Hi Chris,

Can you please explain further how it works and relevant configuration link .

Cheers, Akber .

Akber, 

Keep in mind that the VRF is the L3 domain. Each time we create a new VRF, we essentially create a new routing table. Therefore the 10.1.100.0/24 subnet can exist in both VRF-A and VRF-B while having complete separation. 

Create BD-1, enabled unicast routing and add 10.1.100.0/24 subnet. Associate BD-1 to VRF-1.

Create BD-2, enabled unicast routing and add 10.1.100.0/24 subnet. Associate BD-2 to VRF-2.

No overlap whatsoever. 

As Chris mentioned, you do no want to enable route leaking (shared services) between the two VRFs. Example of shared services:

EPG-A -> BD-A -> VRF-A :: BD-A subnet = 10.1.100.0/24 (shared between VRFs enabled)

EPG-B -> BD-B -> VRF-B :: BD-B subnet = 10.1.100.0/24 (shared between VRFs enabled)

Contract-A :: Contract-A scope = global

EPG-A = provider and consumer of Contract-A

EPG-B = provider and consumer of Contract-A

Since EPG-A and EPG-B are providing/consuming a global contract, this will open doors for the BD-A subnet to leak over into VRF-B and for BD-B subnet to leak into VRF-A. This would be an example of subnet overlap configuration. 

Jason

Hey Jason & Chris,

Thank you for your post and appreciate it for detailed explanation.

Actually, I want some more clarification on this Overlapping subnet with in inter-VRF of single or multiple Tenants as i have a requirement to keep same Server subnet between my ACI fabric Datacenter and Traditional network  DC during migration .

Scenario 1:

Tenant -A  

VRF  -A  - BD-A - Subnet 10.1.100.1/24  ( server farm subnet in new DC )

VRF -B  - BD-B - Subnet : 10.1.100.1/24  ( Server Farm subnet in old DC )

both Datacenter are connected using DCI-OTV technology.

=================================

Scenario 2:

Tenant -A  

VRF  -A  - BD-A - Subnet 10.1.100.1/24  ( server farm subnet in new DC )

Tenant -B

VRF -B  - BD-B - Subnet : 10.1.100.1/24  ( Server Farm subnet in old DC )

both Datacenter are connected using DCI-OTV technology.

Questions 1 : Please confirm what is the best practise do this .

Question 2 :  If yes Q 1, Can you please share me the config guide .

Kindly refer the attached diagram.

Look forward to hearing from you soon  and thank you for your valuable support.

Cheers,Akber

Akber, 

Tenants are only logical containers for VRFs, BDs, and EPGs. They have no network construct. With that said, it doesn't matter if the 2 VRFs are in same or different tenants. 

I would like to refer to your diagram. Does 10.1.100.20 in ACI need to talk to 10.1.100.30 in the legacy network? 

Jason

Jason,

Yes,  I want the server hosts coomunicate from ACI environment to Traditional  in bidirectional .

 10.1.100.20 in ACI need to talk to 10.1.100.30 in the legacy network in bidirectional .

Cheers, Akber.

If that is the case, then I am not understanding the need for placing the subnet into separate VRFs on ACI. That will only block traffic between legacy and ACI hosts. 

The common way to communicate legacy and ACI hosts on the same subnet is to have an L2 extension such as a static path/port going to the OTV router. 

Jason

Jason said it every bit as well as I could have!

CW