Sharing Resources Across Tenants using Shared Tenant

This topic offers examples of configuring shared tenant resources.

One tenant, with the role=shared attribute, owns the resources and entities that can be shared across all the other tenants, called non-shared tenant. The tenant service can have one shared tenant that services all the shared resources. The shared tenant owns the physical ports, Layer 2 and Layer 3 VNI number ranges, VLAN number ranges, and the VRF numbers. The shared tenant can create the endpoints and the VRFs, but not the endpoint groups.

A non-shared tenant cannot use the ports that the shared tenant owns if the ports are already part of an endpoint. A non-shared tenant cannot create an endpoint using the ports that the shared tenant owns.

Example: Shared port use case (Layer 2 hand-off)

Click to expand in new window

The following examples show the commands and syntax used to configure the shared port.

efa tenant create --name tenant1 --l2-vni-range 101-110 --vlan-range 101-110,201-210 
--port L-1[0/1]
efa tenant create --name tenant2 --l2-vni-range 111-120 --vlan-range 101-110,211-220 
--port L-2[0/2]
efa tenant create --name tenant3 --l2-vni-range 121-130 --vlan-range 101-110,221-230 
--port L-3[0/3]
efa tenant create --name tenant4 --l2-vni-range 131-140 --vlan-range 101-110,231-240 
--port L-4[0/4]

efa tenant create --name SharedTenant --port BL-1[0/1],BL-2[0/1] --type shared

efa tenant epg create --name ten1epg1 -–tenant tenant1 --port L-1[0/1] 
--switchport-mode trunk --ctag-range 101-110 --l2-vni 101:101 --l2-vni 102:102 ….. 
--l2-vni 110:110
efa tenant epg create --name ten2epg1 -–tenant tenant2 --port L-2[0/2] 
--switchport-mode trunk --ctag-range 101-110 --l2-vni 101:111 --l2-vni 102:112 ….. 
--l2-vni 110:120
efa tenant epg create --name ten3epg1 –-tenant tenant3 --port L-3[0/3] 
--switchport-mode trunk --ctag-range 101-110 --l2-vni 101:121 --l2-vni 102:122 ….. 
--l2-vni 110:130
efa tenant epg create --name ten4epg1 --tenant tenant4 --port L-4[0/4] 
--switchport-mode trunk --ctag-range 101-110 --l2-vni 101:131 --l2-vni 102:132 ….. 
--l2-vni 110:140

efa tenant epg create --name ten1epg2 -–tenant tenant1 -–port BL-1[0/1],BL-2[0/1] 
--switchport-mode trunk --ctag-range 201-210 --l2-vni 201:101 --l2-vni 202:102 ….. 
--l2-vni 210:110
efa tenant epg create --name ten2epg2 -–tenant tenant2 -–port BL-1[0/1],BL-2[0/1] 
--switchport-mode trunk --ctag-range 211-220 --l2-vni 211:111 --l2-vni 212:112 ….. 
--l2-vni 220:120
efa tenant epg create --name ten3epg2 –-tenant tenant3 -–port BL-1[0/1],BL-2[0/1] 
--switchport-mode trunk --ctag-range 221-230 --l2-vni 221:121 --l2-vni 212:122 ….. 
--l2-vni 230:130
efa tenant epg create --name ten4epg2 –-tenant tenant4 -–port BL-1[0/1],BL-2[0/1] 
--switchport-mode trunk --ctag-range 231-240 --l2-vni 231:131 --l2-vni 212:132 ….. 
--l2-vni 240:140

Example: Shared endpoint use case (Layer 2 hand-off)

Click to expand in new window

The following examples show the commands and syntax used to configure the shared endpoint.

efa tenant create --name SharedTenant --port BL-1[0/1],BL-2[0/1] 
-–l3-vni-range 1001-1010 –-vrf-count 10 --type shared efa tenant vrf create --name red 
--tenant SharedTenant
efa tenant epg create --name ten1epg1 --tenant tenant1 --port L-1[0/1] 
--switchport-mode trunk --ctag-range 101-102 --l2-vni 101:101 --l2-vni 102:102 
--anycast-ip 101:10.10.10.1/24 --vrf red –-l3-vni 1001
efa tenant epg create --name ten2epg1 --tenant tenant2 --port L-2[0/2] 
--switchport-mode trunk --ctag-range 101-102 --l2-vni 101:111 --l2-vni 102:112 
--anycast-ip 101:10.10.11.1/24 --vrf red -–l3-vni 1001
efa tenant epg create --name ten3epg1 --tenant tenant3 --port L-3[0/3] 
--switchport-mode trunk --ctag-range 101-102 --l2-vni 101:121 --l2-vni 102:122 
--anycast-ip 101:10.10.12.1/24 --vrf red –-l3-vni 1001
efa tenant epg create --name ten1epg1 --tenant tenant4 --port L-4[0/4] 
--switchport-mode trunk --ctag-range 101-102 --l2-vni 101:131 --l2-vni 102:132 
--anycast-ip 101:10.10.13.1/24 --vrf red -–l3-vni 1001

