EPG/ESG Provider leaf (non-border leaf) Egress EPG/ESG L3Out EPG Border leaf -> non-border leaf traffic If destination endpoint is learned: border leaf If destination endpoint is not learned: non-border leaf Non-border leaf-> border leaf traffic Border leaf E...
This document describes Cisco® Application Centric Infrastructure (Cisco ACI®) Endpoint Security Group (ESG) use cases and deployment considerations. PrerequisitesThis document assumes that the reader has a basic knowledge of Cisco ACI technology. For more information about Cisco ACI, see the ...
For more details on ACI IP Data-plane Learning and its use case, refer to “IP Data-plane Learning” section in the ACI Fabric Endpoint Learning White Paper: https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white...
b. Create a “contract-master” ESG: i. Set the ESG admin state to “Admin Shut.” This ESG is not expected to carry any traffic and will only be used as a contract master ESG. ii. Add a “permit-all” contract in both the consumer and provider d...
● Cisco ACI Contract Guide White Paper● Cisco ACI Policy-Based Redirect Service Graph Design White Paper● Cisco ACI Endpoint Security Group (ESG) Design GuideFactory Hardening and System IntegrityThe previous sections of this white paper covered what are the recommended configurations to harden the...
Figure 2. EPG and contracts An EPG/ESG provides or consumes a contract (or provides and consumes a contract). For instance, the App EPG in the example in Figure 2 provides a contract that the Web EPG consumes and consumes a contract that the DB EPG provides. An endpoint can belong...