ACI ESG vs Preferred Group?

m1xed0s · ‎01-27-2022

Trying to catch up on the v5.1/5.2 releases...From what I read, ESG is essentially a group of EPGs that with same application function or role...So if EPGs are in the same ESG, no contract is required for Inter-EPG traffic...but wouldnt that be the same as the purpose of Preferred Group?

Also looking at some configuration guides, such as v5.1 security guide, there is this statement as below...

A preferred group is an alternative to using explicit contracts between ESGs or using vzAny contracts. The user can also configure the preferred group to enable the communication between ESGs in a VRF instance. Any endpoints in the preferred group can communicate with each other freely.

Seems like Preferred Group is bigger and broader than ESG but how does ESG really compare to Preferred Group, functionality and use cases perspectives?

Sergiu.Daniluk · ‎01-29-2022

Hi @m1xed0s

You need to look at ESGs as a different way of grouping endpoints. Basically, both EPGs and ESGs are doing the same thing - grouping endpoints together. However, the big difference between EPGs and ESGs is that EPGs are only functioning at BD-level, while ESGs work at VRF level. Whatever you can do with an EPG (with some small exceptions i.e. multi-site stretching), you can do with an ESG.

On the other hand, preferred group is used for policy enforcement - a way to allow communication between multiple EPGs and/or ESGs without the need to create contracts. And yes, you can apply preferred groups to ESGs as well.

If you still have unanswered queries, let me know.

Stay safe,

Sergiu