22 thoughts on “Understanding the Cisco ACI Policy Model

  1. Firewalls have to do all sorts of hacks to allow ftp to pass through, doubly so if NAT is involved. I would guess then that the sort of hacks that are needed to pass ftp are outside the capabilities of ACI policies/contracts?

  2. Excellent explanation Carly Stoughton. Very good interaction wiht Ivan Pepelnjak, CCIE#1354 Emeritus, Ivan is CCIE Emeritus has been designing and implementing large-scale service provider and enterprise networks as well as teaching and writing books about advanced technologies since 1990.
    He’s author of several Cisco Press books, prolific blogger and writer, occasional consultant, and author of a series of highly successful webinars.

  3. Congratulation Ing. Carly, excelent preparation to give a practical explanation without a lot of slides in ppt.

  4. Participants are confused in understanding the concept of the ACI, she could have explained it better as compare to traditional infrastructure policy(Qos,Security,Routing) VS application based policy

  5. I just learning ACI and want to hear what contract is, but that dude is asking so many questions just to show how smart is he.

  6. Dude keeps on asking some question on scenario he will never see. Let the lady finish so the rest get the whole idea, then he asks his detailed question. He should be taking notes for now. This is the type of guy who is so into with the tree and misses the forest.

  7. Anyone else have there jaw drop when she mentioned programming firewalls with the ACI? I'm a noob. But this is next gen stuff, 2 years later.

  8. Awesome way explained the Policy Model.. White boarding is way better than flashy marketing slides to understand the concept well.. Thanks !

  9. ACI is not software defined networking; it's hardware defined networking. It's closed and it's proprietary. You MUST use the Nexus 9K to deploy ACI, so if you've already invested millions in 2/5/7K because Cisco told you that you should, then, oh well, you're sh-t out of luck. So much for commoditized data planes and centralized open software in the control plane.

    Folks, don't get duped. ACI is Cisco's way of maintaining ownership and control of a distributed control plane and making you continue to pay a lot of money for expensive switches with a lot of proprietary software and, oh, but of course, annual SmartNet costs.

  10. Carly, Can a firewall be in an EPG? Or It should not be in EPG and traffic just redirect to it by contracts?What should be done if i need to have a Physical ASA in ACI and i dont want contracts but traffic need to transit ASA like traditional way?

  11. The awkward part of learning this, is that we learn to use it, the real knowledge lies within, how to create technology that will be used

  12. Carly, Correct me if I am wrong, Can Contracts be part of EPG, I dont think so, Contracts are part pf tenents which can be applied on EPG's.

  13. https://www.linkedin.com/pulse/cisco-aci-sdn-declarative-solution-using-open-flex-amr-enan?trk=pulse_spock-articles

Leave a Reply

Your email address will not be published. Required fields are marked *