I'd like to use a bunch of EPG/BD's as L2 transport/bridging only connecting endpoints and using a firewall as a default gateway. I see a bunch of videos saying I need to use contracts, but if the firewall is sitting on the same L2 segment as the host, then assuming we're not doing any sort of useg thenhow does that work?
Also, if possible I'd like to be able to see my endpoint mac and IP addressing in ACI as I don't have access to the firewalls and ARP tables. I know I need to have a valid IP address assigned to the bridge-domain and I need to enable unicast routing for this, but I've painfully discovered this ends up having a lot of undesirable effects the BD's are in the same VRF as the networks begin advertising themselves internally and EPG-EPG comms start to break down even though the gateway is the FW sitting direclty on the same L2 segment . Removing the IP address from the bridge-domain fixes the problem but then I lose all layer 3 visibility into the EPG. Is there any way to have my cake and eat it too in this situation?
No comments:
Post a Comment