Endpoint Group

Location in GUI: Application Management » Schemas

Diagram

Classes

application_profiles (ndo.schemas.templates)

Name	Type	Constraint	Mandatory	Default Value
endpoint_groups	List	`[endpoint_groups]`	No

endpoint_groups (ndo.schemas.templates.application_profiles)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
useg	Boolean	`true`, `false`	No	`false`
intra_epg_isolation	Boolean	`true`, `false`	No	`false`
proxy_arp	Boolean	`true`, `false`	No	`false`
preferred_group	Boolean	`true`, `false`	No	`false`
bridge_domain	Class	`[bridge_domain]`	No
vrf	Class	`[vrf]`	No
subnets	List	`[subnets]`	No
contracts	Class	`[contracts]`	No
sites	List	`[sites]`	No

bridge_domain (ndo.schemas.templates.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
schema	String		No
template	String		No

vrf (ndo.schemas.templates.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
schema	String		No
template	String		No

subnets (ndo.schemas.templates.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory	Default Value
ip	IP		Yes
scope	Choice	`private`, `public`	No	`private`
shared	Boolean	`true`, `false`	No	`false`
no_default_gateway	Boolean	`true`, `false`	No	`false`
primary	Boolean	`true`, `false`	No	`false`

contracts (ndo.schemas.templates.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory	Default Value
consumers	List	`[consumers]`	No
providers	List	`[providers]`	No

sites (ndo.schemas.templates.application_profiles.endpoint_groups)

Name	Type	Constraint	Mandatory
name	String		Yes
physical_domains	List	`[physical_domains]`	No
vmware_vmm_domains	List	`[vmware_vmm_domains]`	No
static_ports	List	`[static_ports]`	No
static_leafs	List	`[static_leafs]`	No
subnets	List	`[subnets]`	No
selectors	List	`[selectors]`	No

consumers (ndo.schemas.templates.application_profiles.endpoint_groups.contracts)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
schema	String		No
template	String		No

providers (ndo.schemas.templates.application_profiles.endpoint_groups.contracts)

Name	Type	Constraint	Mandatory
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
schema	String		No
template	String		No

physical_domains (ndo.schemas.templates.application_profiles.endpoint_groups.sites)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
deployment_immediacy	Choice	`immediate`, `lazy`	No	`lazy`
resolution_immediacy	Choice	`immediate`, `lazy`, `pre-provision`	No	`immediate`

vmware_vmm_domains (ndo.schemas.templates.application_profiles.endpoint_groups.sites)

Name	Type	Constraint	Mandatory	Default Value
name	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	Yes
deployment_immediacy	Choice	`immediate`, `lazy`	No	`lazy`
resolution_immediacy	Choice	`immediate`, `lazy`, `pre-provision`	No	`pre-provision`
custom_epg_name	String	Regex: `^.{1,80}$`	No
vlan_mode	Choice	`static`, `dynamic`	No	`dynamic`
vlan	Integer	min: `1`, max: `4096`	No
u_segmentation	Boolean	`true`, `false`	No	`false`
useg_vlan	Integer	min: `1`, max: `4096`	No

static_ports (ndo.schemas.templates.application_profiles.endpoint_groups.sites)

Name	Type	Constraint	Mandatory	Default Value
type	Choice	`port`, `vpc`, `pc`	No	`port`
pod	Integer	min: `1`, max: `255`	No
node	Integer	min: `1`, max: `4000`	No
fex	Integer	min: `101`, max: `199`	No
fex_2	Integer	min: `101`, max: `199`	No
node_1	Integer	min: `1`, max: `4000`	No
node_2	Integer	min: `1`, max: `4000`	No
port	Integer	min: `1`, max: `127`	No
sub_port	Integer	min: `1`, max: `16`	No
module	Integer	min: `1`, max: `9`	No
channel	String	Regex: `^[a-zA-Z0-9_.:-]{1,64}$`	No
vlan	Integer	min: `1`, max: `4096`	Yes
useg_vlan	Integer	min: `1`, max: `4096`	No
deployment_immediacy	Choice	`immediate`, `lazy`	No	`lazy`
mode	Choice	`regular`, `native`, `untagged`	No	`regular`

static_leafs (ndo.schemas.templates.application_profiles.endpoint_groups.sites)

