Which of the following statements about contracts in a Cisco ACI fabric is true?
- Multicast traffic is not permitted among EPGs without a contract.
- Members of an EPG require contracts in order to communicate with other members.
- Contracts consist of subjects, filters, actions, and objects.
- EPGs communicate with each other according to contract rules.
Endpoint groups (EPGs) in a Cisco Application Centric Infrastructure (ACI) fabric communicate with each other according to contract rules. EPGs are logical groupings of endpoints that provide the same application or components of an application. For example, a collection of Hypertext Transfer Protocol Secure (HTTPS) servers could be logically grouped into an EPG labeled WEB. Contracts are policy objects that define how EPGs communicate. There are three types of contracts that can be applied in an ACI fabric:
Regular – applies filters to matching traffic and typically follows taboo contracts
Taboo – denies and logs matching traffic
Out-of-Band (OOB) – applies to OOB traffic from the management tenant
With the exception of some types of traffic—such as network configuration traffic, routing protocol traffic, and multicast traffic—EPGs require contracts in order to communicate with each other.
Members of an EPG do not require contracts in order to communicate with other members. Instead, members of an EPG communicate with each other by using their own network configurations, rules, and filters.
Contracts consist of subjects, filters, actions, and optionally labels, not objects. Subjects are groups of filters that are specific to a given application. Filters classify traffic by matching Open Systems Interconnection (OSI) network model Layer 2 or Layer 4 characteristics. Actions are the action that is performed on traffic that matches the filters. Labels can be created to group EPGs or subjects. These groupings add granularity to the enforcement of a policy.
Multicast traffic is permitted among EPGs without a contract. In addition, some Dynamic Host Configuration Protocol version 4 (DHCPv4) traffic is permitted between EPGs without a contract. Other traffic types that are permitted between EPGs by default are Open Shortest Path First (OSPF), Enhanced Interior Gateway Routing Protocol (EIGRP), Protocol Independent Multicast (PIM), Internet Group Management Protocol (IGMP), and Internet Control Message Protocol version 6 (ICMPv6) neighbor discovery.