Last Updated on August 1, 2021 by Admin 2
Which of the following type of communication is not governed by contracts in an ACI fabric?
- between members of the same EPG
- between an EPG and an external network
- between EPGs
- between EPGs and in-band management EPG
Communication between members of the same endpoint group (EPG) is not governed by contracts in a Cisco Application Centric Infrastructure (ACI) fabric. Instead, members of an EPG communicate with each other by using their own network configurations, rules, and filters.
EPGs in a Cisco ACI fabric communicate with each other according to contract rules. In addition, contract rules determine how an EPG communicates with an in-band management EPG and with an external network. EPGs are logical groupings of endpoints that provide the same application or components of an application. For example, a collection of Hypertext Transfer Protocol Secure (HTTPS) servers could be logically grouped into an EPG labeled WEB. Contracts are policy objects that define how EPGs. There are three types of contracts that can be applied in an ACI fabric:
– Regular – applies filters to matching traffic and typically follows taboo contracts
– Taboo – denies and logs matching traffic
– Out-of-Band (OOB – applies to OOB traffic from the management tenant
With the exception of some types of traffic – such as network configuration traffic, routing protocol traffic, and multicast traffic – EGPs require contracts in order to communicate with each other.
Contracts consist of subjects, filters, actions, and optionally, labels, but not objects. Subjects are group of filters that are specific to a given application. Filters classify traffic by matching Open Systems Interconnection (OSI) network model Layer 2 or Layer 4 characteristics. Actions are the action that is performed on traffic that matches the filters. Labels can be created to group EPGs or subjects. These groupings add granularity to the enforcement of a policy.