Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4404
Views
5
Helpful
1
Replies

ACI - Disable Remote EP Learn

Go to solution
TID_Orion
Level 1
Level 1

‎04-08-2020 11:47 AM - edited ‎04-08-2020 11:48 AM

We recently installed some Gen2 leafs in our ACI environment (all other leafs are Gen1). I noticed that the best practice document suggests enabling the "Disable Remote EP Learn" feature and "Enforce Subnet Check". All of our VRFs policy enforcement are set to ingress. In terms of L3-outs we have a few border-leafs in addition to GOLF routers connected to our spines.

 

Is anyone aware (or if anyone has any experience) if enabling these settings is service disrupting in any way?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Gaurav Gambhir
Cisco Employee
Cisco Employee

‎04-09-2020 07:05 AM

With Gen1 and Gen2 hardware mix in fabric it is recommended to have "disable remote ep learn" feature active.

 

From my experience, when you enable this feature, it clears all the remote endpoints from the border leaf only and I have not seen any operational impact of enabling this feature since traffic will use hardware proxy if endpoint is not learned on border leaf anyways.

 

Enforce subnet check basically restricts local endpoints to the subnet configured under the BD, which is general recommendation and no operational impact of enabling the feature as it only flushes endpoints learned out of subnet.

 

please refer to endpoint learning whitepaper

 

https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html#_Toc18440067

View solution in original post

1 Reply 1

Go to solution
Gaurav Gambhir
Cisco Employee
Cisco Employee

‎04-09-2020 07:05 AM

With Gen1 and Gen2 hardware mix in fabric it is recommended to have "disable remote ep learn" feature active.

 

From my experience, when you enable this feature, it clears all the remote endpoints from the border leaf only and I have not seen any operational impact of enabling this feature since traffic will use hardware proxy if endpoint is not learned on border leaf anyways.

 

Enforce subnet check basically restricts local endpoints to the subnet configured under the BD, which is general recommendation and no operational impact of enabling the feature as it only flushes endpoints learned out of subnet.

 

please refer to endpoint learning whitepaper

 

https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-739989.html#_Toc18440067

Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License