cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
372
Views
0
Helpful
0
Replies
m1xed0s
Contributor

Apply route leaking and security filter with contracts concurrently?

I have this unique use case and I can not figure out how to make it work...Hope someone could share some lights. Maybe it is not possible...But anyway:

 

I have two ACI sites managed by MSO/NDO as multi-site. Site A has VRF1, EPG1 and BD1 besides other dozens site-local EPG/BD pairs; Site B has VRF2, EPG2 and BD2 beside other dozen site-local EPG/BD pairs. ACI fabric runs the default gateway for each local EPG/BD and each site uses vzAny...No EPG/BD multi-site L2 Stretch.

 

I have configured Inter-VRF route leaking using contract to make Site A EPG1/BD1 L3 communicate with Site B EPG2/BD2 via ISN. However there are these new requirements coming in:

  • Workloads under Site A EGP1/BD1 can only communicate bi-directionaly with workloads under Site B EPG2/BD2.
  • Workloads under Site A EPG1/BD1 can not communicate with workloads under other Site A EPG/BDs.
  • Workloads under Site A EPG1/BD1 can not be accessible by workloads under other Site A EPG/BDs.

I might be able to add Site A EGP1/BD1 into a different VRF in Site A tenant and leave all other local EPG/BD in the existing VRF to meet the requirements...But any possible way to still use contracts to accomplish the new requirements?

0 REPLIES 0