Cisco ® Cloud Application Centric Infrastructure (Cisco Cloud ACI) is a software-defined networking solution offered by Cisco for data centers and clouds, which helps in increasing operational efficiencies, delivering network automation, and improving security for any combination of on-premises data centers, private, and public clouds.



The important building blocks of Cisco ACI are Nexus 9000 hardware and APIC.

The APIC provides centralized policy automation and management for ACI fabric. The Controller helps in a common policy and management framework across physical, virtual, and cloud infrastructure.

ACI is based on open architecture (open APIs and standards) which integrates Layer 4-Layer 7 (L4-L7) services in the network. ACI solution offers robust implementation of multi-tenant security, quality of service (QoS), and high availability.

The following is a list of the most used terminologies in ACI:

ACI fabric

A Virtual Extensible LAN (VXLAN) overlay configured by APIC on leaf or spine switches to provide end-to-end connectivity for clients or servers.

Bridge domains

A bridge domain is a Layer 2 segment analogous to VLANs in a traditional network.

Endpoint groups (EPGs)

Endpoint groups are associated with endpoints in the network. The endpoints are identified by their domain connectivity (virtual, physical, or outside) and their connectivity method.

For instance, virtual machine port groups (VLAN, VXLAN), physical interfaces, or VLANs including virtual port channels, external VLANs, external subnets.

Contracts

These are directional access lists between the provider and consumer EPGs. They comprise one or more filters (ACEs) to identify and allow traffic between EPGs. By default, communication between EPGs is blocked and it requires a contract to allow the traffic.

Note:

Intra EPG traffic is allowed by default and so no contract is required.

Application network profiles

These are containers that group one or more EPGs together with their associated connectivity policies.

Tenants

These are network-wide administrative containers, which are like logical containers for application policies.