SD-WAN

Say I have a network interface configured like so:

network-interface lan name lan tenant foo
address 10.1.1.1 ip-address 10.1.1.1 prefix-length 24 exit exit

...I understand that any packets arriving on this will be considered to belong to tenant `foo`. But what if I want a particular address (`10.1.1.10/32` for example) to belong to tenant `bar` on the same interface?

Can I keep the `foo` tenant assigned at the interface, and define a neighborhood having `10.1.1.10/32` as member of tenant `bar`, like this:

network-interface lan name lan tenant foo
neighborhood site-lan name site-lan exit 
address 10.1.1.1 ip-address 10.1.1.1 prefix-length 24 exit exittenant bar name bar
member site-lan neighborhood site-lan address 10.1.1.10/32 exit exit

...or would I need to completely remove the tenant from the interface, and add `0.0.0.0/0` as a member of tenant `foo` in this particular neighborhood?

 For example:

network-interface lan name lan
neighborhood site-lan name site-lan exit
address 10.1.1.1 ip-address 10.1.1.1 prefix-length 24 exit exit tenant foo name foo
member site-lan neighborhood site-lan address 0.0.0.0/0 exit exit
tenant bar name bar 
member site-lan neighborhood site-lan address 10.1.1.10/32 exit exit

 
#Tenants

​​

The second option. When you assign a tenant to a network-interface, it's final... no ifs, ands, or buts: new sessions arriving there will be associated with that tenant. Even if you configure neighborhoods and members too.

#Tenants #Neighborhoods​​

Thanks Patrick A Timmons , that makes sense.