ACI Performance Troubleshooting and Optimization: Lesson 1: What are Contracts in ACI



    Lesson 1: What are Contracts in ACI


    Lesson 1: What are Contracts in ACI



    In this free ACI training video, Yuliya Suprunouskaya demonstrates ACI Performance Troubleshooting and Optimization. The following additional informational resources are provided in this lesson. Show Additional Information


    APIC provides full FCAPS Automation and Operations

    • Drag and Drop Configuration
    • Capacity Dashboard
    • Troubleshooting Wizards


    What are Contracts in ACI

    • They don’t steer traffic (except for service graph)
    • They are ACLs
    • They control redistribution of routes between VRFs
    • Contracts are semantics to specify End Point Group (EPG) to EPG communication in ACI Fabric
    • Contracts can be between EPGs or between L3out and EPGs
    • Filters take space in the Policy CAM


    Inside a VRF, Policy Enforcement is a binary decision

    • Policy Enforce: no communication without contracts
    • Policy Unenforced: all communication allowed


    Contract Preferred Group

    • Inside the Preferred Group, there is unrestricted communication
    • Excluded EPGs can NOT communicate without contracts


    Policy CAM Utilization Contracts do not matter, Filters do

    • The policy TCAM contains the filter rules; this EPG can communicate to this EPG using these protocols (the L4 filter)
    • The number of entries in the TCAM will be proportional to the number of filters that are configured across all the endpoints that are attached to a specific leaf


    Policy CAM Utilization Policies are defined within a Context (Scoped)

    • Filter Rules are defined within a ‘scope,' ANP, Tenant, and Global
    • As an example, multiple tenants in different VRF’s with the identical policy will have different entries
    • Policy utilization will likely increase the number of contract scopes increase


    Policy CAM Utilization Bidirectional Contract/Filters

    • When a policy is configured for bidirectional filters, two entries are created for each specific filter one for each direction
    • When the bidirectional attribute is not used a single entry should be created for the entire context allowing ‘established’ connections (check for ACK bit)


    Policy CAM Utilization Destination Port Ranges

    • When a filter specifies a specific DST port number, the Policy TCAM contains an exact match entry
    • When a filter defines a range for the DST port, the Application CAM can be leveraged to provide sharing of the destination port range across some scopes (ANP/Tenants)


    Lesson 1: What are Contracts in ACI

    Lesson 2: vzAny & Resolution and Deployment options demo

    Lesson 3: ACI Performance Troubleshooting and Optimization demo

    Post-Seminar Discussion Thread

    Review ACI Certification Options

    ACI Discussions

    Watch more ACI Training Videos

    ACI Training Resources