Thanks for reply,

Yes I have create a contract ping from

External Routed Networks -> Networks -> My L3 Epgs -> Contracts -> provide ping contract

and the other to my EPG (Application profile)

I can see the ping in my endpoint thanks to tcpdump but the packet stay block ordrop in my fabric. nothing in my router.

Thanks

ACI L3OUT OSPF

Router table:

----------

22.0 via 17.254 router id 1.1.1.1

Vrf Table :

---------

22.0 via overlay

17.0 via 17.254

17.254 via 17.254

External epg :

-----------

subnet 15.0/24

scope external subnets

contract ping.

Hi Mohamed,

I need to define any subnets in my bridge domain in order to route thanks to unicast routing and to share routes between VRFs in my fabric, I have activate externaly and shared between vrfs in my BD then I have declared a subnet for each epgs.

Subnet for L3 EPG advertise to ACI where/what is my external network 0.0.0.0/0 or 1.0.15.0/24  ( I don't find it in my VRF common result ) and without it ospf is broken. If I want to share my l3 out with another tenant I have to declare in the subnet the scope shared control route, I'm wrong ? 

I retrieve ACI routing table from my router ( I dont want to import my routing table in ACI), then I put a static route in ACI to indicate where is the next hop ( when you declare the router ID number) and now its works !  I found the static route in my vrf. (show ip route vrf common:Vcommon)

OK so external l3 EPG is not good enough for external routing or i miss something ?

Hi Chris, so adding that static route + subnet in BD fixed your problem?

Do you have also a subnet in External EPG ? 

Great , I'm having a problem using the L3Out in the common tenant and trying to share it with other tenant.

Problem is each time I try to assigne the L3Out profile to the EPG it gives an error not able to form MO relation ... seems like a bug to me but not sure.

I have already exported the contract from common to ther tenant so this part is done but not able to bind the EPG with the L3Out!

You just need to add L3 Configuration association in your BD (other tenant) and have BD Shared between VRFs + Externaly

Do you have something in l3 route profile field in your bd subnet ? I have already saw this message when you declare something who doesnt exist for making relation.

Your contract have scope position to Global ?

There is no associated L3out listed on the BD; when we use an Inter-vrf Shared L3out, we do not need to associate the user Tenant BDs with the L3out in Tenant Common. If you had a Tenant-specific L3out, it would still be associated to your BDs in your respective Tenants.

https://unofficialaciguide.com/2015/05/30/aci-configuring-a-shared-external-layer-3-connection-for-all-tenants/

Yep, in the BD subnet if I open the drop down menu I can see my L3Out from the common tenant already but even if I select it it gives the same error... selecting both gives the same error "L3 Route Profile and L3Out associated profile". My contract is global scope too and I can't ping outside ACI from EPG but I do have filters to allow all.

regarding your last message does it mean that my shared L3 Out does not need to be associated with other Tenants and the EPG in the other tenants can use it by default? By the way the Subnet of the BD in the other tenant "I keep calling it other tenant" or user tenant is already advertised outside ACI with no association of the L3Out so I think that proves that association is not needed when the L3Out is in the common tenant. I'm just wondering what if you want to use a specific L3Out when you have two L3Outs in the common tenant ? assoication will fail as I tried with no success.

I think that, if you share vrf common with another tenant, you must not indicate l3 out association on the other tenant since you share routes. you need just to activate externaly and shared between vrf on bd and EPGs with an global  consume contract interface in order to ping your EPGs from external network.

You can use tcpdump to see if routing is ok and arrive in your EPGs.

If you can also list route vrf of the other tenant to see if you have shared it correctly.