Re: ARP between hosts in different branch offices

a1111 · ‎03-18-2023

Hello,

I'd like to know how an ARP request between hosts that are physically located in two branch offices (so separated by a WAN link) but belong to the same VLAN gets delivered.

Topology:

Host A -> Switch A -> Router A -> ISP -> Router B -> Switch B -> Host B

Both host A and host B are in VLAN 99. When host A sends an ARP request for host B's MAC address, that ARP request gets forwarded to Router A. Shouldn't Router A filter/drop the frame (because routers separate broadcast domains, and an ARP request is a broadcast frame)? But aren't there real-world topologies where the same VLAN is configured in different branch offices, meaning there is at least one router between the hosts that belong to the same VLAN? So that tells me this should work, but how?

Can someone please explain this to me?

Thanks, and have a nice weekend.

Attila

MHM Cisco World · ‎03-18-2023

There is l2vpn between two site

The frame is encapsulated inside the IP packet in one side and send to other side which decapsulate the packe and forward frame.

This way two branch look like connect to virtual SW

balaji.bandi · ‎03-18-2023

as per your case, until Router A and Router B have any kind of L2VPN ~~VPN L2L~~ extended, IP addresses RFC1918 can not go beyond your Router - even if they go the ISP will drop that request. So Router A and Router B do the NAT with an external Routable IP address always.

you can get more information here : (how routing takes place between Routers)

https://networklessons.com/cisco/ccnp-encor-350-401/introduction-to-routers-and-routing

In other cases if you have L2 VPN you can have duplicate address space using the same IP address on both the sides ( you need to do NAT again if both the side hosts using the same IP address: for example Host A 10.10.10.100 and Host B also have 10.10.10.100

EDIT - due to misunderstanding other posters my views.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎03-18-2023

Vpn l2l not support l2 over it,

And if you talk about overlapping subnet then I dont think the arp will flow through vpn tunnel.

He need l2vpn.

balaji.bandi · ‎03-18-2023

Maybe I was not clear about my last port

VPN L2L - I meant to L2 VPN - it may be my typo. - that clears the whole confusion.

And if you talk about overlapping subnet then I dont think the arp will flow through vpn tunnel.

- not that i have mentioned ARP will pass, I was just aware duplicate address space.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

a1111 · ‎03-18-2023

Hi, thank you both.

Do ISPs drop packets with RFC 1918 addresses in the destination field in all cases, or are they configured to do so if and only if those kinds of packets arrive on their WAN interfaces? I assume the latter, because if they were hard-coded to never work with private IP addresses, they would need public IPs when routing things internally (so within the ISP's autonomous system), but that would clearly be inefficient. I'd like to ask for confirmation, though. So could ISP routers be (mis)configured to route private IPs as well on the WAN?

Thanks.

Joseph W. Doherty · ‎03-18-2023

There are a several ways to transport L2 over L3, including across the Internet, such as Ethernet VPN, L2TPv2 or VLL, etc. (Take note of references in those Wiki articles for additional information and/or technologies.)

Basically, all are different approaches to encapsulate L2 frames within L3 packets (still within their own L2 frames).

In concept, the forgoing is similar to L3 encapsulation of L3, e.g. GRE.

If the concept of a "router" forwarding L2 between interfaces is unknown to you, you might also want to read about Cisco's IRB.