It is valuable to provide a shortcut IPv4 routing service directly over the underlay and avoiding using an external router to perform the same function, and thereby reducing traffic “trombone” effect.
Currently, the ingress fabric router responds to all ARP (Address Resolution Protocol)s regardless of target IP address. This is sometimes called “local proxy ARP” and is disabled on VXLAN interfaces. Local proxy is a valid setting with non-VXLAN VLANs and fabric routing.
Normally, a host uses ARP for its default gateway when it must reach a destination that does not match its own network/subnet. A receiving auto-peering router responds with its virtual MAC for any ARP request whose target IP address matches its configured IP address, and if the source IP address is of the same subnet for which it is connected. Subsequent host packets destined to a remote host have a destination MAC address matching the VMAC and are routed directly at the ingress switch without VTEP encapsulation. Packets may be routed locally if any destination host is attached to the same ingress switch, but have a different VNI or in the case where they are connected on VLANs without VXLAN enabled. It is presumed that forwarding routers in the path have reachability to the destination host as they are learned using the VRRP (Virtual Router Redundancy Protocol) host mobility feature (see VRRP Host Mobility) and propagated by BGP (Border Gateway Protocol) throughout the network. Any ARP packets not requesting the VIP of the auto-peering node are consumed on the ingress switch by ARP/L2 FDB (forwarding database) and the underlying VXLAN feature. Hence, subsequent packets with non-VMAC match FDB entries and those destinations are sent over VXLAN tunnels.
To allow the feature, configure an IP address and subnet mask and enable IP forwarding on a VLAN associated with a VNI. Enabling IPv6 forwarding should be not permitted, so IPv6 traffic must be tunneled. For ExtermeXOS 22.4 and later, along with the IPv6 restriction, this service is limited to the default VR. If VRF is required, do not use this feature. Additionally, VRRP and host mobility should also be enabled on the VLAN.
Print
this page
Email this topic
Feedback
View PDF
Download EPUB