Contracts in ACI: Lesson 1: Contracts Concept and Deployment in ACI part 1

     

     

    Lesson 1: Contracts Concept and Deployment in ACI part 1

     

    Lesson 1: Contracts Concept and Deployment in ACI part 1

     

     

    In this free ACI training video, John Meng demonstrates Contracts Concept and Deployment in ACI. The following additional informational resources are provided in this lesson. Show Additional Information

     

    Agenda

    • Contract Concept and Deployment in ACI
    • Contract Verification
    • Demo and Best Practice

     

    Recap Key Concepts in ACI

    • Tenant – Policy container
    • VRF – Layer 3 forwarding domain
    • Bridge Domain – L2 forwarding domain
    • EPG – Collection of similar “end-points” sharing same policy

     

    What are Contracts in ACI

    • Use contracts to define policy for which EPGs can talk to which other EPGs and external EPGs
    • Contracts are ACLs but with intent purpose.
    • Two Main usages:
      • Control communication b/w End Point Group (EPG) to EPG in ACI Fabric
      • Control redistribution of routes (e.g.: Inter-VRF leaking, shared-service, etc.)

     

    Contract Logical Picture: Contracts are built with below objects:

    • Contract – Name and Scope
    • Subject 1 – Direction and Option
      • Filter – Name and groups of filter entries
        • Filter Entry – Specific traffic flow: protocol and ports, etc.
    • Subject 2 – Direction and Options
      • Filter – Name and groups of filter entries
        • Filter Entry – Specific traffic flow: protocol and ports, etc.

     

    Contract Scope

    • Contracts have a "scope“limit which providers and consumers can participate within the same contract
    • Contracts in a single “Application Profile“
    • Used across EPGs in the same “VRF“
    • can be used Across VRFs in same “Tenant“
    • They can be also used across Tenants “Global“

     

    ACI Provider/Consumer

    • One EPG is Providing, the other is Consuming
      • Think client/server relationship. One EPG is a server providing a service, the client is consuming the service
    • Direction is determined by Providing/Consuming
      • Only the client/consumer is allowed to initiate communications
      • Bi-Directional Communication is allowed by default

     

    Subject Option and TCAM entry

    • The key or entry in TCAM as below (logical):
      • Rule-ID—Src-EPG—Dst-EPG—filter entry—Scope—Action—Priority
        • PG is identified by pcTag or sclass

     

    Lesson 1: Contracts Concept and Deployment in ACI part 1

    Lesson 2: Contracts Concept and Deployment in ACI part 2

    Lesson 3: Contracts Verification

    Lesson 4: Demo and Best Practice

    Review ACI Certification Options

    ACI Discussions

    Watch more ACI Training Videos

    ACI Training Resources