Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
In ACI you typically solve this with route control on the L3Out using route-maps / import policies (or contract-based filtering) so the DR tenant only accepts prefixes from the DR Tier-0 path and explicitly denies/filters anything learned via the ISN...
Your setup already sounds solid, and you’re right—scaling it across a team is where things get tricky. In most enterprise cases, teams usually move toward a shared execution layer like CI/CD pipelines or serverless functions (Azure Functions, AWS Lam...
