Route Leaking Use Case

• About the Route Leaking Use Case, on page 1

• Configure the Necessary Templates, on page 3
• Configure Route Leaking, on page 21

About the Route Leaking Use Case

This route leaking use case uses separate templates for each site, which contains VRF and network definitions
for the on-premises site, whereas for cloud sites these templates only contain the VRF definition. Unlike the
stretched VRF (intra-VRF) use case described in Stretched VRF Use Case, which does not require any
configurations for exchanging prefixes between the sites because the same VRF is stretched to all sites, you
must configure VRF leaking for this use case because each site uses a different VRF.
To propagate the prefixes between the sites (on-premises as well as cloud sites), you must explicitly configure
route leaking on the respective templates associated with the sites.

Route Leaking Use Case

1
 Route Leaking Use Case
About the Route Leaking Use Case

Figure 1:

As shown in the figure above, each site has a separate associated template, which contains VRF/network
definitions specific to that site only. On-Prem Template is associated to the NDFC managed on-premises site,
whereas AWS Template and Azure Template are associated to the AWS and Azure cloud sites, respectively.
Inter-VRF route leaking is configured explicitly between different VRFs to allow communication between
the sites.

Route Leaking Use Case

2
 Route Leaking Use Case
Configure the Necessary Templates

Configure the Necessary Templates

Use the procedures in the following sections to configure the templates that you will need for the route leaking
use case.

Configure the On-Premises Site Template

In this section, you will configure the On-Prem Template that will be associated to the NDFC managed
on-premises site.

Step 1 In NDO, navigate to Application Management > Schemas and click Add Schema.
Step 2 Provide the schema name and click Add.
For this use case, we will name the new schema VRF Route Leaking Schema.

Figure 2:

You are returned to the Overview page for the new VRF Route Leaking Schema schema.
Step 3 Under the VRF Route Leaking Schema schema, click Add New Template.
Step 4 Choose the NDFC template.
Step 5 Enter a name in the Display Name field to create an NDFC-type template (for example, On-Prem Template).
Step 6 Select the dcnm-default-tn tenant in the Select a Tenant field to map the template to that tenant.

Route Leaking Use Case

3
 Route Leaking Use Case
Configure the On-Premises Site Template

Figure 3:

Step 7 Under Template Properties, click Create Object and choose VRF to create a VRF that will be used with the NDFC
managed on-premises site.
Note If you have an on-premises VRF already created that you want to use instead of creating a new VRF, under
Template Properties, click Import, then import the already-created VRF.
Currently, support is only available for importing VRFs and networks from on-premises sites.

Step 8 Enter a name in the Display Name field for this VRF (for example, v10).
Figure 4:

Step 9 Under Template Properties, click Create Object and choose Network to create a network.
Note If you have a network already created that you want to use instead of creating a new network, under
Template Properties, click Import, then import the already-created network.

Route Leaking Use Case

4
 Route Leaking Use Case
Configure the On-Premises Site Template

Step 10 Enter a name in the Display Name field for the network (for example, net10).
Step 11 In the Virtual Routing & Forwarding field, choose the v10 VRF to map the net10 network to that VRF.
Figure 5:

Step 12 In the Gateway IP field, click Add Subnet and provide the gateway IP address, then click Add.
Figure 6:

The gateway IP address is now displayed in the Gateway IP field.

Route Leaking Use Case

5
 Route Leaking Use Case
Configure the On-Premises Site Template

Figure 7:

Step 13 Define other optional parameters for this network, if necessary.

Step 14 In the Template Properties area, click Actions > Sites Association.
Figure 8:

Step 15 Associate this template only to the on-premises site (the Sydney site in this example use case), then click Ok.

Route Leaking Use Case

6
 Route Leaking Use Case
Configure the On-Premises Site Template

Figure 9:

Step 16 Click Template Properties and select the on-premises site (the Sydney site in this example use case), then select the
v10 VRF.
Step 17 In the right pane, click Add Static Leaf.
Figure 10:

The Add Static Leaf window appears.

Step 18 In the Leaf field, select the leaf/border/border gateway device where this VRF is to be deployed and click Ok.
In this example, you need to deploy the VRF on the leaf nodes (where the endpoints part of the network mapped to the
VRF will be connected) and on the BGW spine node to be able to extend the Layer 3 connectivity for the VRF towards
the cloud sites.

Route Leaking Use Case

7
 Route Leaking Use Case
Configure the On-Premises Site Template

Step 19 To attach the network to the leaf switches, click the net10 network, then click Add Static Port to add the ports where
you want to deploy this network.
The Add Static Port window appears.
Step 20 In the Add Static Port window, click Add Path.
The Add Static Port window appears.
Step 21 In the Leaf field, select the device where you want to deploy this network.
Step 22 (Optional) Enter the necessary information in the VLAN field.
Step 23 In the Ports field, select the ports where you want to deploy this network.
Step 24 Click Save.
Figure 11:

You are returned to the Add Static Port window.

Step 25 In the Add Static Port window, click Submit.

Route Leaking Use Case

8
 Route Leaking Use Case
Configure the On-Premises Site Template

Figure 12:

You are returned to the on-premises template window.

Figure 13:

Step 26 Click the arrow next to the on-premises site, and from the drop-down menu, select Template Properties.
Step 27 Click Deploy to Sites.

Route Leaking Use Case

9
 Route Leaking Use Case
Configure the On-Premises Site Template

Figure 14:

Step 28 Deploy On-Prem Template to the sites.

• Click Deployment Plan for additional verification.
Click on the on-premises site to see the deployment plan for that specific site.
Figure 15:

• Click Deploy to have NDO push the configurations to NDFC.

This pushes the NDO configurations to NDFC.

Step 29 In NDFC, verify that the VRF was deployed successfully.

Route Leaking Use Case

10
 Route Leaking Use Case
Configure the Azure Site Template

Figure 16:

What to do next
Follow the procedures provided in Configure the Azure Site Template, on page 11.

Configure the Azure Site Template

In this section, you will configure the Azure Template that will be associated to the Azure site.

Before you begin

Follow the procedures provided in Configure the On-Premises Site Template, on page 3.

Step 1 Under the VRF Route Leaking Schema schema, click Add New Template.
Step 2 Choose the NDFC template.
Step 3 Enter a name in the Display Name field to create an NDFC-type template for the Azure site (for example, Azure
Template).
Step 4 Select the dcnm-default-tn tenant in the Select a Tenant field to map the template to that tenant.

Route Leaking Use Case

11
 Route Leaking Use Case
Configure the Azure Site Template

Figure 17:

Step 5 Under Template Properties, click Create Object and choose VRF to create a VRF that will be used with the Azure
site.
Figure 18:

Step 6 Enter a name in the Display Name field for this VRF (for example, azure10).

Route Leaking Use Case

12
 Route Leaking Use Case
Configure the Azure Site Template

Figure 19:

Step 7 In the Template Properties area, click Actions > Sites Association.
Figure 20:

Step 8 Associate this template only to the Azure site, then click Ok.

Route Leaking Use Case

13
 Route Leaking Use Case
Configure the Azure Site Template

Figure 21:

Step 9 Click the azure10 VRF, then click Add Region to create the VNet in a selected region.
The Add Cloud Region CIDRs window appears.
Step 10 In the Region field, choose the region where you want to create the VNet.
Step 11 In the CIDR field, click Add CIDRs and define a CIDR block for the VNet.
Step 12 Click Add Subnet to create the subnets, then click Save.
Figure 22:

Step 13 Check the box under the VNet Peering field, then select the hub network that was created on the Cisco Cloud Network
Controller for Azure.

Route Leaking Use Case

14
 Route Leaking Use Case
Configure the Azure Site Template

Figure 23:

Step 14 Click Ok.

You are returned to the Azure template window.
Step 15 Click the arrow next to the Azure site, and from the drop-down menu, select Template Properties.
Step 16 Click Deploy to Sites.
Step 17 Deploy Azure Template to the sites.
• Click Deployment Plan for additional verification.
Click on the Azure site to see the deployment plan for that specific site.
Figure 24:

• Click Deploy to have NDO push the configurations to NDFC.

Route Leaking Use Case

15
 Route Leaking Use Case
Configure the AWS Site Template

To verify that the configurations were pushed out correctly, connect to the Cloud Network Controller deployed on
Azure and navigate to Cloud Resources > Virtual Networks, then click the azure10 VNet and use the information
in the Overview page for additional verifications:
Figure 25:

Note that there is no destination address configured at this point in the process, so the Azure site cannot talk to any
other site yet at this point in the process. This destination address configuration will be pushed out after you have
completed the route leaking procedure.

