03-18-2022 10:02 PM
Dear All,
I have a question on what is the best approach to allow communication between Two users in different VRF in Cisco ACI.
I understand VRF Leaking can do this but is there any other way to do the same.
Solved! Go to Solution.
03-19-2022 03:21 AM
check this guide help you :
03-19-2022 03:21 AM
check this guide help you :
03-19-2022 12:55 PM
Hi @Bharatsiingh1 ,
I have a question on what is the best approach to allow communication between Two users in different VRF in Cisco ACI.
To allow two users (as opposed to two EPGs - you said users - so I'll answer THAT question) in different VEFs to communicate in ACI, follow these steps:
Job's done.
I understand VRF Leaking can do this but is there any other way to do the same.
Think it through!
User IP-A sends a TCP SYN addressed to IP-B on another subnet
He sends the packet to its default gateway's MAC address
The default gateway doesn't know the route to B because someone thought that route leaking wasn't necessary
What happens to the packet?
Or if the default gateway happens to have a route (because of a default route perhaps), you can follow the same dead-end logic for the reply packet.
I hope this helps.
Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem.
03-19-2022 08:40 PM
Thanks Chris Welsh @RedNectar
03-20-2022 11:32 AM
No problem @kirank10 . Let's hope @Bharatsiingh1 finds it useful too.
02-21-2024 05:26 AM
I think there is another solution to make two L3out one for the first VRF and second for the second VRF and will make the firewall which connected to ACI L3OUT to make the routing between the two VRF's
I have a question
If i have Cisco ACI Multisite and the two fabric is ok in two sites (assumed each site in different VRF and different tenant and application profiles names ) and i need to extend some Vlan's through the NDO as well as to have subnets to talk the other EPG's so the good approach to make the the VRF and tenant and application profile are the same in the two sites and the NDO can import it and see it so the NDO can use it for the extended to avoid the leaking the routing between two VRF through firewall ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide