Contracts allow EPGs to communicate with each other, according to the rules we set. Contracts can be very granular, including the protocol, port, and direction of the traffic. We do not need a contract for intra-EPG traffic--this is implicitly permitted--but a contract is essential for inter-EPG traffic.
An EPG can be a provider of a contract, a consumer of a contract, or can perform both functions, providing and consuming at the same time. We can also provide or consume multiple contracts simultaneously. Contracts are (to simplify them) access lists. However, they are not bound by the same limitations that access lists are. To read about why contracts are better than access lists, refer to http://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/1-x/aci-fundamentals/b_ACI-Fundamentals/b_ACI_Fundamentals_BigBook_chapter_0100.html#concept_0DEE0F8BB4614E3183CD568EA4C259F4. To try and simplify the definition of provider and consumer, we have two contracts...