Host Tracking Subnet Check & Limit IP Learning
Host Tracking Feature for End Points:
Host tracking is performed using the endpoint retention policy configured for the BD to send ARP requests (for IPv4) and neighbor solicitations (for IPv6) at 75% of the local endpoint aging interval. When no response is received from an IP, that IP is aged out.
Cisco ACI maintains a hit-bit to verify whether an endpoint is in use or not. If neither the MAC address nor the IP address of the endpoint is refreshed by the traffic, the entry ages out.
Some High Lights:
- Timeout-left will originally be set to the configured Local Endpoint Timer (900 seconds by default)
- This timer will count downwards
- Between 100 % and 25 % of timer type is set to HT (Host Tracker): At 25% of the EP Timer left, ACI will ARP for any entries that have "Hit-Bit No'
- If an ARP reply is received at this time, this will trigger the hit bit
- If no ARP are received, still count down (timer type is now set to Age instead of HT)
- Only when IP routing is enabled
- Once the Timeout left equals 0 ACI will again check the Hit-Bit
- If the Hit-Bit is still "No" then ACI knows this Endpoint is no longer active, and removes this endpoint
End Point Subnet Check:
You can limit IP learning to subnet in BD or enforce subnet check for IP learning in other words. This will disable source IP learning (from IP or from ARP glean) in case the source IP is not part of BD subnet. Subnet checking only works on ingress leaf (aka packet from front panel) and only prevent EPM learning but DOES NOT prevent forwarding. Enabling "Limit IP Learning to Subnet" is recommended in almost every scenario.
Limit IP Learning to Subnet Disabled:
If you uncheck IP learning to subnet checkbox, you disable the feature of limiting IP address learning to the bridge domain subnets only.