Proxy-ARP support in Distributed Anycast Gateway in EVPN/VXLAN Fabric

jfriasbarbosa · ‎03-08-2023

I just want to know if someone can confirm that proxy-arp is supported with DAG in an EVPN/VXLAN fabric.

My thought is that it should be supported as it would only mean the local VTEP would answer requests on behalf of another system for which it has learned the ARP information, whether local learning (MAC/ARP) or through EVPN updates from remote VTEPs.

Any link to documentation that can confirm whether is supported or not would be great!

Thanks!

f00z · ‎03-08-2023

Are you referring to proxy arp as in: the router will answer arp requests for IP addresses that are and are NOT in the local subnet and that it does NOT have an existing entry for? (i.e. normal proxy arp on an interface or SVI)

Or are you referring to ARP suppression, which proxies the ARP requests for hosts that it has in the EVPN table (i.e. if there's an arp entry on another VTEP)? This captures the ARP request locally on that VTEP and answers it for the host on another VTEP so broadcast ARPs do not go across the fabric. (I.e. ARP Suppression in VXLAN / EVPN) -- this is called arp suppression in VXLAN/EVPN and not proxy-arp (and it works with or without anycast gateway, it can be used on layer2 only vtep for example)

jfriasbarbosa · ‎03-08-2023

Hi, thanks F00z, I'm referring to standard proxy-arp. We are migrating from a traditional network to our new SnL EVPN/VXLAN fabric and one of the SVIs in the old Network has proxy-arp configured. Apparently, it was configured to support an application in that vlan and they claim application may break if that's not enabled in the new fabric.

f00z · ‎03-09-2023

Ah well I should have been a bit more specific, I am using the juniper devices for the IRB(SVI) currently and it(proxy arp) is working on there; I haven't tested it on the nexus devices, but like I said there's no reason why it shouldn't work. I am testing functionality between juniper/cisco/arista with EVPN (each one has weird nuances. Quirks and features?).

The anycast gateway has to trap ARP going to itself (a tcam entry to trap arps for the anycast gw IP to trap to cpu so it doesn't flood to all SVI and u get tons of arp replies lol). I would assume the proxy arp would require trapping ALL arp request on that device and thus probably requires tcam carving for arp-ether like arp suppression does even if you don't use arp suppression.

f00z · ‎03-08-2023

Ah yes, there is absolutely no technical reason why it can't work with the distributed anycast gateway. I do have it working in a lab I have of mixed vendors cisco/arista/juniper.. The one thing I can say is ALWAYS TEST IN THE LAB. I've found many instances where the device allows me to configure something and it seems to want to work but doesn't and it's very frustrating, mostly on cisco devices. So, it should work, just test it. Might require some tcam adjustments like how arp suppression does (which is basically a proxy arp mechanism anyway..just not called that in EVPN)

jfriasbarbosa · ‎03-09-2023

thanks for confirming you have it working in your lab. YEs, we were going to test it soon. I just wanted to confirm if other people had any experience enabling proxy-arp in their EVPN/VXLAN fabric. I didn't find any documents that may indicate if this was supported or not.