04-12-2017 02:27 AM - edited 03-01-2019 05:12 AM
Hi Team,
Can you please share your thoughts on how to configure Overlapping subnets in Tenants .
Tenant A -- VRF A - BD 1 - subnet 10.1.100.0/24
|------- VRF B - BD - Subnet : 10.1.100.0/24
Does this feature available in within ACI , do we need an external device to perform the NAT role .
Please confirm .
04-12-2017 04:14 AM
This feature is absolutely possible. No problem at all... UNLESS of course you wish the two tenants/VRFs to communicate with each other, which will be impossible.
Chris [RedNectar]
04-12-2017 09:27 PM
Hi Chris,
Can you please explain further how it works and relevant configuration link .
Cheers, Akber .
04-12-2017 11:22 PM
Akber,
Keep in mind that the VRF is the L3 domain. Each time we create a new VRF, we essentially create a new routing table. Therefore the 10.1.100.0/24 subnet can exist in both VRF-A and VRF-B while having complete separation.
Create BD-1, enabled unicast routing and add 10.1.100.0/24 subnet. Associate BD-1 to VRF-1.
Create BD-2, enabled unicast routing and add 10.1.100.0/24 subnet. Associate BD-2 to VRF-2.
No overlap whatsoever.
As Chris mentioned, you do no want to enable route leaking (shared services) between the two VRFs. Example of shared services:
EPG-A -> BD-A -> VRF-A :: BD-A subnet = 10.1.100.0/24 (shared between VRFs enabled)
EPG-B -> BD-B -> VRF-B :: BD-B subnet = 10.1.100.0/24 (shared between VRFs enabled)
Contract-A :: Contract-A scope = global
EPG-A = provider and consumer of Contract-A
EPG-B = provider and consumer of Contract-A
Since EPG-A and EPG-B are providing/consuming a global contract, this will open doors for the BD-A subnet to leak over into VRF-B and for BD-B subnet to leak into VRF-A. This would be an example of subnet overlap configuration.
Jason
04-13-2017 12:06 PM
Hey Jason & Chris,
Thank you for your post and appreciate it for detailed explanation.
Actually, I want some more clarification on this Overlapping subnet with in inter-VRF of single or multiple Tenants as i have a requirement to keep same Server subnet between my ACI fabric Datacenter and Traditional network DC during migration .
Scenario 1:
Tenant -A
VRF -A - BD-A - Subnet 10.1.100.1/24 ( server farm subnet in new DC )
VRF -B - BD-B - Subnet : 10.1.100.1/24 ( Server Farm subnet in old DC )
both Datacenter are connected using DCI-OTV technology.
=================================
Scenario 2:
Tenant -A
VRF -A - BD-A - Subnet 10.1.100.1/24 ( server farm subnet in new DC )
Tenant -B
VRF -B - BD-B - Subnet : 10.1.100.1/24 ( Server Farm subnet in old DC )
both Datacenter are connected using DCI-OTV technology.
Questions 1 : Please confirm what is the best practise do this .
Question 2 : If yes Q 1, Can you please share me the config guide .
Kindly refer the attached diagram.
Look forward to hearing from you soon and thank you for your valuable support.
Cheers,Akber
04-13-2017 03:01 PM
Akber,
Tenants are only logical containers for VRFs, BDs, and EPGs. They have no network construct. With that said, it doesn't matter if the 2 VRFs are in same or different tenants.
I would like to refer to your diagram. Does 10.1.100.20 in ACI need to talk to 10.1.100.30 in the legacy network?
Jason
04-13-2017 09:29 PM
Jason,
Yes, I want the server hosts coomunicate from ACI environment to Traditional in bidirectional .
10.1.100.20 in ACI need to talk to 10.1.100.30 in the legacy network in bidirectional .
Cheers, Akber.
04-17-2017 07:47 PM
If that is the case, then I am not understanding the need for placing the subnet into separate VRFs on ACI. That will only block traffic between legacy and ACI hosts.
The common way to communicate legacy and ACI hosts on the same subnet is to have an L2 extension such as a static path/port going to the OTV router.
Jason
04-13-2017 04:32 AM
Jason said it every bit as well as I could have!
CW
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide