cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4264
Views
5
Helpful
4
Replies

PBR service graph across tenants

Antonio Macia
Level 3
Level 3

Hi,

 

Is it possible to do policy based redirect service graph between two different tenants (without using the common tenant)? 

For example, let's say we have an EPG in the production tenant that must be accessible from another EPG in the non-production tenant through the firewall using PBR. Because the EPG are in different tenants, you cannot select one of the EPGs when applying the service graph to a contract. 

 

Regards.

1 Accepted Solution

Accepted Solutions

6askorobogatov
Level 1
Level 1

If you L4-L7 is in Pord tenant, you just heave to create contract, add L4-7 to the subject(s), attach provider side of contact . to EPG in prod tenant, export contact to nonprod tenant and add contact interface to clients' EPG. 

PBR wil be used in L4-7 config to sent traffic  to your the L4-7 device, In case of FW you need PBR on both sides. 

View solution in original post

4 Replies 4

6askorobogatov
Level 1
Level 1

If you L4-L7 is in Pord tenant, you just heave to create contract, add L4-7 to the subject(s), attach provider side of contact . to EPG in prod tenant, export contact to nonprod tenant and add contact interface to clients' EPG. 

PBR wil be used in L4-7 config to sent traffic  to your the L4-7 device, In case of FW you need PBR on both sides. 

Hi,

 

Thanks, I missed that part of the PBR white paper documentation. I'll test it and let you know.

Hi, 

    what does it means "In case of FW you need PBR on both sides"?

Sides=tenants?

 

Or simply do you means both sides are the two arms of firewall??

 

Thanks a lot if you reply

You may need PBR to direct incoming packets to FW and PBR to direct returning traffic to FW.

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License