Solved: CISCO ACI ROUTE LEAKING

sutha_entc · ‎12-11-2023

Hi All,

quick question on the ACI route leaking. as per the document, we need to configure the following for the route leaking between VRF.

● The consumer BD subnet scope must be set with “Shared between VRFs.”

● You need to configure a subnet under the provider EPG with the “Shared between VRFs” scope set and “no default gateway SVI.”

● The L3Out EPG subnet scope must be set with “Shared Route Control Subnet” and “Shared Security Import Subnet.”

I need to clarify the second point. instead of creating subnet under EPG and enable "shared between VRFs" option, can we do it under BD same as what we do for consumer BD?

I tried this option and route are leaking between VRF but I want to make sure it wont create any problem in future.

thanks in advance.

Robert Burns · ‎12-11-2023

No, it specifically details that the provider Subnet needs to be defined under the EPG level in order to fascilitate the route leak and contract rules. It can also exist at the BD level (for the provider BD), but absolutely needs to exist at the EPG subnet level as well.

Robert

View solution in original post

Robert Burns · ‎12-11-2023

No, it specifically details that the provider Subnet needs to be defined under the EPG level in order to fascilitate the route leak and contract rules. It can also exist at the BD level (for the provider BD), but absolutely needs to exist at the EPG subnet level as well.

Robert

sutha_entc · ‎12-11-2023

Sorry I missed some info. you are correct. let me elaborate little more on my scenario. I have 3 VRF inside my tenant and I need to leak the route between each and every VRF. what I did is I applied the consumer and provider contract under each EPG in each VRF and enable "shared between VRF" option under BD. so Basically all my VRF are provider and consumer. is this valid design? please use attach high level diagram for reference.

sutha_entc · ‎12-11-2023

sorry missed the attachment

RedNectar · ‎12-11-2023

Hi @sutha_entc ,

First, a tip:

When posting on the forum, add your pictures inline - i.e. PASTE your picture right where you want it. If it is a screenshot, you'll probably then want to click on the image and make the image large - like this.

This means you pictures are actually SEEN (a) in the email that gets sent to subscribers and (b) anyone who looks at this post in the future. Adding pictures as attachments... puts your submission into the TL;DR category.

2nd - I'll have to look at this later, but here are my random 1st thoughts.

You seem to be providing and consuming in both directions - EVERY provider route you want leaked must be defined under the EPG subnet - and NO you don't need to check “no default gateway SVI.” UNLESS the route you are leaking is a /32

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

sutha_entc · ‎12-11-2023

Hi RedNectar,

thanks for the Tips. let me put it my question in new topic.