ACI VRF Leaking options

Case1: VRF Leaking for shared services (between a user Tenant VRF and common Tenant VRF):

On both sides:

Step1: define Subnets under BD and mark them as shared between VRF

Step2: Create a contract under common Tenant, then provide it or consume (according to your need) in the EPG linked to the previous BDs

Case2: VRF Leaking between 2 VRF in different user Tenants (not common)

Step1: define Subnets under The provider EPG and mark it as shared between VRF

Notes: It is best practice to define Subnet under EPG for the provider Side in order to advertise only the subnet for that EPG

Because when a BD has multiple subnets and you set the subnets as shared between VRF, you can’t control which subnets are shared to target VRF, all subnets marked with shared between VRF will be leaked to all VRF that we have a contract with

example:

BD-2 in Tenant-2 have 2 subnets (one used with EPG-1 and the other used for EPG-2), in this case, if we mark subnet-1 and subnet-2 as “shared between VRF” and create a contract between EPG-2-WEB (provider) and EPG-1 consumer, both subnets will be leaked to VRF-1

in order to prevent that, put only the EPG-2-WEB subnet that you want to advertise to VRF-1 under the EPG

Step2: define Subnets under The consumer EPG or in the BD and mark it as shared between VRF

Step3: Create a contract under one of the user Tenants, then export the contract to the other user Tenant

Step2: provide and consume (according to your need) in the EPGs