What governs the interaction of Endpoint Groups in Cisco ACI?

The interaction of Endpoint Groups (EPGs) in Cisco ACI is governed by contracts. In Cisco ACI, a contract defines the rules and policies that specify how communication should occur between different EPGs, facilitating the management of security and connectivity. This mechanism allows you to control which EPGs can communicate with each other and under what conditions, enabling fine-tuned access control and segmentation within the network.

Contracts can include filters that define which types of traffic are permitted or denied between the EPGs, further enhancing the security posture of the deployment. By using contracts, administrators can create an intentional interaction model based on application requirements and security policies, ensuring that only authorized traffic flows between endpoints.

This focus on contractual agreements aligns with ACI's overarching design philosophy, which emphasizes policy-driven automation and includes capabilities for programmability and orchestration. The distinct approach of using contracts instead of more traditional methods ensures that interactions are intentional and manageable within the context of the overall network architecture.