No Rule Bypass means a packet is hitting the CSS that does not belong to a content rule. This could be entirely normal, or anomouls.
Traffic sent to the CSS MAC address, or bridged through it create a flow wether they hit a vip or not. This would inciment the counter in question. It is common for a CSS to be the gateway, or in the direct path of the server. So any call the server makes, say to the DNS server, or a database server, etc. would inciment the counter.
Anomouls traffic would be IPv6, fragments headed to a Content Rule IP that could not be reassembled, etc.
In terms of troubleshooting it, traces are the only for-sure way to determine what it is. The css allows you to configure span sessions, so you can mirror your ports to a sniffer and take a peek.
VMware Trunk Port Group is supported from ACI version 2.1
VMM integration must be configured properly
ASA device package must be uploaded to APIC
ASAv version must be compatible with ACI and device package version
In the Previous articles of ACI Automation, we are using Postman/Newman as the Rest API tool to automate the ACI Configuration.
In this article I’m going to discuss on usin...
One of the first steps in building your ACI Fabric is to go through Fabric Discovery. While Fabric Discovery is usually a straightforward process, there are various issues that may prevent you from discovering an ACI switch. This article wil...