Last Updated on August 2, 2021 by Admin 2
You want to deploy services in OSI Layers 4 through 7 in a Cisco ACI fabric.
Which of the following should you configure first?
- an EPG
- a bridge domain
- a filter
- a contract
- a tenant
If you want to deploy services in Open Systems Interconnection (OSI) networking model Layers 4 through 7 in a Cisco Application Centric Infrastructure (ACI) fabric, you should first configure a tenant. Tenants are containers that can be used to represent organizations, domains, or specific groupings of information. Typically, tenants are configured to ensure that different policy types are isolated from each other, similar to user groups or roles in a role-based access control (RBAC) environment.
You do not need to configure an endpoint group (EPG) first, because EPGs are a primary element of a tenant. EPGs are logical groupings of endpoints that provide the same application or components of an application. For example, a collection of Hypertext Transfer Protocol Secure (HTTPS) servers could be logically grouped into an EPG labeled WEB. EPGs are typically collected within application profiles. EPGs can communicate with other EPGs by using contracts.
You do not need to configure a contract first, because contracts are a primary element of a tenant. Contracts are policy objects that define how EPGs communicate with each other. There are three types of contracts that can be applied in an ACI fabric:
Regular — applies filters to matching traffic and typically follows taboo contracts
Taboo — denies and logs matching traffic
Out-of-Band (O0B) – applies to OOB traffic from the management tenant
You do not need to configure a bridge domain first, because bridge domains are a primary element of a tenant. Bridge domains are logical Layer 2 forwarding configurations within an ACI fabric that use switched virtual interfaces (SVIs) for gateways and can be configured to span multiple physical devices. In this respect, bridge domains are similar to virtual local area networks (VLANs). However, the purpose of a bridge domain is to define the Media Access Control (MAC) address space and flood domain.
You do not need to configure a filter first, because filters are a primary element of a tenant. Filters are low-level ACI objects that help define EPG contracts. Filters operate at Layer 2, Layer 3, and Layer 4 of the OSI networking model.