×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Inter-Tenant communication on ACI

Answered Question
Oct 8th, 2014
User Badges:

Hi Experts,

 

I think I can use the shared subnets under a BD when I need an inter-VRF communication on ACI. But I wonder how I can set up a communication between Tenants on ACI when a project requires that type of communication for a while.

 

Thanks in advance.

Paul

Correct Answer by dpita about 2 years 10 months ago

Hello Paul, 

Thank you and for using the Cisco ACI support forums and welcome. Thats a very good question. The officially supported way to accomplish inter Tenant communications is to create a shared subnet under the EPG. At this point, each vrf or tenant should be able to see a leaked routed in the routing table with a static entry pointing to the spine-proxy/overlay network. Then from one tenant, create a contract to be provided and then export it, finally, in the destination tenant, create a consumed contract interface.

 

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
dpita Thu, 10/09/2014 - 05:03
User Badges:
  • Cisco Employee,

Hello Paul, 

Thank you and for using the Cisco ACI support forums and welcome. Thats a very good question. The officially supported way to accomplish inter Tenant communications is to create a shared subnet under the EPG. At this point, each vrf or tenant should be able to see a leaked routed in the routing table with a static entry pointing to the spine-proxy/overlay network. Then from one tenant, create a contract to be provided and then export it, finally, in the destination tenant, create a consumed contract interface.

 

moyeonlee Thu, 10/09/2014 - 06:01
User Badges:

Hi Dpita,

 

Thank you so much for your answer.

Could you share a configuration guide of it you mentioned with me?

 

Regards

Paul

 

dpita Thu, 10/09/2014 - 07:39
User Badges:
  • Cisco Employee,

Hello, 

Unfortunately, at this time there is no configuration guide for inter-tenant communication. 

 

kpiao Tue, 01/13/2015 - 22:10
User Badges:

oh yes Dpita you mentioned about route leaked,

--------------

q1. it is leaked to MP-BGP? tenant to tenant running MP-BGP? it is enabled

by default MP-BGP or where to enable it for tenant to tenant routing?

--------------

q2. how and where in menu of the APIC can we verify the leaked route?

--------------

q3. any update on the configuration guide or any doc from cisco.com

on the release date? customer asking on how to implement where can we

refer in the cisco site or doc for reference, any projected date on the release?

--------------

q4.  "In the case of a shared service mode, a contract is required
for inter-tenant communication. A contract is used to specify
static routes across contexts, even though the tenant context
does not enforce a policy."

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x...

 

q4: from above, can we've contract for inter-tenant without shared service?

--------------

q5. for vxlan, on the leaf switch it is there's only 1 vtep ip or multiple vtep ip?

--------------

q6. is there any verification tool to trace the traffic flow like you know ASDM

there's packet tracer, and callmanager we've DNA (dialed-number anlayser), RTMT,

how about in APIC any tool to trace the policy on the object for the traffic flow

so that we know it has been implemented correctly and/or for troubleshooting

--------------

Please advice on above 6x questions?

Awaiting your reply,

Many Thanks :) 

 

 

Actions

This Discussion