VXLAN Address Resolution/Neighbor Discovery Protocol (ARP/ND) Proxy

The Extreme Network VXLAN Address Resolution/Neighbor Discovery Protocol (ARP/ND) Proxy feature is designed to reduce ARP traffic traversing a VXLAN. For every VLAN in which a VNI is assigned, the switch both snoops ARP/ND messages and proxy for each ARP/ND binding learned.

VXLAN ARP/ND Proxy Example

In the preceding example, all hosts are associated with VNI 72. On switch1, the VNI is associated with VLAN 30. On switch SW2 the VNI is associated with VLAN 11. The two switches are connected using VXLAN VTEP tunnel. Each VLAN listed is associated with a VXLAN VNI and is identified as a VXLAN VLAN, which automatically enables VXLAN ARP/ND proxy services. As hosts begin their normal operations to resolve Layer3/Layer2 bindings using ARP or Neighbor Discovery, the switches learn of the bindings using snooping. The switches reply to each ARP/ND request for which a binding has been learned using the snooping process.

VXLAN ARP Learning Example 1:

During the boot process H1 sends a broadcast gratuitous ARP. This packet is received by all hosts on the layer 2 network. As the packet passes through switches 1 and 2, the ARP packet is processed by the ARP packet processor and an IP/MAC binding for H1 is be created.

VXLAN ARP Learning Example 2:

As H1 prepares to communicate with H2 (assuming H2 didn't send a gratuitous ARP), H1 generates an ARP request for H2. The ARP request enters switch1 and floods into the VXLAN tunnel. Additionally the ARP request goes to the ARP packet processor on H1 and H2, which learn the IP/MAC binding for H1. When H2 replies to the ARP request, the reply is sent unicast back to H1, but the ARP packet processors on switch 1 and 2 also process the ARP reply and both switches add the IP/MAC binding for H2.

VXLAN ARP Proxy Example:

Assuming switch2 contains an IP/MAC binding in the ARP/ND table for H1 and H2 when H3 needs to learn the binding for either entry, switch2 replies to the ARP request and prevents the ARP packet from actually broadcasting into the VXLAN tunnel (or even locally).