Operational Considerations

Flows that ingress standard VLAN ports

Supported

Supported

Flows that ingress UNI ports

Supported

Supported

Flows that ingress NNI ports and egress UNI ports

(Layer 2 VSN)

Supported

Not supported

Flows that ingress NNI ports and egress UNI ports

(Layer 3 VSN)

Supported

Not supported

Flows that ingress NNI ports and terminate locally

Supported

Not supported

Flow that ingress NNI ports and egress NNI ports

Not supported

Not supported

Flows on DvR Controllers or DvR Leafs

Supported

Supported

GRT

Yes

Yes

VRF

Yes (with management CLIP)

Yes

Exception: management VRF

Fabric Connect – Layer 2 VSNs

Yes

When the Analytics Engine is reachable over a Layer 2 VSN, the GRE packets are encapsulated with MAC-in-MAC (IEEE 802.1ah) at the originating BEB. The MAC-in-MAC header is removed at the terminating BEB and the original GRE packet is sent to the collector. Note: the MAC-in-MAC encapsulation plus the GRE encapsulation adds 60 bytes to the original packet. If the original packet is close to the maximum transmission unit (MTU), the mirrored copy can exceed the MTU and be dropped.

Yes

When the Analytics Engine is reachable over a Layer 2 VSN, the GRE packets are encapsulated with MAC-in-MAC (IEEE 802.1ah) at the originating BEB. The MAC-in-MAC header is removed at the terminating BEB and the original GRE packet is sent to the collector. Note: the MAC-in-MAC encapsulation plus the GRE encapsulation adds 60 bytes to the original packet. If the original packet is close to the maximum transmission unit (MTU), the mirrored copy can exceed the MTU and be dropped.

Fabric Connect – IP Shortcut Routing

Yes

Yes

Fabric Connect – Layer 3 VSNs

Yes (with management CLIP)

No

If you enable sFlow and Application Telemetry simultaneously on the same port

The switch sends the sFlow datagrams and Application Telemetry packets to the collector.

If the packet matches the Application Telemetry rules, the switch mirrors the packet to the GRE tunnel and sends it to the Analytics Engine and it cannot be sampled by sFlow.

If the packet does not match the Application Telemetry rules and the packet gets sampled, the switch sends it as an sFlow datagram to the sFlow Collector.

IPv6 security filters or IPv6 source guard

Not supported (consistency checks in place)

Exception: Allowed on VSP 7400 Series

Allowed

Mirroring resources

Only 3 mirror ports can be configured for general port mirroring

No impact to number of mirror ports

If rx port mirroring is enabled on a port, and Application Telemetry is enabled, when a packet that matches one Application Telemetry entry criterion comes to this port

The switch generates the remote mirrored packet, and the port-based mirroring copy.

The switch generates the remote mirrored packet only. The switch does not generate the port-based mirroring copy.

If a packet does not match an Application Telemetry rule, the switch generates the port-based mirroring copy.

If you enable uRPF mode on the switch

The MTU values for both IPv4 and IPv6 packets on the same VLAN are always matched. Different Layer 3 MTU sizes on the same VLAN are not allowed in uRPF mode.

The URPF boot config flag is not applicable. Even when uRPF is enabled, IPv6 MTU can be different from IPv4 MTU; both need not be the same.

If packets match both user defined filters (ACLs) and Application Telemetry rules, and if both rules have counters

Both counters incremented

ACL counters incremented only

smb, kerberosasreq2 and kerberostgsreq packet types

kerberosasreq2 and kerberostgsreq packet types supported. Smb – not available

kerberosasreq2 and kerberostgsreq packet types supported with an off-set of 24 bytes only; an off-set of 40 bytes is not supported