Cisco ACI Segmentation Migration Lab

Over the past few years many customers deploying ACI have opted for using the "Network-Centric" approach for implementing their ACI installations. A few reasons for this were the difficulty in having Application Dependency Mappings for the workloads they were migrating, and the shortcoming of Bridge Domain flooding across multiple subnets with a single bridge domain which is typical in " Application-Centric" mode. 

This schedulable lab will introduce you to creating and migrating workloads to an Application Centric environment, then running verification testing against the environment. The migration will be done manually then automation scripting will be used to migrate.

In this lab, your objective is to segment four critical applications called "App1,2,3,4" using ACI contracts and filters which act as a distributed firewall.   

You will essentially be establishing a protective barrier around the application and protecting it from BOTH North-South attacks and East-West attacks.  The control utilized at this barrier will be a ACI firewall, more specifically ACI's contracts and filters. ACI uses a white list model that prevents any device inside of a End Point Group to communicate to another device in a second End Point Group(EPG) without a contract and filters to allow communication. 

This lab is based on physical devices as follows