It is critical that you understand the physical components and protocols discussed in Part 2, but it is also critical that you understand the logical constructs used within the ACI system. You might need to create some Flash Cards on these until they are second nature.
- Tenant: Contains policies that enable qualified users to have domain-based access control. Qualified users can access privileges such as tenant administration and networking administration.
- Context: A context is a unique Layer 3 forwarding and application policy domain. A tenant can have multiple contexts. A context is often defined with VRFs.
- Bridge domain: A bridge domain represents a Layer 2 forwarding construct within the fabric. A bridge domain must link to a context and have at least one subnet associated with it. The bridge domain defines the unique Layer 2 MAC address space and a Layer 2 flood domain if such flooding is enabled.
- EPG: The EPG is a managed object that contains a collection of endpoints (devices that are connected to the network directly or indirectly) that have common policy requirements such as security, virtual machine mobility, QoS, or Layer 4 to Layer 7 services. Endpoints have an address (identity), a location, attributes (such as version or patch level), and a physical or virtual status. Rather than configure and manage endpoints individually, they are placed in an EPG and are managed as a group. EPGs are fully decoupled from the physical and logical topology, and endpoint membership in an EPG can be dynamic or static.
- Application network profile: An application profile models the application requirements, and it is a convenient logical container for grouping EPGs.
- Contract: The contract governs the types of endpoint group traffic that can pass between EPGs, including the protocols and ports that are allowed. If there is no contract, inter-EPG communication is disabled by default. No contract is required for intra-EPG communication. EPGs can only communicate with other EPGs according to the contract rules.
- Filter: The filter sorts Layer 2 to Layer 4 fields, TCP/IP header fields such as Layer 3 protocol type, Layer 4 ports, and so on.
- Subject: Within a contract, subjects use filters to specify the type of traffic that can be communicated, and how it occurs. Subjects determine whether filters are unidirectional or bidirectional. Contract subjects contain associations to the filters (and their directions) that are applied between EPGs that produce and consume the contract.