Category Uncategorised

Contract in Cisco ACI: Understanding the Basics

Cisco Application Centric Infrastructure (ACI) is a software-defined networking (SDN) solution that simplifies management and automation of data centers. It provides a holistic view of the network infrastructure, allowing administrators to deploy and manage applications and services with greater agility and efficiency. One of the critical components of Cisco ACI is the contract.

In this article, we’ll explore the concept of contract in Cisco ACI and its significance in network architecture.

What is a Contract in Cisco ACI?

A contract, in the context of Cisco ACI, is a policy that governs communication between two endpoints. These endpoints can be different applications, virtual machines, or containers residing in different parts of the network. A contract defines the scope of communication, the types of communication that are permitted, and the quality of service (QoS) requirements.

A contract is created between two endpoint groups (EPGs) – a source EPG and a destination EPG. An EPG is a logical grouping of endpoints with similar characteristics, such as security requirements, application affinity, or resource utilization. An EPG can contain one or more endpoints.

A contract is composed of three elements: subjects, filters, and actions.


A subject defines a specific type of communication that is permitted between the source and destination EPGs. For example, a subject can be defined to allow HTTP traffic or restrict database access. A contract can have multiple subjects to define different types of communication.


A filter defines the criteria for traffic filtering based on Layer 4 through 7 information. Filters can be based on protocols, ports, IP addresses, or other parameters. Filters can be used to allow or deny traffic that matches the criteria.


An action defines the QoS requirements for traffic that matches the filter criteria. Actions can be used to prioritize, rate-limit, or drop traffic.

Why are Contracts Important in Cisco ACI?

Contracts are essential in Cisco ACI because they provide a centralized policy for communication between endpoints. Contracts enforce security policies, prevent unauthorized access or data leakage, and ensure proper resource allocation.

Contracts also enable multi-tenancy in data centers. In a multi-tenant environment, contracts can be used to define policies for communication between tenants, enforcing isolation and ensuring tenant-specific QoS requirements.

In addition, contracts simplify management and automation of data center infrastructure. By defining policies at the contract level, administrators can apply them uniformly across multiple endpoints, reducing the complexity of policy management.


In summary, a contract is a policy that governs communication between two endpoints in Cisco ACI. Contracts define the scope, types, and quality of service requirements for communication. Contracts are essential in enforcing security policies, ensuring proper resource allocation, and simplifying management of data center infrastructure.

As a professional, it is important to note that this article aims to provide a basic understanding of contracts in Cisco ACI. It is not intended to be a definitive guide to Cisco ACI or a substitute for professional training. For more advanced topics, readers are encouraged to seek additional resources, such as Cisco documentation or expert consultation.