epg comm in same/different tenant

Mary · ‎03-13-2018

I have epg1 and epg2 in the same tenant A, I want epg1 and epg2 can communicate, thus i define subnet for bd1 and bd2

I have epg3 in another tenantB, I want epg3 can communicate with epg2, so I set up bd subnet for epg3 and create contract between epg3 and epg2

Is the above setting complete or i miss any points? thanks

NickScheutjens · ‎03-19-2018

You'll need to create a contract between EPG1 and EPG2 in the same tenant if you want them to communicate. The configuration between EPG's in a different tenant is a little bit different. It is discribed here: https://www.cisco.com/c/en/us/support/docs/cloud-systems-management/application-policy-infrastructure-controller-apic/200242-Configuring-Inter-Context-Communication.html

The contract need to have "global" as scope and you will need to add the subnet to the EPG as well as to the BD. You will need to create the contract on the tenant where the provided EPG is and then export it to the other tenant. you can read the configuration if detail by clicking on the link. We used the described configuration on all ACI versions up to 3.1(1i), but i presume that it works on all versions.

micgarc2 · ‎03-19-2018

This actually depends. If EPG3 is in another tenant but in the same VRF as EPG2, a VRF Scope on the contract should still accomplish what you are trying to do (communicate between EPG2 and EPG3). A global scope is only necessary when we get into route-leaking (routing between EPs in different VRFs) if you decide to not import/export contracts.