Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
1
Helpful
3
Replies

VRF Interleak

Go to solution
spinning2008
Level 1
Level 1

‎09-08-2025 09:30 AM

Hi team, 

need your  help  

We have two VRFs, A and B. The method for route leaking is:

  • On the provider side: configure the EPG with a subnet (set to Shared Between VRFs, No Default Gateway) and provide a contract.

  • On the consumer side: configure only at the BD level, mark it as Shared Between VRFs, and consume the contract.

This works fine.

However, there’s another option using VRF-level ESG interleak. In that case, without using ESG at the EPG level, it seems possible to leak directly at the BD level. With this approach, it’s not necessary to check Shared Between VRFs on the BD or to create a subnet under the EPG.

Can I use VRF interleak in ACI 6.0(7) by leaking only the BD subnets, without creating an ESG?
I tested this and it works even without ESG, but I’m not fully sure if ESG is mandatory for future migrations (for example, when moving towards ESG-based policies).

Best Regards, 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Stefan Mihajlov
Spotlight
Spotlight

‎09-08-2025 09:45 AM

@spinning2008 

Yes—on ACI 6.0(7) you can use VRF-level route inter-leak to leak only the BD subnets between VRFs without creating ESGs or marking the BD/EPG as Shared Between VRFs. That model works and is supported when all you need is routing reachability between VRFs. ESGs are not mandatory for inter-VRF leaking; they become relevant if you want to manage policy at the ESG layer (ESG↔ESG contracts, micro-seg, future ESG-centric migrations). Practical guidance: if your long-term plan is to standardize on ESG-based policy, start using ESGs now; otherwise, VRF inter-leak of BD subnets without ESG is fine and won’t break future migration—you can introduce ESGs later and move EPGs/BDs into them as needed.

–––
Best regards,
Stefan Mihajlov

Mark this post as Helpful if it helped you, and Accept as Solution if it resolved your question.

View solution in original post

Go to solution
spinning2008
Level 1
Level 1

‎09-08-2025 11:45 PM

Thanks Stefan for your  help 

Best Regards

View solution in original post

0 Helpful
3 Replies 3

Go to solution
spinning2008
Level 1
Level 1

‎09-08-2025 09:32 AM

Regarding Cisco ACI documentation (ESG)

The subnet that you configure under the VRF route leaking configuration can also match subnets used under the EPGs… useful for migration

0 Helpful

Go to solution
Stefan Mihajlov
Spotlight
Spotlight

‎09-08-2025 09:45 AM

@spinning2008 

Yes—on ACI 6.0(7) you can use VRF-level route inter-leak to leak only the BD subnets between VRFs without creating ESGs or marking the BD/EPG as Shared Between VRFs. That model works and is supported when all you need is routing reachability between VRFs. ESGs are not mandatory for inter-VRF leaking; they become relevant if you want to manage policy at the ESG layer (ESG↔ESG contracts, micro-seg, future ESG-centric migrations). Practical guidance: if your long-term plan is to standardize on ESG-based policy, start using ESGs now; otherwise, VRF inter-leak of BD subnets without ESG is fine and won’t break future migration—you can introduce ESGs later and move EPGs/BDs into them as needed.

–––
Best regards,
Stefan Mihajlov

Mark this post as Helpful if it helped you, and Accept as Solution if it resolved your question.

Go to solution
spinning2008
Level 1
Level 1

‎09-08-2025 11:45 PM

Thanks Stefan for your  help 

Best Regards

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License