Apache_le, 

 "Isn't any VRF created under Tenant "common" should be created automatically in all Leaves?"

Not necessarily. VRFs are only programmed on a leaf when a local VLAN or L3 interface (associated with the VRF) is in up state. Both VRFs programmed on both the border leaf (L3 out leaf) and compute leaf (EPG leaf) is not a requirement for shared L3 communication.

Based on the provided symptoms, I recommend that you look into the following:

Contracts

Contracts between the EPG/External EPG to allow routing leaking. For shared services, you have two ways of defining a subnet: in either the EPG or BD. Route leaking between VRFs is dependent of contract/provider consumer placement. Failure to observe this could lead to unidirectional route leaking. 

If EPG-A subnet is defined in BD

&

EPG-B subnet is defined in BD

then both EPGs must provide and consume a shared services contract 

=======

If EPG-A subnet is defined in EPG

&

EPG-B subnet is defined in BD

then EPG-A must provide a contract to EPG-B at minimum

=======

If EPG-A subnet is defined in EPG

&

EPG-B subnet is defined in EPG

then provide/consume direction does not matter. Just need a contract between the two. 

=======

In the case of L3 out (External EPGs), we usually treat these as EPG with subnet defined under the EPG. If your internal subnet is defined under the BD, then the external EPG must provide a contract to the internal EPG at minimum. 

External EPG Configuration

For external subnets to leak into another VRF, then certain features must be enabled on subnets defined in the L3 out EPG. 

External Subnets for the External EPG :: Defines the external subnets that we want to apply policy/contracts to

Shared Route Control Subnet :: External subnet(s) to be leaked into internal EPG's VRF

Shared Security Import Subnet :: Apply policy to the leaked subnet(s)

Jason