ACI fundamentally handles endpoint learning in a different manner than traditional network devices. This difference gives ACI the unique advantage of being able to limit flooding of ARP, Unknown Unicast, and other traffic types. As ACI has evolved, the best way to configure ACI, in an optimal way, has evolved as well. Below is a list of configurations (regarding endpoint learning) that should be used, depending on the hardware that you have installed.
For optimal Fabric operations, we recommend configurations that cause ACI to only learn IP addresses, which are configured on a BD Subnet
To achieve the above recommendations, there are distinct configuration knobs to enable the desired behavior, based on the generation of ACI LEAF switches in your fabric.
Note – Please refer to the ACI Fabric Endpoint Learning Whitepaper for comprehensive information.
Endpoint Learning Recommendations for First Generation Leafs
For First Generation LEAF switches (those without the –EX or -FX suffix), the following configurations are recommended for optimum EP update/forwarding behavior:
- BD-level configurations
- Limit IP Learning to Subnet should be Enabled
- Tenant –> Networking –> Bridge Domains
- This configuration is available starting with release 1.1(1j)
- NOTE – Prior to ACI Release 3.0(1k), if L3 Unicast routing is enable on the BD, this configuration can cause impact of up to 120 seconds as learning is paused and the endpoint table is flushed.
- Limit IP Learning to Subnet should be Enabled
- Fabric-level configurations
- Disable Remote EP Learn (on Border Leaf) should be Enabled
- Fabric –> Access Policies –> Global Policies –> Fabric Wide Setting
- This configuration is available with release 2.2(2e) and later.
- Policy Control Enforcement should be set to “Ingress”
- Tenant –> Networking –> VRFs –> Policy Control Enforcement
- Policy Control Enforcement should be set to “Ingress”
- IP Aging should be enabled.
- This configuration is available with release 2.1(1h) and later.
- (for code prior to 3.0) Fabric –> Access Policies –> Global Policies –> IP Aging
- (for code after 3.0) System –> System Settings –> Endpoint Controls–> IP Aging
- This configuration is available with release 2.1(1h) and later.
- Disable Remote EP Learn (on Border Leaf) should be Enabled
Endpoint Learning Recommendations for Second Generation Leafs
For Second Generation LEAF switches (those with the –EX or -FX suffix), the following configurations are recommended for optimum EP update/forwarding behavior:
- Fabric-level configurations
- Disable Remote EP Learn (on Border Leaf) should be Enabled
- Fabric –> Access Policies –> Global Policies –> Fabric Wide Setting
- This configuration is available with release 2.2(2e) and later.
- Policy Control Enforcement should be set to “Ingress”
- Tenant –> Networking –> VRFs –> Policy Control Enforcement
- Enforce Subnet Check should be Enabled
- Fabric –> Access Policies –> Global Policies –> Fabric Wide Setting
- This configuration is available with release 2.2(2q) and 2.2(3j)
- IP Aging should be enabled.
- This configuration is available with release 2.1(1h) and later.
- (for code prior to 3.0) Fabric –> Access Policies –> Global Policies –> IP Aging
- (for code after 3.0) System –> System Settings –> Endpoint Controls–> IP Aging
- This configuration is available with release 2.1(1h) and later.
- Disable Remote EP Learn (on Border Leaf) should be Enabled