Untitled

Main objects:
- A tenant: is a container for policies
	- user: tenants for applications
    - common: policies available to all tenants such as: firewalls, load balancers, L4-L7 services, intrusion detection
    - infrastructure: fabric management ( resource allocation )
    - management: for ib and oob management of the fabric; enables discovery and automation of communications with virtual machine controllers

- Access policies: switch ports with connectivity to storage, compute, L2/L3 external connectivity, VM hypervisors, L4-L7 devices
	- interface configurations: CDP, LACP, LLDP, STP

- Fabric policies: govern the operation of the switch fabric ports
	- functions: NTP, IS-IS, BGP, DNS
    - hardware: power supp, fans, chassis

- Virtual Machine (VM) domains:  VM controllers with similar networking policy requirements

- L4-L7 services: automation framework enables the system to dynamically respond when a service comes online or goes offline

- AAA: Access, authentication, and accounting


Primary tenant elements:
- filters:
- contracts:
- outside networks:
- bridge domains:
	- subnets:
    	- public: can be exported to a routed connection
        - private: subnet only applies withn the tenant
        - shared: between VRFs and tenants
- vrf: tenant network (called a private network in the APIC GUI)
	- a tenant can gave multiple vrfs
	- also known as contexts; each vrf can be associated with multiple bridge domains
- app profiles: policies, services and relationships between endpoint groups (EPGs)
	- 4 epg types: app, l2ext, l3ext, mgmt
    - policies apply to epg, never to endpoints
    - epg static binding => use VLAN from pool

Attachable entity profile: external n7k connectivity
The AEP defines the range of allowed VLANS but it does not provision them. No traffic flows unless an EPG is deployed on the port. Without defining a VLAN pool in an AEP, a VLAN is not enabled on the leaf port even if an EPG is provisioned.