Hi Sreec,

Thanks for replying,

                 1)Each ESG is certainly showing 4x subnets , is that correct ?

                    --> Each ESG shows 2 paths to networks north of the ESGs published from it's upstream physical peer as expected

                    --> the DLR shows in BGP a path to each Northbound subnet advertised from the 4 x ESGs

                 2)Do you have reachability from missing subnets(2x) to workloads behind DLR or vice versa keeping the routing table issue aside ?

                    --> yes, have tested this by overriding BGP with static routes

                 3) You have mentioned filtering is minimal - however I'm interested to know the actual configuration

                    --> on ESGs out direction; we deny for the subnets that the ESGs and physical routers peer over, and permit any

                    --> on DLR for in direction; we deny for the subnet behind the DLR (this is to prevent any routing loops), and permit any

I'm attaching a diagram in case it helps

Tks

DB