Hi Bram,
It is due to GEN1 switches setting the DL (don' learn) bit in the iVXLAN header. The DL bit informs a remote leaf that it should not do dataplane learning for the particular frame.
Consider the following:
Leaf 101 - Compute Leaf
Leaf 103 - Compute Leaf
Leaf 105 - Border Leaf (BL)
- Host-A is learned on Leaf-101 and Host-B is learned on BL 105
-
Host-A has triggered an XR learn on the BL 105
-
Host-A on Leaf 101 then moves from Leaf 101 to Leaf 103 and no longer sends any frames to another host on BL 105 but instead continues sending frames towards L3 out toward the BL 105
-
Leaf 101 maintains a bounce-entry for Host-A
-
Leaf 103 is a Gen-1 Leaf and VRF is set to ingress enforcement. Due to hardware restriction in GEN1, traffic sent to the L3 out has the DL (don’t learn) bit set in the iXVLAN header)
-
When the BL 105 receives the frame, it updates aging hit bit but does not update the learn entry since DL is set
-
Eventually, the bounce entry on Leaf 101 will timeout but the BL 105 will still have an XR entry point to Leaf 101. Any traffic destined to host-A will be dropped
GEN2 switches do not have this issue. Disabling remote EP learning fix:
Also, in 3.2 we introduced a new feature called EP Announce which should prevent stale endpoint issues (I have yet to see a stale EP issue since this). Basically when the bounce timer expires, leaf sends EP announce delete message which will trigger an XR delete on any leaf still pointing to the old leaf.
Hope this helps.
Thank you for participating in the Cisco Support Forum for ACI! If you have other questions related to this post, please let us know. If this response answers your questions, please mark this post "answered" and assign a rating to the response(s) provided. This will help notify other viewers that your question(s) is answered and this helps us provide better responses for this and future questions.
Regards,