What to do next
Follow the procedures provided in Configure the AWS Site Template, on page 16.

Configure the AWS Site Template

In this section, you will configure the AWS Template that will be associated to the AWS site.

Before you begin

Follow the procedures provided in Configure the Azure Site Template, on page 11.

Step 1 Under the VRF Route Leaking Schema schema, click Add New Template.
Step 2 Choose the NDFC template.
Step 3 Enter a name in the Display Name field to create an NDFC-type template for the AWS site (for example, AWS Template).
Step 4 Select the dcnm-default-tn tenant in the Select a Tenant field to map the template to that tenant.

Route Leaking Use Case

16
 Route Leaking Use Case
Configure the AWS Site Template

Figure 26:

Step 5 Under Template Properties, click Create Object and choose VRF to create a VRF that will be used with the AWS
site.
Step 6 Enter a name in the Display Name field for this VRF (for example, aws10).
Figure 27:

Step 7 In the Template Properties area, click Actions > Sites Association.
Step 8 Associate this template only to the AWS site, then click Ok.

Route Leaking Use Case

17
 Route Leaking Use Case
Configure the AWS Site Template

Figure 28:

Step 9 Click the arrow next to Template Properties, and from the drop-down menu, select the AWS cloud site.
Step 10 Click the aws10 VRF, then click Add Region to create the VPC in a selected region.
The Add Cloud Region CIDRs window appears.
Step 11 In the Region field, choose the region where you want to create the VPC.
Step 12 In the CIDR field, click Add CIDRs and define a CIDR block for the VPC.
Step 13 Click Add Subnet to create the subnets and map them to the availability zones, then click Save.
Figure 29:

Route Leaking Use Case

18
 Route Leaking Use Case
Configure the AWS Site Template

Step 14 Check the box under the Hub Network field, then select the hub network that was created on the Cisco Cloud Network
Controller for AWS.
This allows the Cisco Cloud Network Controller to attach the subnets onto the transit gateway, which builds the
connectivity from those subnets to the transit gateway, where the transit gateway already has the connectivity to the
Cisco Catalyst 8000Vs in the cloud.

Step 15 In the Subnets field, map the subnets that will be used for the transit gateway.
It is best practice to have a dedicated subnet that will be used for the transit gateway.
Figure 30:

Step 16 Click Ok.

You are returned to the AWS template window.
Step 17 Click the arrow next to the AWS site, and from the drop-down menu, select Template Properties.
Step 18 Click Deploy to Sites.

Route Leaking Use Case

19
 Route Leaking Use Case
Configure the AWS Site Template

Figure 31:

Step 19 Deploy AWS Template to the sites.

• Click Deployment Plan for additional verification.
Click on the AWS site to see the deployment plan for that specific site.
Figure 32:

• Click Deploy to have NDO push the configurations to NDFC.

To verify that the configurations were pushed out correctly, connect to the Cloud Network Controller deployed on
AWS and navigate to Cloud Resources > VPCs, then click the aws10 VPC and use the information in the Overview
page for additional verifications:

Route Leaking Use Case

20
 Route Leaking Use Case
Configure Route Leaking

Figure 33:

Note that there is a destination address configured at this point in the process for AWS, but this shows only that this
AWS site can talk to itself; the AWS site cannot talk to any other site yet at this point in the process. The necessary
destination address configuration that will allow the AWS site to talk to another site will be pushed out after you have
completed the route leaking procedure.

What to do next
Configure route leaking using the procedures provided in Configure Route Leaking, on page 21.

Configure Route Leaking

Use the procedures in the following sections to configure the route leaking use case.

Configure Route Leak from Azure VRF to NDFC VRF

In this section, you will configure the route leak from the Azure VRF (azure10) to the NDFC VRF (v10).

Before you begin

Configure the necessary templates using the procedures provided in Configure the Necessary Templates, on
page 3.

Step 1 Click the Azure Template that you configured earlier in these procedures and the dcnm-default-tn tenant.
Step 2 Click the azure10 VRF that you configured earlier in these procedures.
Step 3 In the right pane, click Add Leak Route.

Route Leaking Use Case

21
 Route Leaking Use Case
Configure Route Leak from Azure VRF to NDFC VRF

Figure 34:

The Add Leak Routes window appears.

Step 4 In the Add Leak Routes window, click Select a Target VRF.
Figure 35:

The Select a Target VRF window appears.

Step 5 In the Select a Target VRF page, select the NDFC VRF (v10) that you want to leak routes to, then click Select.

Route Leaking Use Case

22
 Route Leaking Use Case
Configure Route Leak from Azure VRF to NDFC VRF

Figure 36:

You are returned to the Add Leak Routes window.

Step 6 In the Add Leak Routes window, click Add Subnet IP, then add the Azure cloud subnets that you want to propagate
to the on-premises site.
Note The Add Subnet IP option allows leaking of only selective subnets. Alternatively, you can use the All
Subnet IPs option instead in the case where all the prefixes need to be leaked into a destination VRF.

Figure 37:

For this use case, you will use the 90.1.1.0/24 subnet.

Step 7 Click Ok.

Route Leaking Use Case

23
 Route Leaking Use Case
Configure Route Leak from Azure VRF to AWS VRF

You are returned to the Azure Template page, where you can see the configuration for this route leak from the Azure
VRF to the NDFC VRF.

What to do next
Follow the procedures provided in Configure Route Leak from Azure VRF to AWS VRF, on page 24.

Configure Route Leak from Azure VRF to AWS VRF

In this section, you will configure the route leak from the Azure VRF (azure10) to the AWS VRF (aws10).
For these procedures, you will be going through the exact same procedures that you performed in Configure
Route Leak from Azure VRF to NDFC VRF, on page 21, except in these procedures, you will be selecting
a different target VRF (the AWS target VRF in these procedures).

Before you begin

Follow the procedures provided in Configure Route Leak from Azure VRF to NDFC VRF, on page 21.

Step 1 In the Select a Target VRF page, select the AWS VRF (aws10) that you want to leak routes to, then click Select.
Figure 38:

You are returned to the Add Leak Routes window.

Step 2 In the Add Leak Routes window, add the subnets that you want to propagate to the AWS cloud.
For this use case, you will use the 90.1.1.0/24 subnet. Therefore, you will click the dropdown menu and choose the
90.1.1.0/24 subnet.

Route Leaking Use Case

24
 Route Leaking Use Case
Configure Route Leak from Azure VRF to AWS VRF

Figure 39:

Step 3 Click Ok.

You are returned to the Azure Template page, where you can see the configuration for this route leak from the Azure
VRF to the AWS VRF, as well as the route leak from the Azure VRF to the NDFC VRF that you configured in the
previous set of steps.

Step 4 Click the arrow next to the Azure site, and from the drop-down menu, select Template Properties.
Step 5 Click Deploy to sites.
Figure 40:

The Deploy to sites window appears, showing where the template will be deployed.

Route Leaking Use Case

25
 Route Leaking Use Case
Configure Route Leak from AWS VRF to NDFC VRF

Step 6 Click Deployment Plan for additional verification, then click on a site to see the deployment plan for that specific site.
Step 7 Click Deploy to have NDO push the configurations to the site specific controllers.
Figure 41:

What to do next
Follow the procedures provided in Configure Route Leak from AWS VRF to NDFC VRF, on page 26.

Configure Route Leak from AWS VRF to NDFC VRF

In this section, you will configure the route leak from the AWS VRF (aws10) to the NDFC VRF (v10).

Before you begin

Follow the procedures provided in Configure Route Leak from Azure VRF to AWS VRF, on page 24.

Step 1 Click the AWS Template that you configured earlier in these procedures and the dcnm-default-tn tenant.
Step 2 Click the aws10 VRF that you configured earlier in these procedures.
Step 3 In the right pane, click Add Leak Route.

Route Leaking Use Case

26
 Route Leaking Use Case
Configure Route Leak from AWS VRF to NDFC VRF

Figure 42:

The Add Leak Routes window appears.

Step 4 In the Add Leak Routes window, click Select a Target VRF.
The Select a Target VRF window appears.
Step 5 In the Select a Target VRF window, select the NDFC VRF (v10) that you want to leak routes to, then click Select.
You are returned to the Add Leak Routes window.
Step 6 In the Add Leak Routes window, click Add Subnet IP, then add the AWS cloud subnets that you want to propagate to
the on-premises site.
Note The Add Subnet IP option allows leaking of only selective subnets. Alternatively, you can use the All
Subnet IPs option instead in the case where all the prefixes need to be leaked into a destination VRF.

Figure 43:

For this use case, you will use the following subnets:

Route Leaking Use Case

27
 Route Leaking Use Case
Configure Route Leak from AWS VRF to Azure VRF

• 10.220.1.0/24
• 10.220.2.0/24

Step 7 Click Ok.

You are returned to the AWS Template page, where you can see the configuration for this route leak from the AWS VRF
to the NDFC VRF.

What to do next
Follow the procedures provided in Configure Route Leak from AWS VRF to Azure VRF, on page 28.

Configure Route Leak from AWS VRF to Azure VRF

In this section, you will configure the route leak from the AWS VRF (aws10) to the Azure VRF (azure10).
For these procedures, you will be going through the exact same procedures that you performed in Configure
Route Leak from AWS VRF to NDFC VRF, on page 26, except in these procedures, you will be selecting a
different target VRF (the Azure target VRF in these procedures).

Before you begin

Follow the procedures provided in Configure Route Leak from AWS VRF to NDFC VRF, on page 26.

Step 1 In the Select a Target VRF page, select the Azure VRF (azure10) that you want to leak routes to, then click Select.
You are returned to the Add Leak Routes window.
Step 2 In the Add Leak Routes window, add the subnets that you want to propagate to the Azure cloud.
For this use case, you will use the following subnets:
• 10.220.1.0/24
• 10.220.2.0/24

Therefore, you will click the dropdown menu and choose those subnets.

Route Leaking Use Case

28
 Route Leaking Use Case
Configure Route Leak from AWS VRF to Azure VRF

Figure 44:

Step 3 Click Ok.

You are returned to the AWS Template page, where you can see the configuration for this route leak from the AWS VRF
to the Azure VRF, as well as the route leak from the AWS VRF to the NDFC VRF that you configured in the previous
set of steps.
Figure 45:

Step 4 Click the arrow next to the AWS site, and from the drop-down menu, select Template Properties.
Step 5 Click Deploy to sites.
The Deploy to sites window appears, showing where the template will be deployed.

Step 6 Click Deployment Plan for additional verification, then click on a site to see the deployment plan for that specific site.
Step 7 Click Deploy to have NDO push the configurations to the site specific controllers (NDFC and Cloud Network Controller).

Route Leaking Use Case

29
 Route Leaking Use Case
Configure Route Leak from NDFC VRF to AWS VRF

What to do next
Follow the procedures provided in Configure Route Leak from NDFC VRF to AWS VRF, on page 30.

Configure Route Leak from NDFC VRF to AWS VRF

In this section, you will configure the route leak from the NDFC VRF (v10) to the AWS VRF (aws10).

Before you begin

Follow the procedures provided in Configure Route Leak from AWS VRF to Azure VRF, on page 28.

Step 1 Click the On-Prem Template that you configured earlier in these procedures and the dcnm-default-tn tenant.
Step 2 Click the v10 VRF that you configured earlier in these procedures.
Step 3 In the right pane, click Add Leak Route.
Figure 46:

The Add Leak Routes window appears.

Step 4 In the Add Leak Routes window, click Select a Target VRF.
The Select a Target VRF window appears.
Step 5 In the Select a Target VRF window, select the AWS cloud site VRF (aws10) that you want to leak routes to, then click
Select.
You are returned to the Add Leak Routes window.
Step 6 In the Add Leak Routes window, click Add Subnet IP, then add the AWS cloud subnets that you want to propagate to
the on-premises site.
Note The Add Subnet IP option allows leaking of only selective subnets. Alternatively, you can use the All
Subnet IPs option instead in the case where all the prefixes need to be leaked into a destination VRF.

For this use case, you will use the 172.16.10.0/24 subnet.

Route Leaking Use Case

30
 Route Leaking Use Case
Configure Route Leak from NDFC VRF to Azure VRF

Figure 47:

Step 7 Click Ok.

You are returned to the On-Prem Template page, where you can see the configuration for this route leak from the NDFC
VRF to the AWS VRF.

What to do next
Follow the procedures provided in Configure Route Leak from NDFC VRF to Azure VRF, on page 31.

Configure Route Leak from NDFC VRF to Azure VRF

In this section, you will configure the route leak from the NDFC VRF (v10) to the Azure VRF (azure10).
For these procedures, you will be going through the exact same procedures that you performed in Configure
Route Leak from NDFC VRF to AWS VRF, on page 30, except in these procedures, you will be selecting a
different target VRF (the Azure target VRF in these procedures).

Before you begin

Follow the procedures provided in Configure Route Leak from NDFC VRF to AWS VRF, on page 30.

Step 1 In the Select a Target VRF window, select the Azure VRF (azure10) that you want to leak routes to, then click Select.
You are returned to the Add Leak Routes window.
Step 2 In the Add Leak Routes window, add the subnets that you want to propagate to the Azure cloud.
For this use case, you will use the 172.16.10.0/24 subnet. Therefore, you will click the dropdown menu and choose the
172.16.10.0/24 subnet.

Route Leaking Use Case

31
 Route Leaking Use Case
Configure Route Leak from NDFC VRF to Azure VRF

Figure 48:

Step 3 Click Ok.

You are returned to the On-Prem Template page, where you can see the configuration for this route leak from the NDFC
VRF to the Azure VRF, as well as the route leak from the NDFC VRF to the AWS VRF that you configured in the
previous set of steps.

Step 4 Click the arrow next to the on-premises site, and from the drop-down menu, select Template Properties.
Step 5 Click Deploy to sites.
Figure 49:

The Deploy to sites window appears, showing where the template will be deployed.

Step 6 Click Deployment Plan for additional verification, then click on a site to see the deployment plan for that specific site.

Route Leaking Use Case

32
 Route Leaking Use Case
Verify the Configurations

Figure 50:

Step 7 Click Deploy to have NDO push the configurations to the site specific controllers (NDFC and Cloud Network Controller).

What to do next
Verify that the configurations were deployed successfully using the procedures provided in Verify the
Configurations, on page 33.

Verify the Configurations

In this section, you will verify that the configurations were deployed successfully. Note that for each of these
verification steps, the exact command that would be used specifically for the configurations in this use case
are shown. Replace the appropriate variables in each command based on your configuration.

Before you begin

Follow the procedures provided in Configure Route Leak from NDFC VRF to Azure VRF, on page 31.

Step 1 Verify the configurations in NDO.

Route Leaking Use Case

33
 Route Leaking Use Case
Verify the Configurations

Route Leaking Use Case

34
 Route Leaking Use Case
Verify the Configurations

Step 2 Enter sh ip route vrf v10 on the on-premises Border Gateway Spine device:

Route Leaking Use Case

35
 Route Leaking Use Case
Verify the Configurations

The routing table on the on-premises leaf switch shows that the reachable subnets are:
• AWS: 10.220.0.0/16
• Azure: 10.220.0.0/16

Step 3 Connect to the Cloud Network Controller deployed on AWS and navigate to Application Management > VRFs, and
verify that you can see the Azure and NDFC VRFs.

Route Leaking Use Case

36
 Route Leaking Use Case
Verify the Configurations

Step 4 Remaining in the Cloud Network Controller deployed on AWS, perform a verification on the route table view.

Route Leaking Use Case

37
 Route Leaking Use Case
Verify the Configurations

Step 5 In the AWS console, perform a verification on the route table view.

Route Leaking Use Case

38
 Route Leaking Use Case
Verify the Configurations

Step 6 Connect to the Cloud Network Controller deployed on Azure and navigate to Application Management > VRFs, and
confirm that you can see the AWS and NDFC VRFs:

Route Leaking Use Case

39
 Route Leaking Use Case
Verify the Configurations

Step 7 Remaining in the Cloud Network Controller deployed on Azure, navigate to Cloud Resources > Virtual Networks,
then click the azure10 VNet and use the information in the Overview page for additional verifications.

Route Leaking Use Case

40
 Route Leaking Use Case
Verify the Configurations

Step 8 In the Azure console, perform additional verifications.

Route Leaking Use Case

41
 Route Leaking Use Case
Verify the Configurations

Route Leaking Use Case

42