: Apply Outbound and Inbound Contracts to the EPGs
Focus
Focus

Apply Outbound and Inbound Contracts to the EPGs

Table of Contents

Apply Outbound and Inbound Contracts to the EPGs

Now you must apply the inbound and outbound contracts to the appropriate EPGs.
For all the EPGs (EPG collection) within a VRF to send traffic to an external destination, each internal EPG must contract with the external EPG. Typically, you would need to create a separate contract between each internal EPG and the external EPG. However, using a vzAny object you can apply the same contract to all EPGs dynamically. The EPG collection consumes the contract and the external EPG provides the contract. You can configure specific traffic profiles in the contract or send all traffic to the firewall and allow it to control the traffic leaving the datacenter. Additionally, any new EPG that joins the VRF will automatically has the contract applied to it.
Apply the inbound contract so the internal EPG is the provider and the external EPG is the consumer. Traffic flowing to the internal EPG is fist checked against the contract and any allowed traffic is then secured further by the firewall as necessary.
  1. Apply the outbound contract to all EPGs in the VRF.
    1. On the
      Tenants
      tab, double-click on the name of your tenant.
    2. Select
      Networking
      VRFs
      <you VRF>
      EPG Collection for VRF
      .
    3. Click the plus (+) button to the right of
      Consumed Contracts
      .
    4. Select your outbound contract from the
      Name
      drop-down.
    5. Click
      Update
      .
    6. Select
      Networking
      External Routed Networks
      <your external routed network>
      Networks
      External
      .
    7. Click the plus (+) button to the right of
      Provided Contracts
      .
    8. Select your outbound contract from the
      Name
      drop-down.
    9. Click
      Update
      .
  2. Apply the inbound contract so an internal EPG provides it to the external EPG.
    1. On the
      Tenants
      tab, double-click on the name of your tenant.
    2. Select
      Application Profiles
      <your application profile>
      Application EPGs
      <your application EPG>
      Contracts
      .
    3. Right-click on
      Contracts
      and select
      Add Provided Contract
      .
    4. Select your inbound contract from the
      Contract
      drop-down.
    5. Click
      Submit
      .
    6. On the same tenant, select
      Networking
      External Routed Networks
      <your external routed network>
      Networks
      External
      .
    7. On the Contracts tab, click the plus (+) button to the right of
      Consumed Contracts
      .
    8. Select your inbound contract from the
      Name
      drop-down.
    9. Click
      Update
      .

Recommended For You