Showing results for 
Search instead for 
Did you mean: 


Where are you putting your contracts/filters?

I'm just curious where other people are putting their contracts, in the specific tenant or in the common tenant?  I've been working in our lab environment and I can seem some advantages to putting them all in the common tenant with the proper scope.  I understand the value of re-use by putting them there, but it actually feels more cumbersome as i build a contract between EPGs within the same tenant.  Today I'm a single tenant and that could change and then there would be re-use for shared services stuff.    Which makes me wonder if a hybrid approach would be better...if it's shared services, put them in the common, but if it's a specific contract between EPGs within the same tenant, keep it in that tenant.  Especially given there are some contracts (l4-l7 stuff) that has to be in the tenant (I think anyway).  


I know there are many right ways to do the same thing.  Just looking for some examples of what you're doing and what is working well (or what you regret doing).  


I'd also be curious how you build your contracts...are you building specific EPG to EPG contracts with all of the filters you need within the same contract?  Or are you building more "generic" contracts and applying multiple contracts to the EPGs?  


for example, let's say you have ssh, https, telnet, and icmp required between EPG1 (provide) and EPG2 (consume).


do you do this:

epg1_to_epg2 contract - contains filter ssh, https, telnet, icmp



telnet_contract ->filter telnet 

ssh_contract -> filter ssh

icmp_contract -> filter icmp

https_contract  -> filter https


and then the EPGs provide and consume multiple contracts?    b/c it's highly likely you'll need to use those well known services between other EPGs too?  I suppose there may be a resource thing that makes #1 more efficient, but #2 almost seems like it'd be easier to look at. 


thanks all for any opinions.  






Content for Community-Ad