Scribd
Upload
158 views2 pages

Aci Endpoint Learning

The document outlines best practices for endpoint learning in Cisco's Application Centric Infrastructure (ACI), highlighting differences from traditional network devices. It provides specific configuration recommendations for both First and Second Generation LEAF switches to optimize endpoint update and forwarding behavior. Key configurations include enabling IP learning limits, disabling remote endpoint learning, enforcing subnet checks, and enabling IP aging based on the switch generation and software release version.

Uploaded by

patoleblue
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
158 views2 pages

Aci Endpoint Learning

The document outlines best practices for endpoint learning in Cisco's Application Centric Infrastructure (ACI), highlighting differences from traditional network devices. It provides specific configuration recommendations for both First and Second Generation LEAF switches to optimize endpoint update and forwarding behavior. Key configurations include enabling IP learning limits, disabling remote endpoint learning, enforcing subnet checks, and enabling IP aging based on the switch generation and software release version.

Uploaded by

patoleblue
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Cisco Application Centric Infrastructure

ACI Endpoint Learning Best Practices


ACI fundamentally handles endpoint learning in a different manner than traditional network devices. This difference gives
ACI the unique advantage of being able to limit flooding of ARP, Unknown Unicast, and other traffic types. As ACI has
evolved, the best way to configure ACI, in an optimal way, has evolved as well. Below is a list of configurations (regarding
endpoint learning) that should be used, depending on the hardware that you have installed.

For optimal Fabric operations, we recommend configurations that cause ACI to only learn IP addresses, which are
configured on a BD Subnet

To achieve the above recommendations, there are distinct configuration knobs to enable the desired behavior, based on
the generation of ACI LEAF switches in your fabric.

Endpoint Learning Recommendations


for First Generation Leafs

For First Generation LEAF switches (those without the –EX or -FX suffix), the following configurations are recommended
for optimum EP update/forwarding behavior:

• BD-level configurations
• Limit IP Learning to Subnet should be Enabled
• Tenant –> Networking –> Bridge Domains
• This configuration is available starting with release 1.1(1j)
• NOTE – Prior to ACI Release 3.0(1k), if L3 Unicast routing is enable on the BD, this configuration
can cause impact of up to 120 seconds as learning is paused and the endpoint table is flushed.
• Fabric-level configurations
• Disable Remote EP Learn (on Border Leaf) should be Enabled
• Fabric –> Access Policies –> Global Policies –> Fabric Wide Setting
• This configuration is available with release 2.2(2e) and later.
• Policy Control Enforcement should be set to “Ingress”
• Tenant –> Networking –> VRFs –> Policy Control Enforcement
• IP Aging should be enabled.
• This configuration is available with release 2.1(1h) and later.
• (for code prior to 3.0) Fabric –> Access Policies –> Global Policies –> IP Aging
• (for code after 3.0) System –> System Settings –> Endpoint Controls–> IP Aging
Endpoint Learning Recommendations
for Second Generation Leafs

For Second Generation LEAF switches (those with the –EX or -FX suffix), the following configurations are recommended
for optimum EP update/forwarding behavior:

• Fabric-level configurations
• Disable Remote EP Learn (on Border Leaf) should be Enabled
• Fabric –> Access Policies –> Global Policies –> Fabric Wide Setting
• This configuration is available with release 2.2(2e) and later.
• Policy Control Enforcement should be set to “Ingress”
• Tenant –> Networking –> VRFs –> Policy Control Enforcement
• Enforce Subnet Check should be Enabled
• Fabric –> Access Policies –> Global Policies –> Fabric Wide Setting
• This configuration is available with release 2.2(2q) and 2.2(3j)
• IP Aging should be enabled.
• This configuration is available with release 2.1(1h) and later.
• (for code prior to 3.0) Fabric –> Access Policies –> Global Policies –> IP Aging
• (for code after 3.0) System –> System Settings –> Endpoint Controls–> IP Aging

Original content written by Jody Davis and published at https://unofficialaciguide.com.

You might also like