You use Cisco ACI contracts to control traffic flow within the Cisco ACI fabric between EPGs. These contracts are configured between EPGs, or between EPGs and L3out.
When you add a Cisco ACI setup as a data source, VMware Aria Operations for Networks supports the following Cisco ACI contracts:
- Intra-EPG Contract
- Intra-EPG Isolation
- VRF Unenforced Mode
- Intra-VRF Contract
- Inter-VRF Contract (Scope - Global)
- Inter-VRF Contract (Scope - Tenant)
- Intra-App Profile Contract
- Inter-App Profile Contract
- Contract Inheritance
- Taboo Contract
- vzAny Contract
- East-West Traffic via Common Tenant
- Preferred Group
- Application EPG to L3Out EPG Contract in VRF
- Application EPG to L3Out EPG Contract between VRF
- Intra Ext-EPG Contract
- Intra Ext-EPG Isolation
- L3Out to L3Out Contract
- Contract between L3Out in common tenant and another VM in different tenant
You see these contracts applied on the Network Map when you search for the traffic traversing Cisco ACI switches.
An example of an access control contract on Cisco ACI:
An example of the device configuration of Cisco ACI:
The following contracts are not supported in
VMware Aria Operations for Networks:
- Out-of-Band Contract
- Policy Based Redirect
- Stateful Filter in Contract
To learn more about Cisco ACI contracts, see the Cisco ACI Contract Guide.