EMAIL SUPPORT
dclessons@dclessons.comLOCATION
AFL3OUT VRF Route Leaking for Shared Services
L3OUT VRF Route Leaking for Shared Services
the VRF route leaking can be performed with L3Out and EPG, so, L3Out EPG (external EPG) and internal EPG. The L3Out that is configured with the VRF route leaking is called Shared L3Out and is used when a service that needs to be shared across VRFs resides in the external routes learned from the L3Out.
In the shared L3Out, there are two scopes under the L3Out subnet in the L3Out EPG.
- Shared Route Control Subnet
- Shared Security Import Subnet
The basic configuration concept of the shared L3Out is the same as leaking between EPGs. The following is the summary steps for the shared L3Out.
-
Configure a contract across VRFs with the appropriate scope.
-
Mark the subnet to leak with “Shared Route Control Subnet”
-
This subnet needs to be learned in the L3Out via the routing protocol or configured as a static route.
-
-
Mark the subnet with “Shared Security Import Subnet” to let the other VRF know about the subnet to L3Out EPG mapping.
Users must define L3Out subnets in each L3Out EPG with “External Subnets for the External EPG” scope to declare which external routes belong to which L3Out EPG. The other VRF needs to be informed of this mapping so that a contract can be applied correctly.
LEAVE A COMMENT
Please login here to comment.