Specifications
Support for up to 25k VENs.
Support for up to 75k total rules.
The VEN can report a maximum of 100 rule IDs for each reported flow entry. If there are more than 100 rule ID matches for a flow, the rule IDs are truncated.
No support for Superclusters.
Only active rules are counted.
Essential rules (rules necessary for the Illumio platform to function) are not counted.
The report includes each rule's hypertext reference attribute (HREF). The HREF maps directly to a rule in the PCE UI, but clicking the HREF does not redirect you to the specific rule. It merely loads the JSON object of the rule.
VENs report to the PCE the hit count of all the overlapping rules for a flow.
VEN enablement for this feature makes use of label scopes similar to firewall co-existence and SecureConnect.
Rule count data is retained for 90 days, after which the oldest data is dropped.
Last Hit timestamps are retained for the life of the PCE.
The report includes the active rule IDs within the rule sets you specified when you configured the report, plus all the deny rules.
Hit Count values reflect the total number of hits recorded during the configured time range.
Due to PCE policy optimization, some rules that weren't written to overlap may end up overlapping. For example:
Given two flows:
A → B on TCP/443
A → C on TCP/443
Although the flow from A → B on TCP/443 never overlaps with the flow from A → C, due to policy optimization, the rule counter for both rules may increment.