In Cisco ACI (Application Centric Infrastructure), Contracts are a key component of the policy model, used to define how endpoints (EPGs) communicate with each other. Within contracts, the terms Labels, Filters, Aliases, and Subjects each play distinct roles. Here's a breakdown of each:
🔹 1. Filters
- Purpose: Define the actual traffic (protocols, ports) that is allowed or
denied.
- Details:
- Filters are composed of entries specifying
Layer 4 information like TCP/UDP ports and protocols.
- They are reusable across multiple
contracts.
- Example: A filter might allow TCP traffic
on port 80 (HTTP).
🔹 2. Subjects
- Purpose: Act as containers within a contract that reference filters and
define directionality.
- Details:
- A contract can have multiple subjects.
- Each subject can reference one or more
filters.
- You can specify whether the traffic
is unidirectional or bidirectional.
- Example: A subject might define that HTTP
traffic is allowed from EPG A to EPG B.
🔹 3. Aliases
- Purpose: Provide a way to abstract or alias filters for reuse or
simplification.
- Details:
- Aliases are less commonly used and are
more relevant in complex policy models.
- They can help in referencing filters
indirectly, making policy definitions more modular.
🔹 4. Labels
- Purpose: Used for categorization and policy enforcement.
- Details:
- Labels can be applied to contracts, EPGs,
and other objects.
- They help in grouping and applying
policies based on tags.
- Useful in large environments for
automation and policy scaling.
🧩 How They Work Together in a Contract
- A Contract contains one
or more Subjects.
- Each Subject references
one or more Filters (or Aliases to
filters).
- Labels can be used to tag contracts or EPGs for organizational or
policy purposes.
No comments:
Post a Comment