Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Inter-Tenant communication on ACI

Hi Experts,

 

I think I can use the shared subnets under a BD when I need an inter-VRF communication on ACI. But I wonder how I can set up a communication between Tenants on ACI when a project requires that type of communication for a while.

 

Thanks in advance.

Paul

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hello Paul, Thank you and for

Hello Paul, 

Thank you and for using the Cisco ACI support forums and welcome. Thats a very good question. The officially supported way to accomplish inter Tenant communications is to create a shared subnet under the EPG. At this point, each vrf or tenant should be able to see a leaked routed in the routing table with a static entry pointing to the spine-proxy/overlay network. Then from one tenant, create a contract to be provided and then export it, finally, in the destination tenant, create a consumed contract interface.

 

6 REPLIES
Cisco Employee

Hello Paul, Thank you and for

Hello Paul, 

Thank you and for using the Cisco ACI support forums and welcome. Thats a very good question. The officially supported way to accomplish inter Tenant communications is to create a shared subnet under the EPG. At this point, each vrf or tenant should be able to see a leaked routed in the routing table with a static entry pointing to the spine-proxy/overlay network. Then from one tenant, create a contract to be provided and then export it, finally, in the destination tenant, create a consumed contract interface.

 

Community Member

Hi Dpita, Thank you so much

Hi Dpita,

 

Thank you so much for your answer.

Could you share a configuration guide of it you mentioned with me?

 

Regards

Paul

 

Cisco Employee

Hello, Unfortunately, at this

Hello, 

Unfortunately, at this time there is no configuration guide for inter-tenant communication. 

 

Community Member

oh yes Dpita you mentioned

oh yes Dpita you mentioned about route leaked,

--------------

q1. it is leaked to MP-BGP? tenant to tenant running MP-BGP? it is enabled

by default MP-BGP or where to enable it for tenant to tenant routing?

--------------

q2. how and where in menu of the APIC can we verify the leaked route?

--------------

q3. any update on the configuration guide or any doc from cisco.com

on the release date? customer asking on how to implement where can we

refer in the cisco site or doc for reference, any projected date on the release?

--------------

q4.  "In the case of a shared service mode, a contract is required
for inter-tenant communication. A contract is used to specify
static routes across contexts, even though the tenant context
does not enforce a policy."

http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/aci-fundamentals/b_ACI-Fundamentals/b_ACI_Fundamentals_BigBook_chapter_010.html#concept_9241D40AD01249C0992D486359CF4667

 

q4: from above, can we've contract for inter-tenant without shared service?

--------------

q5. for vxlan, on the leaf switch it is there's only 1 vtep ip or multiple vtep ip?

--------------

q6. is there any verification tool to trace the traffic flow like you know ASDM

there's packet tracer, and callmanager we've DNA (dialed-number anlayser), RTMT,

how about in APIC any tool to trace the policy on the object for the traffic flow

so that we know it has been implemented correctly and/or for troubleshooting

--------------

Please advice on above 6x questions?

Awaiting your reply,

Many Thanks :) 

 

 

3582
Views
0
Helpful
6
Replies
CreatePlease to create content