Static ARP binding with interface on CSR 1000v

Maxim Denisov · ‎06-30-2014

Hello,

I'm stuck trying to accommodate CSR 1000v to OVH network policy. There is a server with ESXi and 2 VMs - ASAv and CSR 1000v. OVH provides classic ip assignment to first address (ESXi) only, other addresses are provided as "failover". As far as I understood they do not route addresses but allows to configure static ARP bindings on their side. For example there is a 10.1.1.254/24 (00ff.ffff.ffff MAC) on OVH side and 10.1.1.36/24 on my side. I have requested 2 "failover" addresses for VMs - 10.1.2.4/32 and 10.1.3.4/32. On ASAv I have configured shortest available prefix /29 on interface, configured 0.0.0.0/0 route to 10.1.1.254 and configured static ARP binding 10.1.1.254 to 00ff.ffff.ffff on outside interface, this works. I tried to do the same on CSR 1000v but unlike ASAv I can't bind interface with this static ARP:

DC1-RTR1#arp 10.1.1.254 00ff.ffff.ffff arpa gi4
Bad ARP command - Interface may only be specified when bridging IP

I there workaround?

Regards,
Maxim

Maxim Denisov · ‎07-02-2014

I found a workaround - configured arp 10.1.1.254 00ff.ffff.ffff alias, configured 10.1.1.4/24 as secondary address on interface and disabled arp arpa. Not a perfect solution but it works.

Greg Chlopowiec · ‎02-06-2018

Hi Maxim,

I have a dedicated server at OVH with similar setup like yours, that is 6 VMs running on ESXi and ASAv protecting it. I'm having hard time configuring ovh's "failover ip"to my VMs ("failover ip" statically mapped to vm private ip). Whatever I do, it just doesn't want to work: no communication from "outside" to "inside". Did you manage to successfully setup ovh networking so that please from 'outside' can access your servers 'inside' or 'dmz'?