Dynamic Pbr (Multi-Tenant); Features And Limitations; Example Configuration - Lenovo RackSwitch G8264 Application Manual

Dynamic PBR (Multi-Tenant)

Features and Limitations

Example Configuration

450
G8264 Application Guide for ENOS 8.4
Dynamic Policy‐Based Routing enables simplified configuration of multi‐tenant
networks. An IP interface can be set up as either a:
 downlink to a specific tenant's endpoint
uplink for one or more tenants

 link to a service network accessible to one or more tenants
Traffic between different tenants is routed through their uplinks (firewall). Only
intra‐tenant and service network traffic is routed locally. When configuring
interface tenant settings, ACLs are dynamically generated to route data traffic
correspondingly.
The following features and limitations apply to Dynamic Policy‐Based Routing:
 If a tenant has two active uplinks, traffic will be load balanced across the two
active next‐hop devices.
Tenants must not use overlapping IP subnets.

 If a tenant owns multiple subnets, data traffic between these subnets is not
forwarded upstream. Instead, it is routed locally.
 Dynamic PBR is not supported in IPv6
Tenant configuration is not supported on management interfaces

 UFP and Dynamic PBR cannot be configured at the same time
Support for up to:

30 tenants

2 uplinks per tenant

4 service networks

10 subnets per tenant

To configure additional tenants (over 30), the switch must be booted in the ACL

profile. For more information about profiles, see "Available Profiles" on
page 290.
 An uplink can be configured as either Active or Standby. If there are two active
uplinks , traffic is balanced based on the destination IP address as odd and even.
Following is a configuration example for a three tenants setup, two of which are
supported by a local service network: