Which Cisco ACI concept is analogous to access control lists (ACLs)?

The concept that is analogous to access control lists (ACLs) in Cisco ACI is indeed a Contract. In ACI, Contracts define the communication policies that govern how endpoints can interact with one another. They serve as a control mechanism to specify which types of traffic are allowed or denied between different applications or subjects within the data center. By creating these Contracts, network administrators can enforce security rules similar to those applied by ACLs in traditional network environments.

Contracts can specify rules based on various attributes, such as protocols and ports, differentiating them from basic network connectivity. This is much like how ACLs provide granular control over traffic flow based on IP addresses and protocols, thereby enhancing network security.

The other concepts, while valuable in their respective roles within ACI, do not directly relate to the function of regulating communications in the same way that Contracts do. DataFlow refers more to the tracking of data packets in the network, Service Graph pertains to deploying and managing service chains within ACI, and Device Package is focused on the integration of physical devices and their configurations in ACI. These concepts contribute to the overall architecture of ACI but do not serve the same purpose as Contracts in controlling traffic flow and security.