Name	Type	Constraint	Mandatory
pod	Integer	min: `1`, max: `255`	No
node	Integer	min: `1`, max: `4000`	Yes
vlan	Integer	min: `1`, max: `4096`	Yes

subnets (ndo.schemas.templates.application_profiles.endpoint_groups.sites)

Name	Type	Constraint	Mandatory	Default Value
ip	IP		Yes
description	String	Regex: `^[a-zA-Z0-9\\!#$%()*,-./:;@ _{\|}~?&+]{1,128}$`	No
scope	Choice	`private`, `public`	No	`private`
shared	Boolean	`true`, `false`	No	`false`
no_default_gateway	Boolean	`true`, `false`	No	`false`
primary	Boolean	`true`, `false`	No	`false`

selectors (ndo.schemas.templates.application_profiles.endpoint_groups.sites)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
expressions	List	`[expressions]`	No

expressions (ndo.schemas.templates.application_profiles.endpoint_groups.sites.selectors)

Name	Type	Constraint	Mandatory
key	Choice	`ipAddress`, `region`	Yes
operator	Choice	`equals`, `notEquals`	Yes
value	String		Yes

Examples

Example-1: Here is an example of an Endpoint Group(EPG) named Database_VMM under the OnPrem Tenant/Schema and the Prod_VMM application profile. Two contracts, database_access_contract and web_traffic_contract are provided and consumed to facilitate communication with other EPGs. The contracts are defined in the Site_A template. Further details on the contracts are explained in the contract section.

The subnets are defined with the scope set to private, and the no_default_gateway flag is set to true, indicating that the gateway is managed either at the Bridge Domain level or externally.

This EPG is used to host endpoints from the VMM domain with dynamic VLAN allocation and immediate deployment policy.

ndo:
  schemas:
    - name: OnPrem
      templates:
        - name: Site_A
          application_profiles:
            - name: PROD_VMM
              endpoint_groups:
                - name: Database_VMM
                  preferred_group: false
                  bridge_domain:
                    name: Database_BD
                    schema: OnPrem
                    template: Site_A
                  contracts:
                    providers:
                      - name: database_access_contract
                        template: TEMPLATE1
                    consumers:
                      - name: web_traffic_contract
                        template: TEMPLATE1
                  subnets:
                    - ip: 2.2.2.2/24
                      scope: private
                      no_default_gateway: true
                  sites:
                    - name: Site_A
                      vmware_vmm_domains:
                        - name: ANS-VMM1
                          deployment_immediacy: immediate
                          resolution_immediacy: immediate
                          vlan_mode: dynamic

Example-2: The example below demonstrates configuring a EndPoint Group(EPG) named Web under the application profile Prod and schema Azure. Two contracts, web_traffic_contract and database_access_contract are provided and consumed to facilitate communication with other EPGs. The contracts are defined in the Site_A template.

The phyical domain Prod_PHY is attached to the EPG to enable VLAN encapsulation 1001 to be pushed to the leaf switches and the physical endpoints attached to ACI.

The static bindings are defined under the EPG as shown below. In this example, there are two bindings: one with a VPC using Leafs 101 and 102 of Pod-1 with an Interface Polixy Group(IPG) named VPC_IPG defined under the channel and an encapsulation VLAN of 1001; and the other as as an individual port 1 on leaf 103 with deployment immediacy set to immediate, indicating the policy is programmed into hardware as soon as it is downloaded to the leaf switches rather than waiting for the first packet to hit this policy.

ndo:
  schemas:
    - name: Azure
      templates:
        - name: Site_A
          application_profiles:
            - name: Prod
              endpoint_groups:
                - name: Web
                  bridge_domain:
                    name: Web_BD
                  contracts:
                    providers:
                      - name: web_traffic_contract
                        template: Site_A
                    consumers:
                      - name: database_access_contract
                        template: Site_A
                  sites:
                    - name: Site_A
                      physical_domains:
                        - name: Prod_PHY
                          deployment_immediacy: immediate
                          resolution_immediacy: immediate
                      static_ports:
                        - vlan: 1001
                          pod: 1
                        - type: vpc
                          node_1: 101
                          node_2: 102
                          channel: VPC_IPG
                      static_ports:
                        - vlan: 1001
                          pod: 1
                          node: 103
                          port: 1
                          deployment_immediacy: immediate