Solved: Difference Between subnet under EPG and BD.

Khansa'a Nasr · ‎10-15-2017

Hi

Could anyone please let me know what is a difference between Subnets in EPG and Subnets in BD?

RedNectar · ‎10-15-2017

Hi Khansa,

[Edited to clear up ambiguity in #2 below and add #3]

You may find out all you need to know by reading my reply to this question, but let me re-iterate here anyway.

Subnets can be assigned to both BDs and EPGs. Which is very confusing, but there is a subtle difference that doesn't really come into play until you need to configure contracts between VRFs or between Tenants.

If you haven't got into sharing contracts between VRFs or between Tenants, then this is all you probably need to know:

If you want, you can merrily configure all your IPs on EPGs rather than BDs. And in some ways, that more closely resembles a Network Centric Approach.
If you ever need to provide a service to another VRF or another Tenant (apart from the common Tenant), you will NEED to add an IP Address to the EPG to specify which part of the subnet you wish to advertise to the consumer EPG, and mark that subnet as being Shared Between VRFs and that subnet will then get leaked into the Consumer's VRF.
On the Consumer side, the subnet also has to be marked as being Shared Between VRFs so that the route can be leaked into the Provider's VRF. This can be done on the Consumer's DB or on a Subnet EPG.

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

nvermand · ‎10-16-2017

Hi,
Subnet under EPG should solely used in the context of VRF leaking (which works with contract) to apply the right classification and corresponding policy enforcement under the provider EPG. A new knob had been introduced in 2.3 to allow you to:
- Define a Subnet under the BD, and use it as the default gateway
- Configure carvings of this subnet under the EPGs and not having to change the default gateway on the servers
For example, you can have 10.10.10.1/24 under the BD as a default gateway, whilst deploying more specific classification under EPG, such as 10.10.10.5/30.

You can find additional info there: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-737909.html#_Toc492605185

Hope this helps

Nicolas

Technical Marketing - Insieme BU

View solution in original post

Rick1776 · ‎10-15-2017

It really depends on what you are trying to achieve.

Here is a good link to read

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/aci-fundamentals/b_ACI-Fundamentals/b_ACI-Fundamentals_chapter_010001.html#d10240e710a1635

RedNectar · ‎10-15-2017

Hi Khansa,

[Edited to clear up ambiguity in #2 below and add #3]

You may find out all you need to know by reading my reply to this question, but let me re-iterate here anyway.

Subnets can be assigned to both BDs and EPGs. Which is very confusing, but there is a subtle difference that doesn't really come into play until you need to configure contracts between VRFs or between Tenants.

If you haven't got into sharing contracts between VRFs or between Tenants, then this is all you probably need to know:

If you want, you can merrily configure all your IPs on EPGs rather than BDs. And in some ways, that more closely resembles a Network Centric Approach.
If you ever need to provide a service to another VRF or another Tenant (apart from the common Tenant), you will NEED to add an IP Address to the EPG to specify which part of the subnet you wish to advertise to the consumer EPG, and mark that subnet as being Shared Between VRFs and that subnet will then get leaked into the Consumer's VRF.
On the Consumer side, the subnet also has to be marked as being Shared Between VRFs so that the route can be leaked into the Provider's VRF. This can be done on the Consumer's DB or on a Subnet EPG.

I hope this helps

Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

Khansa'a Nasr · ‎10-18-2017

Thank A lot. It helped me put things into perspective

nvermand · ‎10-16-2017

Hi,
Subnet under EPG should solely used in the context of VRF leaking (which works with contract) to apply the right classification and corresponding policy enforcement under the provider EPG. A new knob had been introduced in 2.3 to allow you to:
- Define a Subnet under the BD, and use it as the default gateway
- Configure carvings of this subnet under the EPGs and not having to change the default gateway on the servers
For example, you can have 10.10.10.1/24 under the BD as a default gateway, whilst deploying more specific classification under EPG, such as 10.10.10.5/30.

You can find additional info there: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-737909.html#_Toc492605185

Hope this helps

Nicolas

Technical Marketing - Insieme BU

SIMMN · ‎05-02-2024

Sorry to reply a 7-y old post...

@nvermand, Within you referenced white paper, I assume you refer to the EGP Static Routes section (screenshot), right? With the ACI v5.2/3 or v6.0, is it still a requirement to use EPG subnet for VRF leaking? Wouldn't "Shared Between VRFs" under the BD subnet be recommended for VRF leaking setup, unless you just need to leak a portion of the subnet? Thanks!