VRF between multiple VDCs

zscaringello · ‎12-27-2012

I am currently planning out a secure multi-tenant solution using a Nexus 7010 (which I have no hands on experience with).

I will be having four separate VDCs and need to configure them as follows:

CORE SERVERS<--------V-------------V-----------V

| | |

Tenant 1 | |

| |

Tenant 2 |

|

Tenant 3

All tenants need to be able to communicate with the Core Servers, but they should not be able to communicate with each other.

This is the configuration that I have worked out so far. Please let me know if you see any issues with it that may cause it to not function or function incorrectly.

CORE SERVERS:

n7000(config)#vrf context core

n7000(config)#interface ethernet 1/1

n7000(config-if)#vrf member core

n7000(config-if)#ip address 10.1.1.1

ip vrf core

rd 100:1

route-target export 100:1

route-target import 100:2

route-target import 100:3

route-target import 100:4

!

Tenant 1

n7000(config)#vrf context tenant1

n7000(config)#interface ethernet 2/1

n7000(config-if)#vrf member tenant1

n7000(config-if)#ip address 10.2.1.1

ip vrf tenant1

rd 100:2

route-target export 100:2

route-target import 100:1

!

Tenant 2

n7000(config)#vrf context tenant2

n7000(config)#interface ethernet 3/1

n7000(config-if)#vrf member tenant2

n7000(config-if)#ip address 10.3.1.1

ip vrf tenant2

rd 100:3

route-target export 100:3

route-target import 100:1

!

Tenant 1

n7000(config)#vrf context tenant3

n7000(config)#interface ethernet 4/1

n7000(config-if)#vrf member tenant3

n7000(config-if)#ip address 10.4.1.1

ip vrf tenant3

rd 100:4

route-target export 100:4

route-target import 100:1

!

Also I have been unable to locate the command to manually set the rd for a vrf.

Thoughts, comments, telling me I am wildly off base...all are appreciated, especially if you have an idea of how to either correct the issue or do it better.

Reza Sharifi · ‎12-27-2012

duplicate post