12-27-2012 08:18 AM
I am currently planning out a secure multi-tenant solution using a Nexus 7010 (which I have no hands on experience with).
I will be having four separate VDCs and need to configure them as follows:
CORE SERVERS<--------V-------------V-----------V
| | |
| | |
Tenant 1 | |
| |
Tenant 2 |
|
Tenant 3
All tenants need to be able to communicate with the Core Servers, but they should not be able to communicate with each other.
This is the configuration that I have worked out so far. Please let me know if you see any issues with it that may cause it to not function or function incorrectly.
CORE SERVERS:
n7000(config)#vrf context core
n7000(config)#interface ethernet 1/1
n7000(config-if)#vrf member core
n7000(config-if)#ip address 10.1.1.1
ip vrf core
rd 100:1
route-target export 100:1
route-target import 100:2
route-target import 100:3
route-target import 100:4
!
Tenant 1
n7000(config)#vrf context tenant1
n7000(config)#interface ethernet 2/1
n7000(config-if)#vrf member tenant1
n7000(config-if)#ip address 10.2.1.1
ip vrf tenant1
rd 100:2
route-target export 100:2
route-target import 100:1
!
Tenant 2
n7000(config)#vrf context tenant2
n7000(config)#interface ethernet 3/1
n7000(config-if)#vrf member tenant2
n7000(config-if)#ip address 10.3.1.1
ip vrf tenant2
rd 100:3
route-target export 100:3
route-target import 100:1
!
Tenant 1
n7000(config)#vrf context tenant3
n7000(config)#interface ethernet 4/1
n7000(config-if)#vrf member tenant3
n7000(config-if)#ip address 10.4.1.1
ip vrf tenant3
rd 100:4
route-target export 100:4
route-target import 100:1
!
Also I have been unable to locate the command to manually set the rd for a vrf.
Thoughts, comments, telling me I am wildly off base...all are appreciated, especially if you have an idea of how to either correct the issue or do it better.
12-27-2012 07:40 PM
duplicate post
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide