ACI Talks

Cisco ACI Contract || Part-1

1. What is Cisco ACI contract?
2. Why we need ACI contract?
3. How it works and its structure?

These questions are very important to ask yourself while learning new thing.

So, we will go step by step to answer these questions in very easy way.

1. What is Cisco ACI contract?

• ACI contract is same as traditional access-list but with a little modification to make our life easy while managing communication between different services.

2. Why we need ACI contract?

• by default, all EPs in the same EPG can communicate to each other without need for contract.
• But what if EP from EPG-A need to communicate to EP in EPG-B, so in this case you need permission to allow this communication otherwise it will not work.
• So, contract is like policy that controls who can talk to whom, and what communication between these services to be allowed as shown the below figure.

• and communication within the same EPG is allowed without need to contract.

3. How it works and its structure?

• Contract is works based on numeric ID which is called pcTag, which is the internal representational of EPG.
• It is also referred to class ID (Source Class) or (Destination Class) and it is used for traffic classification and policy enforcement (Contract Enforcement).

So, it is very important to understand what is pcTag and its structure to be able to understand how policy Enforcement (Contract Enforcement) works.

pcTag value is range between 1-65535, and it is divided into 3 categories as per below:

By understanding the pcTag and its hierarchy, so you can understand how policy (contract) is applied or enforced to the source leaf or destination leaf based on Ingress leaf is know the destination leaf or not.

In the next article will dig deep in how policy is applied on ingress or egress what is the key factor that decide where policy is applied.