this is not true (and I learned something from that, which why contributing to this forum is so valuable - you learn stuff yourself while helping others)

I hope you've had a chance to do it yourself by now!

Hi @AshSe 

I tried it now in v6.0, and indeed, to my surprise, VRF association is not mandatory. However, this does not mean BDs without VRFs works. Or if it works, it shouldn't. Anyway, you will receive a fault at EPG level saying VRF is not configured.

Even more, if you try to configure the BD from NDO, even if it is in a template associated to a single site, the VRF is mandatory:

So we can all agree that Cisco is very consistent in it's inconsistency.

Stay safe,

Sergiu

@Sergiu.Daniluk when you say: VRF association is not mandatory

do you mean mandatory red box is missing

or

EP1 to EP2 reachability works without attaching BD to VRF

I mean that you can create a BD without a VRF associated to it.