Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4154
Views
10
Helpful
4
Replies

EVPN-VxLAN arp suppression question

satish.txt1
Level 1
Level 1

‎10-23-2020 01:25 PM

Folks,

 

Last few days i am searching for this answer on google but i didn't get any satisfied answer so thought let me ask here. I am running small spine-leaf EVPN+VxLAN and i want to use arp suppression to reduce my broadcast.

 

I have couple of VNI without anycast-gateway (My requirement is all host traffic will route through Cisco ASA firewall so my all VLANs host gateway is Cisco ASA so i don't need any L3VNI or anycast-gateway)

 

If i enable suppress-arp on L2VNI which has no anycast-gateway in that case does arp suppression work or not? 

4 Replies 4

Ali Aghababaei
Level 1
Level 1

‎10-25-2020 02:18 AM

Hi,

 

ARP suppression reduces ARP broadcast traffic by leveraging the BGP EVPN control plane information. ARP suppression is enabled on a per-Layer 2 VNI basis. In this way, for all known endpoints, ARP requests are sent only between the endpoint and the local edge device/VTEP.

It is important to note that the ARP suppression feature works based on the knob enabled under the Layer 2 VNI, regardless of whether the default gateway is configured on the leafs.

So it absolutely works in your scenario.

 

I hope you find it helpful,

 

Thanks,

Ali

satish.txt1
Level 1
Level 1
In response to Ali Aghababaei

‎10-25-2020 10:12 PM

Thank you so much!  

 

I got confused here where Cisco official guide saying following  Cisco_Nexus_9000_Series_NX-OS_VXLAN_Configuration_Guide_9x 

 

ARP suppression is only supported for a VNI if the VTEP hosts the First-Hop Gateway (Distributed Anycast Gateway) for this VNI. The VTEP and the SVI for this VLAN have to be properly configured for the distributed Anycast Gateway operation, for example, global Anycast Gateway MAC address configured and Anycast Gateway feature with the virtual IP address on the SVI.

 

0 Helpful

satish.txt1
Level 1
Level 1
In response to satish.txt1

‎11-02-2020 06:15 AM

Any thought here, why Cisco saying it doesn't work but it does work in my LAB. does cisco need to update document?

0 Helpful

Vincent Ricci
Cisco Employee
Cisco Employee
In response to satish.txt1

‎07-26-2022 11:26 AM

working (in a particular case) is not the same as supported

N9K Configuration guide / Guidelines and Limitations

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/vxlan/configuration/guide/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x_chapter_0100010.html#id_1...

ARP suppression is supported for a VNI only if the VTEP hosts the First-Hop Gateway (Distributed Anycast Gateway) for this VNI. The VTEP and SVI for this VLAN must be properly configured for the Distributed Anycast Gateway operation (for example, global anycast gateway MAC address configured and anycast gateway with the virtual IP address on the SVI).

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents