1- do you know how to associate a BGP Community tag to my Bridge Domains 's connected subnet : so these Subnets could be populated (announced) with their associted Community Tag through the VRF's L3OUT eBGP connection to reach ouside routers ?
2- if the answer to 1 is YES: each of my VRFs get 4 x L3OUT(eBGP) (not only 1) : how can i populate (announce) my BGP Community Tag through the 4 x L3OUT connections
3- I get also 1 VRFa that is Route Leaked to another VRFb to reach the outside routers : how can i associate such BGP Community Tag to my VRFa's BDs' s Connected Subnets so these Subnets could also be populated(announced) via the L3OUT eBGP of the VRFb ?
Thanks a lot for your advices
This might not be the total solution, but I guess that applying RouteMaps could allow you to tag the BGP Community as needed.
However, this is a bit tricky because ACI will not let you use the ExtSubnet 0.0.0.0/0 as Aggregate, in the ExtL3out model, to allow the redistribution of your routes into the external BGP, while at the same time using RouteMaps. So if you use RouteMaps and Export Control Policy, the control of which routes are announced and tagged is centralized in the RouteMaps, while the ExtSubnet 0.0.0/0 of the L3out would be left to control route leaking and traffic control (Contracts).
When building the routemap, using 0.0.0.0/0 as Aggregate will not match the BD Subnets, so you will need to use the proper supernet of your ACI BD Subnets in the MatchRule to properly set the BGP Tags to those subnets.
Reading the RouteControl documentation, you could get an idea and try it out on a test VRF.
All the best,
Go to L3 Configurations under the Bridge Domain and choose the L3 out you want to set the policy when you are advertising the BD subnet. It should be set under the L3 out for Route Profile.
Then underneath that you will see an option for a route profile. Within that route profile create a set rule for the community value you want.
You should be able to verify it by going on the leaf:
leaf#show bgp unicast neighbor <neighbor> vrf <vrfname> | grep map
Then once you get the route map name:
leaf#show route-map <routemapname>
You should see a set clause with the BGP community.
You can then look for the match clause that has the ip address prefix list:
leaf#show ip prefix-list <prefixlistname>
you should see a permit statement for that BD subnet.
*note if you set the route map to "Match Prefix AND Routing Policy" that will be considered combinable so you will see two subnets, one for the specific BD subnet and then one for the subnet of that network*
Hope that helps,