Example: Shared endpoint use case (Layer 3 hand-off)

Click to expand in new window
Topology

The following examples show the commands and syntax used to configure the shared endpoint.

efa tenant create --name tenant1 --l2-vni-range 1001-1010 --vlan-range 1001-1010 
--port BL-1[0/11],BL-2[0/11] --l3-vni-range 10001-10010 --vrf-count 10
efa tenant create --name tenant2 --l2-vni-range 1101-1110 --vlan-range 1101-1110 
--port BL-1[0/21],BL-2[0/21] --l3-vni-range 20001-20010 --vrf-count 10

efa tenant vrf create --name vrf1 --tenant Tenant1
efa tenant vrf create --name vrf2 --tenant Tenant2

efa tenant epg create --name ten1epg1 --tenant tenant1 --port BL-1[0/11] 
--switchport-mode trunk --ctag-range 1001 --l2-vni 1001:1001 --anycast-ip 1001:10.10.10.1/24 
--vrf vrf1 –-l3-vni 1001
efa tenant epg create --name ten2epg1 --tenant tenant2 --port BL-1[0/21] 
--switchport-mode trunk --ctag-range 1101 --l2-vni 1101:1101 --anycast-ip 1101:10.10.11.1/24 
--vrf vrf2 -–l3-vni 1002

efa tenant create --name SharedTenant --port BL-1[0/1-8],BL-2[0/1-8] --type shared

efa tenant po create --name po101 --tenant SharedTenant --speed 10Gbps 
--negotiation active -–port BL-1[0/1],BL-1[0/2] 
efa tenant po create --name po102 --tenant SharedTenant --speed 10Gbps 
--negotiation active -–port BL-1[0/3],BL-1[0/4]

VRF1

efa tenant epg create –-name ten1epg2 –-tenant tenant1 --type l3-handover 
--po po101 –-switchport-mode trunk –-ctag-range 101 -–vrf vrf1  –-local-ipv4-address 11.1.1.1/30 
–-local-ipv6-address 2001:11:1:1::1/126 -–remote-ipv4-address 11.1.1.2 -–remote-ipv6-address 
2001:11:1:1::2 --remote-as 4220000001 –-bfd -–bfd-interval 100 –-bfd-min-rx 200 –-bfd-multiplier 10

efa tenant epg create -–name ten1epg3 -–tenant tenant1 --type l3-handover 
--po po102 –-switchport-mode trunk –-ctag-range 201 -–vrf vrf1 –-local-ipv4-address 12.1.1.1/30 
–-local-ipv6-address 2001:12:1:1::1/126 –-remote-ipv4-address 12.1.1.2 –-remote-ipv6-address 
2001:12:1:1::2 --remote-as 4220000001 -–bfd –-bfd-interval 100 –-bfd-min-rx 200 –-bfd-multiplier 10

VRF2

efa tenant epg create -–name ten2epg2 –-tenant tenant2 --type l3-handover --po po101 
–-switchport-mode trunk –-ctag-range 102 –-vrf vrf2  –-local-ipv4-address 11.2.1.1/30 
–-local-ipv6-address 2001:11:2:1::1/126 -–remote-ipv4-address 11.2.1.2 –-remote-ipv6-address 
2001:11:1:1::2 --remote-as 4220000001 –-bfd -–bfd-interval 100 –-bfd-min-rx 200 –-bfd-multiplier 10

efa tenant epg create –-name ten2epg3 -–tenant tenant2 --type l3-handover --po po102 
–-switchport-mode trunk –-ctag-range 202 –-vrf vrf2 -–local-ipv4-address 12.2.1.1/30 
–-local-ipv6-address 2001:12:2:1::1/126 –-remote-ipv4-address 12.2.1.2 –-remote-ipv6-address 
2001:12:2:1::2 --remote-as 4220000001 –-bfd  –-bfd-interval 100 –-bfd-min-rx 200 –-bfd-multiplier 10