: Apply Outbound and Inbound Contracts to the EPGs
Focus
Focus

Apply Outbound and Inbound Contracts to the EPGs

Table of Contents

Apply Outbound and Inbound Contracts to the EPGs

Now you must apply the inbound and outbound contracts to the appropriate EPGs.
For all the EPGs (EPG collection) within a VRF to send traffic to an external destination, each internal EPG must contract with the external EPG. Typically, you would need to create a separate contract between each internal EPG and the external EPG. However, using a vzAny object you can apply the same contract to all EPGs dynamically. The EPG collection consumes the contract and the external EPG provides the contract. You can configure specific traffic profiles in the contract or send all traffic to the firewall and allow it to control the traffic leaving the datacenter. Additionally, any new EPG that joins the VRF will automatically has the contract applied to it.
Apply the inbound contract so the internal EPG is the provider and the external EPG is the consumer. Traffic flowing to the internal EPG is fist checked against the contract and any allowed traffic is then secured further by the firewall as necessary.
  1. Apply the outbound contract to all EPGs in the VRF.
    1. On the Tenants tab, double-click on the name of your tenant.
    2. Select NetworkingVRFs<you VRF>EPG Collection for VRF.
    3. Click the plus (+) button to the right of Consumed Contracts.
    4. Select your outbound contract from the Name drop-down.
    5. Click Update.
    6. Select NetworkingExternal Routed Networks<your external routed network>NetworksExternal.
    7. Click the plus (+) button to the right of Provided Contracts.
    8. Select your outbound contract from the Name drop-down.
    9. Click Update.
  2. Apply the inbound contract so an internal EPG provides it to the external EPG.
    1. On the Tenants tab, double-click on the name of your tenant.
    2. Select Application Profiles<your application profile>Application EPGs<your application EPG>Contracts.
    3. Right-click on Contracts and select Add Provided Contract.
    4. Select your inbound contract from the Contract drop-down.
    5. Click Submit.
    6. On the same tenant, select NetworkingExternal Routed Networks<your external routed network>NetworksExternal.
    7. On the Contracts tab, click the plus (+) button to the right of Consumed Contracts.
    8. Select your inbound contract from the Name drop-down.
    9. Click Update.