[CISCO ACI] Inter tenant contract

General stuffs, Software Defined Network 1 Minute

The ACI configuration for inter tenant contract is complicated.

A contract provides two functions:

  1. Provide filter.
  2. Provide route leak.

A tenant is considered a VRF itself. In this example there are two tenants T05 and T06.

T05 exports the contract to T06, and T05 provide the contract. T06 consumed the contract exported by T06.

tenant to tenant contract4
Shared my bridge domain subnet.
tenant to tenant contract1
Export the contract. The contract created has a GLOBAL scope.
tenant to tenant contract2
Give a meaningful name of this export, because the target tenant can only see the name of the contract. Choose the GLOBAL scope contract which is ICMP-GLOBAL. Choose the target Tenant which is T06.
tenant to tenant contract3
Provide the ICMP-GLOBAL contract in EPG which you want to route leak to another tenant.

T06 will need to consume the contract exported from T05. T06 also follows the same steps as above. Now T05 will need to consume the exported contract from T06.

tenant to tenant contract5
On T05 tenant, select Application Profile > EPG > Contracts and right click to choose Add Consumed Contract Interface.

tenant to tenant contract6

Now T05 and T06 can ping to each other.

There is a common tenant which is a built-in in APIC, common tenant to another tenant communication does not need to do export, common tenant’s contract is visible by all tenants, but a contract created by a tenant is only visible by its own creator. Which is why tenant T05 need to export the contract to T06, and T06 did vice versa.

 

 

Published by cyruslab

Published

Leave a comment