Administrator Guide
Layer 3 VLT provides a higher resiliency at the Layer 3 forwarding level. VLT peer routing enables you to
replace VRRP with routed VLT to route the traffic from Layer 2 access nodes. With proxy ARP, hosts can
resolve the MAC address of the VLT node even when VLT node is down.
If the ICL link is down when a VLT node receives an ARP request for the IP address of the VLT peer, owing to
LAG-level hashing algorithm in the top-of-rack (TOR) switch, the incorrect VLT node responds to the ARP
request with the peer MAC address. Proxy ARP is not performed when the ICL link is up and the ARP request
the wrong VLT peer. In this case, ARP requests are tunneled to the VLT peer.
Proxy ARP supported on both VLT interfaces and non-VLT interfaces. Proxy ARP supported on symmetric
VLANs only. Proxy ARP is enabled by default. Routing table must be symmetrically configured to support
proxy ARP. For example, consider a sample topology in which VLAN 100 is configured on two VLT nodes,
node 1 and node 2. ICL link is not configured between the two VLT nodes. Assume that the VLAN 100 IP
address in node 1 is 10.1.1.1/24 and VLAN 100 IP address in node 2 is 20.1.1.2/24. In this case, if the ARP
request for 20.1.1.1 reaches node 1, node 1 will not perform the ARP request for 20.1.1.2. Proxy ARP is
supported only for the IP address belongs to the received interface IP network. Proxy ARP is not supported if
the ARP requested IP address is different from the received interface IP subnet. For example, if VLAN 100 and
200 are configured on the VLT peers, and if the VLAN 100 IP address is configured as 10.1.1.0/24 and the
VLAN 200 IP address is configured as 20.1.1.0/24, the proxy ARP is not performed if the VLT node receives an
ARP request for 20.1.1.0/24 on VLAN 100.
Working of Proxy ARP for VLT Peer Nodes
Proxy ARP is enabled only when peer routing is enabled on both the VLT peers. If peer routing is disabled on
one of the VLT peers, proxy ARP is not performed when the ICL link goes down. Proxy ARP is performed only
when the VLT peer's MAC address is installed in the database. Proxy ARP is stopped when the VLT peer's MAC
address is removed from the ARP database because of the peer routing timer expiry. The source hardware
address in the ARP response contains the VLT peer MAC address. Proxy ARP is supported for both unicast and
broadcast ARP requests. Control packets, other than ARP requests destined for the VLT peers that reach the
undesired and incorrect VLT node, are dropped if the ICL link is down. Further processing is not done on
these control packets. The VLT node does not perform any action if it receives gratuitous ARP requests for the
VLT peer IP address. Proxy ARP is also supported on secondary VLANs. When the ICL link or peer is down, and
the ARP request for a private VLAN IP address reaches the wrong peer, then the wrong peer responds to the
ARP request with the peer MAC address.
The IP address of the VLT node VLAN interface is synchronized with the VLT peer over ICL when the VLT
peers are up. Whenever an IP address is added or deleted, this updated information is synchronized with the
VLT peer. IP address synchronization occurs regardless of the VLAN administrative state. IP address addition
and deletion serve as the trigger events for synchronization. When a VLAN state is down, the VLT peer might
perform a proxy ARP operation for the IP addresses of that VLAN interface.
VLT nodes start performing Proxy ARP when the ICL link goes down. When the VLT peer comes up, proxy
ARP will be stopped for the peer VLT IP addresses. When the peer node is rebooted, the IP address
synchronized with the peer is not flushed. Peer down events cause the proxy ARP to commence.
When a VLT node detects peer up, it will not perform proxy ARP for the peer IP addresses. IP address
synchronization occurs again between the VLT peers.
Virtual Link Trunking (VLT) 997