Introduction

We will start configuring the ACI fabric by creating some policies and a couple of tenants.

The ACI policy model is all about mapping application requirements to policies. We need tenant A to talk to an SQL server; we create a policy for that. We also need tenant A to talk the storage system, so we create a policy for that.

The APIC looks after the policies. When we make a change to an object within the fabric, it is the job of the APIC to apply this change to the policy model, which then makes the change to the affected endpoint. Such an example would be adding a new device to the fabric. Communication with the new device is prohibited until the policy model is updated to include the new device.

There are different policies, but they can be split into fairly distinct groups: those that govern the ACI fabric as a whole and those that are concerned with tenants.

All the policies are recorded in the MIT, or management information tree.

In this chapter, we will start by creating a fabric policy to enable NTP (Network Time Protocol), as it is an essential service for the smooth functioning of the fabric (along with DNS, which is covered in Chapter 4, Routing in ACI). We will look at access policies and enable CDP (Cisco Discovery Protocol) across the fabric.

We will then create our first tenant and set it up for networking by creating the networking and application components, and then we will give it something to do by creating a contract that we will provide to a second tenant to consume.

This is a basic idea of what we will be configuring:

We will also look at creating a management contract for permitting SNMP traffic, which we will need for Chapter 8, Troubleshooting ACI.