04-08-2020 11:47 AM - edited 04-08-2020 11:48 AM
We recently installed some Gen2 leafs in our ACI environment (all other leafs are Gen1). I noticed that the best practice document suggests enabling the "Disable Remote EP Learn" feature and "Enforce Subnet Check". All of our VRFs policy enforcement are set to ingress. In terms of L3-outs we have a few border-leafs in addition to GOLF routers connected to our spines.
Is anyone aware (or if anyone has any experience) if enabling these settings is service disrupting in any way?
Solved! Go to Solution.
04-09-2020 07:05 AM
With Gen1 and Gen2 hardware mix in fabric it is recommended to have "disable remote ep learn" feature active.
From my experience, when you enable this feature, it clears all the remote endpoints from the border leaf only and I have not seen any operational impact of enabling this feature since traffic will use hardware proxy if endpoint is not learned on border leaf anyways.
Enforce subnet check basically restricts local endpoints to the subnet configured under the BD, which is general recommendation and no operational impact of enabling the feature as it only flushes endpoints learned out of subnet.
please refer to endpoint learning whitepaper
04-09-2020 07:05 AM
With Gen1 and Gen2 hardware mix in fabric it is recommended to have "disable remote ep learn" feature active.
From my experience, when you enable this feature, it clears all the remote endpoints from the border leaf only and I have not seen any operational impact of enabling this feature since traffic will use hardware proxy if endpoint is not learned on border leaf anyways.
Enforce subnet check basically restricts local endpoints to the subnet configured under the BD, which is general recommendation and no operational impact of enabling the feature as it only flushes endpoints learned out of subnet.
please refer to endpoint learning whitepaper
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide