Cisco ACI Flashcards
What are Endpoints?
physical or virtual devices, such as servers, virtual machines, or containers, that communicate over a network
What is an Endpoint Group (EPG)?
a logical grouping of endpoints that require similar policy settings, such as security, quality of service (QoS), and Layer 4 to Layer 7 services
What is a Consumer EPG?
group of endpoints that initiate the communication or consume a service provided by another EPG
What is a Provider EPG?
group of endpoints that offer services or respond to the requests initiated by consumer EPGs
What is a Contract?
policy that defines the rules and conditions for communication between Endpoint Groups (EPGs)
What is a Bridge Domain (BD)?
fundamental construct that acts as a Layer 2 broadcast domain within the fabric
What is L3Out?
configuration construct that enables the ACI fabric to connect to external networks
What is vzAny?
allows administrators to apply policies across multiple Endpoint Groups (EPGs) without the need to explicitly configure each EPG individually
What is Application Policy Infrastructure Controller (APIC)?
centralized management and control software for the ACI fabric
What are L4-L7 Services?
insert services like firewalls, load balancers, and intrusion prevention systems (IPS) between EPGs to enhance security and performance
What is the role of the Cisco ACI plugin?
insert a firewall between EPGs as a Layer 4 to Layer 7 service
What types of traffic can a PA FW secure in Cisco ACI?
- east-west traffic between the application tiers within EPGs
- north-south traffic between users and the applications
All the entities in the ACI Fabric are connected to which switches?
leaf switches
To what swtiches are leaf switches connected to?
larger spine switches
What does a network administrator need to do to secure the traffic between the application tiers?
insert the PA FWs as L4 to L7 services between each EPG
What does a network administrator need to create to define what services the L4 to L7 device provide?
service graph
When the firewall is integrated with Cisco ACI, what is used to send trafic to the firewall?
Policy-Based Redirect (PBR)
How are firewalls deployed in Cisco ACI?
through Service Graphs
Do the integrated L4-L7 devices need to be configured as default gateway to be able to inspect the traffic?
no, a service graph allows to integrate Layer 4 - Layer 7 devices, such as a firewall, into the flow of traffic without the need for the L4-L7 device to be the default gateway for the servers in the ACI fabric
How is the VM firewall configured in the APIC?
as a device cluster
How are the PA VM firewalls represented in the ACI fabric?
L4-L7 device
What does it mean that Cisco ACI integration supports physical firewalls divided into contexts that are managed by ACI as individual firewalls?
that vsys is supported in ACI
What needs to be configured when deploying a multi-vsys firewall in ACI?
a chassis manager in the tenant, which is assigned to the firewall service
What defines the logical interfaces that are assigned to the consumer and provider EPGs?
the service graph template
After creating a service graph template, what does it need to be assigned to?
EPGs and contracts