Follow these guidelines and limitations when considering the effects of dataplane IP learning per VRF:

• When dataplane IP learning per VRF is disabled, all the remote IP address entries in the tenant VRF are removed. The local IP entries are aged out and, subsequently, will not be re-learned through the dataplane, but can still be learned from the control plane.
• When dataplane IP learning per VRF is disabled, already learned local IP endpoints are retained and require control plane refreshes to be kept alive (assuming IP aging is also enabled). Dataplane L3 traffic will not keep IP endpoints alive.
• For first-generation leaf switch-based ToRs, when dataplane IP learning per VRF is disabled, remote MAC addresses are not learned. Hardware Proxy mode on the corresponding BDs must be configured. Local inner MAC addresses from VXLAN packets on downlink are not learned whether data plane IP learning for the VRF is enabled or not.
• Remote MAC addresses are not learned in endpoint to endpoint ARP scenarios.

This section provides information about the interaction of dataplane IP learning per VRF with other features.

• Anycast
  • Enabled: Local Anycast IP addresses can be learned from both the data and control planes.
  • Disabled: Local Anycast IP addresses are aged out but can be learned through the control plane and host tracking.
  • Remote IP addresses are not learned in Anycast regardless of how dataplane IP learning per VRF is configured.
• Rogue Endpoint Detection
  • Enabled: Rogue is generated and moves are detected as expected.
  • Disabled: Remote IP addresses are flushed and rogue IP addresses are aged out. Rogue IP address are not detected on local moves. The only moves that are detected are via control traffic. Bounce is learned via COOP but these are dropped once the bounce timer expires.
• L4-L7 Virtual IP (VIP)
  • Enabled: L4-L7 VIP functions as expected (endpoint IP learning for VIP is only through the control plane). Consider the following functional stream: (1) from client to load balancer (LB) (L3 traffic), (2) LB to server (L2 traffic), and (3) server to client (L3). Clients (IP endpoints) behind the EPG are learned through the data/control plane. The VIP is learned only through the control plane on the LB EPG. Even though it's through the control plane, the VIP is not learned on other EPGs.
  • Disabled:
    • Client to load balancer: No remote IP address learned for VIP. The remote IP address is cleared. It will use the spine-proxy. If the IP address of the VIP is learned, spine-proxy look-up will be successful, otherwise it will generate glean for the VIP and learn it through the control plane.
    • Load balancer to server: No effect. Only bridging between LB/Server is supported for DSR use case.
    • Server to client: The remote IP address for the client is cleared and the spine-proxy will be used. If the remote IP address for the client entry is deleted in the spine, it is re-learned through glean. For clients behind L3out, there is no L3 remote IP address.