I'd like to ask if it's possible to create a default route to an external L3 network that can be shared by multiple tenants?
I've tried various methods such as creating the External Routed Network under the Common tenant, but I was unable to see how it could work. Usually, for external layer 3 access within a tenant, a contract would be created between the external routed network and the desired EPG, but across tenants, I couldn't find a way to create a contract between the external routed network in the Common tenant and the EPG in another tenant.
Could someone walk me through the steps to do this? Or do I really have to create a separate External Routed Network for the default route for every single tenant?
In addition, my understanding of the "Common" tenant seems to be quite sketchy even after reading the documents; I'm not quite sure what exactly is shared by this tenant, or how we could use this tenant to provide shared services to other tenants. If anyone could give a quick run-down on how we could use the Common Tenant, that would be really fantastic.
Did you try one default route from one tenant for all the private networks inside one tenant?
I believe each layer 3 outside connection is associated with one private network only.
If I'm not mistaken, you are on the right track using common for the L3 out. The L3 out ties to the context/private network. In each individual tenant when you create a BD you must tie it to the common VRF not a tenant specific VRF.
I can test this in the lab if you like and get back to you with results?
Yes, if you have the time to test it in the lab, that would be fantastic.
I'd definitely like some advice on the proper/"correct" way to configure a default route that is shared by most tenants.
Thank you so much!
I would also like to understand how this works. We would potentially route our Internet connection into the common tenant and then advertise the default route into all other tenants.
Did you test the scenarios in the lab?
Can you please let us know the procedure to share one default route (going out the fabric) between the different private networks in the same tenant?
At this time, if I'm not mistaken, the only way to accomplish this is to have All the BDs in the common tenant/VRF and the EPGs in the particular user tenant where they belong. Since you are still using only 1 VRF (the common tenant) the contract between the L3 out in common to the EPGs in user defined tenants can be a standard "private network" scope contract.
The other option if having the BDs in common is not an option, is to have an external L3 per tenant.
I tried the recreate over the weekend and was also unsuccessful in find a loophole. I thought i could implement an exported contract interface for inter tenant communication between an external epg and a user defined tenant/epg but it did not work.
Hope this helps.